Right now, deleting your account is the backdoor flaw in Dropbox security. If a hacker gets into your account and deletes it, on or near the date of your renewal, your data is gone. Having a vault, 30-day retention of files and whatever will do you no good.
So, my suggestion: always to offer 30-day retention on deleted accounts. When you make a mistake, your kid does this, some hacker: as long as your notifications are working; you will see this in a reasonable window of time and can restore the account to a point before your got hacked/ joked/ whatever.
Right now, I think Dropbox offers quite a good level of security. But this, I feel, is a flaw, Achilles heel, you name it.
I think offering this solution is easy, elegant, and in line with what you can expect from your plan.
Thank you for sharing your feedback and suggestions about account deletions/recoveries with us. I’m happy to share this with my colleagues.
If you’re not already doing so, I suggest enabling Two-step Verification on your account, as an extra layer of security. If you do, please make sure to save your Recovery Codes in a safe place, so you can access your account in the event you’re not able to receive your security key.