Do you delete a user, or "delete" a user when they cancel?

This is NOT a Bubble question, but more of a “best practices” query.

Let’s say you have a B2C SaaS app and anyone can register to use it.

Now let’s say that user no longer wants to be a part of your SaaS and you give them the option to delete their account.

When they click that “Delete my account” button, I can see at least 3 options on what to do next:

1. Delete their User row (and optionally delete any other data associated with that user).
2. Just flag the User as an inactive user, thereby preventing them from using the app again, but not actually delete any of their data or even their User row.
3. Tell the user they are no longer a registered user, but give them (for example) 90 days to re-register and all their data will be there. But after 90 days, their data goes poof and it’s all gone.

I’m in the US. Does anyone know of any legal requirements on this? Personally, I’d rather go with Option 2. That way, if they want to use the app again, they don’t have to re-do any set-up or preferences again (and I can even give them a snazzy “welcome back” pop-up).

I would provide an option to permanently delete account. This option can be undone within a 90 day grace period. After 90 days all info will be removed.

Because you do own their data up until they decide they no longer want you to. Then it’s their right to have their data removed from your platform.

I believe if you go to delete your Instagram account they let you initiate the delete then give you 30 days to decide before it’s actually deleted.

I believe it’s up to you, but needs to be clearly stated in your Privacy Policy/Terms of Service