Hello Randy
this could be a solution, but I think this could be also a problem because of the data still present on the database like username, email, ip address..and so on..
The user that don't accept the policy will have his data still stored on my database, is it legal?