We run our production database using DO's managed postgres. Because we are a devops team, quite a few people have access to our DO login.
It's very easy at the moment to just delete the production database without it being recoverable (it's just a button and dialog).
As owner, I want to have some sort of feature flag that I can say: 'if someone wants to delete database X, only do that 24 hours from now, and send an warning email that this will happen to X email adres.' This way, if it happens by a malicious user, we can take action, before we lose all our data.
I think this should be an option I can turn on / off only once a week (for security purposes) and that, because I enable the option, I have to pay the 24 hours the DB is still recoverable after deletion.