alt Hacker News> over the last decade
Be aware that under various regulations, you're potentially already at risk of accusation in terms of unwarranted data retention. If you haven't got a good reason to have kept those email addresses, something like the GDPR might not interpret that favourably. While the GDPR doesn't specify actual time limits, they are expected to be proportionate. Financial records are generally 7 years unless otherwise legally required, so for a decade, you would be saying that these email addresses are more critical/valid than that. That may be the case, I don't know your business, but be careful if you don't want some very awkward questions asked. Just the hassle of having to deal with complaints you might get (and various regulators would take notice of 1 million instances) is likely to be more than it's worth for most.
The suggestion downthread to send a very clear "we still have your address, would you like to opt in to this newsletter, otherwise we'll remove it" is not a bad one, but even then, some people will object to you still having it at all.
People originally opted in and provided it expecting to get a newsletter on how to use the app. We never seemed to have the bandwidth to create a good enough one, so we never sent it. We kept improving the app until it became very good and still never sent the emails. But retained the addresses, so that one day we could tell people the app has improved, to give it a try, include animated GIFs of it in action and gradually educate them on ways to use it. For that I get chastizement on HN, figures.
Yes, there is a clearly valid business purpose under GDPR for retaining the email addresses of users who want to learn how to use your app better and opted in. If you plan to send a newsletter out.
Other than those voluntarily entered emails (which aren’t even linked to the user), we haven’t retained literally any information about our users, despite having millions of users download and use the app over a decade. Which is far beyond pretty much any social app I know. But almost no one actually cares.