The Freelancer Just Ghosted You — Now What? Securing Your Agency's Access in 30 Minutes

A ghosted freelancer is a security incident, not just an awkward situation. The moment a contractor goes dark, every tool they touched stays open — Figma, Notion, Slack, GitHub, client portals — until someone manually closes it. For most agencies, that "someone" doesn't exist, and the window stays open for days or weeks. This playbook gets you from panic to locked down in 30 minutes.

Why This Is Specifically an Agency Problem

A 20-person studio might work with 30–50 freelancers a year — designers, developers, copywriters, strategists — each touching a different slice of your toolstack. Unlike full-time employees, freelancers end engagements quietly. A project wraps, invoices stop, and that's it. Nobody runs a deprovisioning checklist.

When someone ghosts, the access problem is the same as a planned departure — just with zero warning and no cooperation. You can't email them a removal checklist. You have to assume everything is still open and work backwards.

What a Ghosted Freelancer Leaves Behind

The access footprint of a typical agency contractor is bigger than most ops leads realize. A mid-project designer might have:

• Figma — edit access to live client files, brand assets, and internal design systems
• Slack — full visibility into client channels, project threads, and DMs that contain briefs, budgets, and feedback
• Notion — access to the project wiki, which often has client contact lists, pricing, and internal process docs
• GitHub or GitLab — contributor access to the codebase, including any deployed branches
• Google Drive or Dropbox — shared project folders with deliverables and source files
• 1Password or shared credential vaults — guest access to tool logins they needed for the project
• Client-facing portals — if you gave them access to a client's own tools to deliver work

The risk isn't theoretical. A ghosted freelancer who later joins a competitor now has passive visibility into your clients' briefs. A disgruntled one can download source files, export design assets, or read every Slack message in your client channels. Most don't. But you have no way of knowing — and "they probably won't do anything" isn't a security posture.

The 30-Minute Lockdown

Run this in order. Sequence matters: communications first, code second, storage last.

Step 1: Build the Access Inventory (5 minutes)

Before you start revoking, write down every tool they touched. Check your onboarding record if you kept one, any invite emails you sent, their Slack profile (tools connected via integrations often appear there), and your billing dashboards — Figma, Notion, and GitHub all show active seats by email.

If you don't have a record, search your inbox for "invited [name]@..." threads. The goal is a working list, not perfection. Lock the critical tools first and clean up edge cases after.

Step 2: Revoke in Priority Order (15 minutes)

Work through this sequence — highest risk first:

1. Slack — Remove them from your workspace entirely, not just individual channels. Go to Settings → Members → deactivate their account.

2. Figma — Settings → Members → remove user. This revokes edit access but doesn't delete files already exported. Check version history on sensitive client files after.

3. GitHub / GitLab — Remove from the organization, not just individual repos. Organization-level removal revokes all repo access at once.

4. Notion — Remove from workspace (Settings → Members). Also check the guest list on individual top-level pages — Notion's workspace member list doesn't always surface page-level guest access.

5. Shared password vaults (1Password, Bitwarden, etc.) — Remove them from any shared vaults. If they had access to shared login credentials, rotate those passwords immediately — vault removal doesn't invalidate credentials they may have already copied.

6. Google Drive / Dropbox / cloud storage — Remove sharing from all project folders. If they were added with edit or commenter access, revoke it and check the "Shared with" list on each folder.

7. Email aliases or forwarding rules — If you set up a project email alias they used (e.g., project@youragency.com), remove them from it and check whether any forwarding rules were added.

Step 3: Check for Exports and Downloads (5 minutes)

After revoking access, do a quick audit of what might have walked out:

• Figma: Open each client file → Version History → look for any exports or large copy operations in the last 30 days
• GitHub: Check the audit log (Settings → Audit Log) for clone or download events tied to their account
• Notion: Notion doesn't have granular export logs, but check Settings → Content for any exports run recently

You're looking for anomalies — large downloads the day before they went dark, for example. Document what you find.

Step 4: Document What Happened (5 minutes)

Write a short record: which tools were revoked, when, by whom, and what (if anything) you found in the export checks. This protects you if a client asks later, and it's the starting point for any escalation.

After the Emergency: Three Changes That Reduce the Blast Radius

The 30-minute lockdown solves today's problem. These three changes make the next ghost a 10-minute problem instead of a 30-minute one.

Minimal access from day one. Give contractors access to what they need for their specific role on their specific project — nothing more. A copywriter doesn't need Figma edit access. A designer doesn't need GitHub contributor access. Scope tightly when you onboard and you have less to clean up when they leave. See our contractor onboarding access guide for a role-by-role breakdown.

Centralize contractor access in one place. If each contractor's access is tracked in your head or scattered across individual tool invites, every offboarding is a fire drill. A single list — even a shared Notion doc — that maps each contractor to the tools they have access to cuts your lockdown time from 30 minutes to 10.

Build a project-close checklist and run it proactively. Most ghosts don't vanish overnight — there's usually a period of slow responsiveness before full silence. When invoices stop or responses trail off, that's the signal to run the access revocation before it becomes urgent. The project-end access revocation checklist gives you the template.

Add a contract clause. Include a line that says the contractor agrees to cooperate with access removal within 24 hours of project end or contract termination, and that all client data must be deleted from personal devices. It doesn't prevent ghosting, but it creates a documented obligation you can reference if things escalate.

When to Escalate Beyond the 30-Minute Fix

Most ghosting situations are awkward but low-risk — the contractor disappeared because they got overwhelmed or took another job. But some situations warrant more than a quiet revocation:

If they had admin access to any tool — If the freelancer had admin or owner-level access to Slack, GitHub, Google Workspace, or your project management tool, treat it as a potential security incident. Change all admin passwords and rotate API keys. Check for any changes they made to settings or permissions in the days before going dark.

If they had access to client accounts — If you gave them direct access to a client's tools (a client's Figma org, their Slack workspace, their Google Drive), you need to notify the client immediately. They need to run their own revocation on their end. Don't let this sit.

If there are signs of intentional data exfiltration — Large downloads, file exports, or access to repositories outside their project scope in the week before they ghosted are red flags. Document everything and consult a lawyer before reaching out to the freelancer.

For a systematic way to catch these issues before they become incidents, the agency contractor access audit checklist is worth running quarterly — not just in emergencies.

Manual Revocation vs. Automated Access Management

The manual process works — this playbook proves it. The problem is it only works if someone at the agency knows to run it and has time to run it. Optserv's contractor lifecycle flow is built so that removing a contractor from a project triggers the revocation steps automatically, whether they left cleanly or vanished.

FAQ

Can a freelancer retain Figma access after being removed from Slack?

Yes. Figma, Slack, Notion, and GitHub all manage access separately — removing someone from one tool has no effect on the others. You need to revoke each tool individually. This is exactly why a tracked access inventory matters: if you don't know what they had, you can't be sure you've covered everything.

What if the freelancer had access to a client's own accounts?

Notify the client immediately. You need to tell them which tools were shared, when the contractor went dark, and that the client should run their own access revocation. Don't wait to see if anything happens — the liability risk of not disclosing is higher than the awkwardness of the conversation.

How long does a typical access window stay open after a contractor ghosts?

For agencies running manual processes, often weeks or indefinitely. There's no automated trigger — the access stays open until someone notices and manually closes it. This is the core problem: in a busy 20-person studio, a contractor who went quiet three weeks ago might still have full access to everything they touched.

Do I need a lawyer?

For a straightforward ghost — contractor stopped responding, no signs of data misuse — you generally don't. Document the revocation, move on. If there are signs of intentional data exfiltration, access to sensitive client data, or the contractor later surfaces making demands, get legal advice before responding.

How do I prevent this from happening again?

Three things: minimal access at onboarding (scope tightly to what the project actually requires), a written project-close checklist that you run when a project ends or when invoices stop, and a centralized record of which contractor has access to which tools. These three habits eliminate most of the fire-drill element.

Stop Making This a 30-Minute Fire Drill

Optserv is built for agencies that cycle through contractors constantly. When you add a freelancer to a project in Optserv, their tool access is tracked automatically. When the project ends — or when you mark them as gone — Optserv walks you through the revocation flow for every tool they touched, in one place, in under five minutes. Whether they left cleanly or just stopped picking up, the access lifecycle is handled.

See how Optserv handles contractor offboarding →

Sources

• Verizon Data Breach Investigations Report 2025: insider and third-party access as a breach vector in SMBs
• Ponemon Institute, "Cost of Insider Threats" 2024: average time-to-detection for unauthorized access after offboarding — 77 days
• Figma Help Center: Managing Members and Guests (figma.com/help)
• GitHub Docs: Organization audit log (docs.github.com)

Byline: Optserv Team