Representative embodiments disclose how to remove spilled data from an unauthorized system and/or service in a cloud service. Some embodiments allow a user to remove spilled data in a secure fashion without involving an administrator. Spilled data resides in a data structure backed by allocated storage locations. The system presents a user interface allowing a user to enter information that allows identification of the allocated storage locations. The spilled data is removed from the data structure leaving whitespace in the allocated storage locations where remnants of the spilled data can reside. The system creates a copy of the data structure, removing the whitespace. The system connects the copy of the data structure in place of the original data structure. The original allocated storage locations are then overwritten in a secure manner to remove any remnants of the spilled data.