Recommended method to “End of Support” plugins

I’ve had a plugin hosted in the www.remarpro.com directory for a couple of years (with regular version bumping for updates and testing against latest WP releases). Part of its functionality is to store basic contact information of the users who register with the plugin in order to have their details kept on file (essentially, it’s a contacts database).

I no longer feel able to provide a level of ongoing testing and support that I’d consider necessary to ensure that this plugin remains secure. To be clear, as far as I’m aware, it is perfectly secure at present (I’ve never encountered any issue that appears to impact security, nor have any been reported).

That said, I don’t wish to behave irresponsibly by continuing to offer the plugin in the directory in the absence of regular review and updates – particularly in light of the nature of this plugin (i.e. storage of – and facilitating interaction with – registered user’s personal data (albeit limited in scope; i.e. names, email, postcode/zip, phone numbers).

So, my question is: What is the recommended method by which to announce ‘End of Support’ to existing users of a plugin, whilst also removing that from the directory?

I was reading recently about possible plans to implement an announcement system, to advise users when a plugin had been withdrawn and/or flagged as a potential security vulnerability, but wasn’t sure whether plugin developers themselves would be offered access to an API for that, to facilitate publishing advisories about their own listed plugins.

Thanks in advance for advice about how to proceed.