Skip to content

Customer Account Deletion

When a customer account is deleted, the system performs the following steps to deactivate and anonymise the account, remove sensitive data, and trigger any related automations.

  • Admin users can delete any customer account. The deletion is recorded with the ID of the admin who performed it.
  • Customers can delete their own account (self-service), provided they are currently logged in.

All active subscriptions tied to the account are retrieved and cancelled immediately.

Any newsletter subscriptions associated with the customer’s email address are permanently deleted.

The customer’s login email is renamed to [original-email].deactivated. If that address already exists, a numeric suffix is appended (e.g. .deactivated.1) until a unique value is found. This prevents the email from being reused while making it clear the account is no longer active.

The following fields are wiped from the account record:

FieldAction
PasswordCleared
AddressCleared
Facebook ID & tokenCleared
Google IDCleared
Apple IDCleared
Twitter ID & tokenCleared
Payment token, card & expiryCleared
Profile photo (local, Facebook, Twitter)File deleted from disk and field cleared
  • active is set to 0
  • archived is set to 1
  • archived_at is set to the current date and time

All active visitor tokens for the account are deleted, immediately invalidating any existing sessions.

A customer_delete automation event is fired with the visitor’s ID. This can be used to trigger downstream workflows such as sending a deletion confirmation email or notifying third-party integrations.


The account record itself is retained in the database in an archived state for audit and reporting purposes. All personally identifiable information (PII) is removed as described above.