Customer Account Deletion

When a customer account is deleted, the system performs the following steps to deactivate and anonymise the account, remove sensitive data, and trigger any related automations.

Who Can Delete an Account

Admin users can delete any customer account. The deletion is recorded with the ID of the admin who performed it.
Customers can delete their own account (self-service), provided they are currently logged in.

What Happens on Deletion

1. Subscriptions Cancelled

All active subscriptions tied to the account are retrieved and cancelled immediately.

Any newsletter subscriptions associated with the customer’s email address are permanently deleted.

3. Account Email Anonymised

The customer’s login email is renamed to [original-email].deactivated. If that address already exists, a numeric suffix is appended (e.g. .deactivated.1) until a unique value is found. This prevents the email from being reused while making it clear the account is no longer active.

4. Personal Data Cleared

The following fields are wiped from the account record:

Field	Action
Password	Cleared
Address	Cleared
Facebook ID & token	Cleared
Google ID	Cleared
Apple ID	Cleared
Twitter ID & token	Cleared
Payment token, card & expiry	Cleared
Profile photo (local, Facebook, Twitter)	File deleted from disk and field cleared

5. Account Marked as Archived

active is set to 0
archived is set to 1
archived_at is set to the current date and time

6. Session Tokens Revoked

All active visitor tokens for the account are deleted, immediately invalidating any existing sessions.

7. Automation Triggered

A customer_delete automation event is fired with the visitor’s ID. This can be used to trigger downstream workflows such as sending a deletion confirmation email or notifying third-party integrations.

Data Retention Note

The account record itself is retained in the database in an archived state for audit and reporting purposes. All personally identifiable information (PII) is removed as described above.