Use the appropriate workflow on this page when a user requests the deletion of their GitLab.com account either through a Zendesk ticket or via an email to our Account Deletion and Other Requests project. These requests must be filled within 30 days.
Account deletion requests must go through a few stages before they can be closed and it can be difficult to keep track of what stage in the process each request is in at any given time. To help, consider creating an issue board within the account deletion project and use the
meta-issue labels to track the progress of each request. See this board for an example.
When a request is received through Zendesk as a ticket, do the following:
This will simply advise the user to email
email@example.com in order to have their request processed. The request will then be serviced when received in the Personal Account Requests Service Desk.
When a user emails
firstname.lastname@example.org an issue is automatically created in the Personal Account Requests Service Desk, meaning comments made on it will be emailed to the submitter.
Upon submission, the submitter will receive an autoresponder thanking them for their request and informing them that they must reply back for confirmation before we can proceed. Servicing these requests is a two stage process. When a request is received, complete all of the following tasks in each stage in order.
NOTE: Users have a total of 14 days to reply to our autoresponder with confirmation that they wish to proceed before we close their request due to a lack of verification.
NOTE: In order to keep track of which requests still require confirmation or answers to the challenge questions, you can optionally apply the
Awaiting Challenge Answerslabels.
Deletion Confirmation: Confirm that the user has replied back confirming that they wish for us to proceed, this will appear as a comment on the issue. If the user has not provided this confirmation within 7 days, remind them to with the
Confirmation Reminder snippet below.
Recently we received and responded to a request to delete your account. As mentioned in our first response, we require positive confirmation of the request in the form of a reply to this message stating that you do want your account deleted.
We have not yet received that confirmation from you. Please reply to this email to verify that you want your account deleted. If we do not receive a confirmation within the next 7 days, we will close your request.
This email contains a unique key that helps us verify that the owner of this email address made the request. Sending a new email to email@example.com will re-initiate this process. You must reply to this email in order to delete your account.
If the user chooses to provide this confirmation by sending us an entirely new request, resulting in a new issue, reply to the original issue with the following
Request Re-Confirmation snippet and close the new issue.
Recently we received and responded to a request to delete your account. As mentioned in our first response, we require positive confirmation of the request in the form of a reply to this message stating that you do want your account deleted. We have not yet received that confirmation from you.
Please reply to this email to verify that you want your account deleted. This email contains a unique key that helps us verify that the owner of this email address made the request.
Sending a new email to firstname.lastname@example.org will re-initiate this process. You must reply to this email in order to delete your account.
If 7 more days have passed since the reminder was sent without confirmation from the user, send the following
Request Closed - No Confirmation snippet and close the issue.
Due to lack of identity verification, your request for account deletion is denied. This issue will be closed.
Username Confirmation: Verify that the user has provided the username of the GitLab.com account associated with the originating email address of the request. If they have not, ask for them to provide it by replying with the
Verify Username snippet below.
We appreciate you confirming your intent to delete your GitLab.com account. However, before we can proceed we will also need you to confirm the username of the GitLab.com account associated with this email address. Once we've confirmed the username, we'll issue some additional identity verification challenges.
Please provide this username at your earliest convenience so that we can begin the account deletion process.
If the username provided does not match the GitLab.com account associated with the originating email address, they may still be able to delete the account. You may proceed to verify they aren't part of a paid namespace and verify account ownership. If the user, even after sending the
Verify Username snippet, did not provide the username, send the
Request Closed - No Confirmation snippet (see above) and close the request.
Send the following
Paid Namespace Found snippet:
As your account is associate with [Customer Name], we are unable to complete your request. Please contact your organization's system administrator to remove you from their projects if you would like to delete your account. After removal from [Customer Name]'s projects, you will need to begin a new Privacy Request.
This ticket will be marked as 'Solved'.
Support::SaaS::Account Deletion - Customer Contact Informmacro on behalf of the customer using the contact information for them associated with the subscription in the Customer Portal.
Account Ownership Verification: Verify that the requestor is the owner of the account in question by sending the Verification Challenges snippet.
Once the user replies back with their answers to the challenges, follow the Account Verification workflow using a data classification of
RED as all user data is classified as red. If verification fails or is otherwise not possible, apply the
Account Verification Failed label and respond with the following:
Unfortunately, your answers to our verification challenges have failed, so your request for account deletion is denied. This issue will be closed.
Support Engineer:in order.
An overview of this process is outlined in the chart below.
When checking the user account in admin, the user will be badged as a "Group Managed Account". Double check that the user is no longer a member of any group.
In these cases, we can delete the account so that a new user account can be created.
Support::SaaS::Group Managed Account Deletionmacro, which outlines the criteria and deletion.