GitLab Professional Services
Accelerate your software lifecycle with help from GitLab experts
Popular GitLab use cases
Enterprise Small Business Continuous Integration (CI/CD) Source Code Management (SCM) Out-of-the-box Pipelines (Auto DevOps) Security (DevSecOps) Agile Development Value Stream Management GitOpsGitLab Professional Services
Accelerate your software lifecycle with help from GitLab experts
Popular GitLab use cases
Enterprise Small Business Continuous Integration (CI/CD) Source Code Management (SCM) Out-of-the-box Pipelines (Auto DevOps) Security (DevSecOps) Agile Development Value Stream Management GitOpsUse the appropriate workflow on this page when a user requests the deletion of their GitLab.com account either through a Zendesk ticket or via an email to our Account Deletion and Other Requests project. These requests must be filled within 30 days.
Account deletion requests must go through a few stages before they can be closed and it can be difficult to keep track of what stage in the process each request is in at any given time. To help, consider creating an issue board within the account deletion project and use the Awaiting::Confirmation
, Awaiting::Challenge Answers
, Awaiting::Deletion
, and meta-issue
labels to track the progress of each request. See this board for an example.
NOTE: As there is a known bug with Group Managed Accounts, see the Group Managed Accounts section for the process.
When a request is received through Zendesk as a ticket, do the following:
This will simply advise the user to email personal-data-request@gitlab.com
in order to have their request processed. The request will then be serviced when received in the Personal Account Requests Service Desk.
When a user emails personal-data-request@gitlab.com
or gdpr-request@gitlab.com
an issue is automatically created in the Personal Account Requests Service Desk, meaning comments made on it will be emailed to the submitter.
Upon submission, the submitter will receive an autoresponder thanking them for their request and informing them that they must reply back for confirmation before we can proceed. Servicing these requests is a two stage process. When a request is received, complete all of the following tasks in each stage in order.
NOTE: Users have a total of 14 days to reply to our autoresponder with confirmation that they wish to proceed before we close their request due to a lack of verification.
NOTE: In order to keep track of which requests still require confirmation or answers to the challenge questions, you can optionally apply the
Awaiting Confirmation
orAwaiting Challenge Answers
labels.
Deletion Confirmation: Confirm that the user has replied back confirming that they wish for us to proceed, this will appear as a comment on the issue. If the user has not provided this confirmation within 7 days, remind them to with the Confirmation Reminder
snippet below.
Greetings,
Recently we received and responded to a request to delete your account. As mentioned in our first response, we require positive confirmation of the request in the form of a reply to this message stating that you do want your account deleted.
We have not yet received that confirmation from you. Please reply to this email to verify that you want your account deleted. If we do not receive a confirmation within the next 7 days, we will close your request.
This email contains a unique key that helps us verify that the owner of this email address made the request. Sending a new email to personal-data-request@gitlab.com will re-initiate this process. You must reply to this email in order to delete your account.
Regards,
If the user chooses to provide this confirmation by sending us an entirely new request, resulting in a new issue, reply to the original issue with the following Request Re-Confirmation
snippet and close the new issue.
Greetings,
Recently we received and responded to a request to delete your account. As mentioned in our first response, we require positive confirmation of the request in the form of a reply to this message stating that you do want your account deleted. We have not yet received that confirmation from you.
Please reply to this email to verify that you want your account deleted. This email contains a unique key that helps us verify that the owner of this email address made the request.
Sending a new email to personal-data-request@gitlab.com will re-initiate this process. You must reply to this email in order to delete your account.
Regards,
If 7 more days have passed since the reminder was sent without confirmation from the user, send the following Request Closed - No Confirmation
snippet and close the issue.
Greetings,
Due to lack of identity verification, your request for account deletion is denied. This issue will be closed.
Regards,
Username Confirmation: Verify that the user has provided the username of the GitLab.com account associated with the originating email address of the request. If they have not, ask for them to provide it by replying with the Verify Username
snippet below.
Greetings,
We appreciate you confirming your intent to delete your GitLab.com account. However, before we can proceed we will also need you to confirm the username of the GitLab.com account associated with this email address. Once we've confirmed the username, we'll issue some additional identity verification challenges.
Please provide this username at your earliest convenience so that we can begin the account deletion process.
Regards,
If the username provided does not match the GitLab.com account associated with the originating email address, they may still be able to delete the account. You may proceed to verify they aren't part of a paid namespace and verify account ownership. If the user, even after sending the Verify Username
snippet, did not provide the username, send the Request Closed - No Confirmation
snippet (see above) and close the request.
Send the following Paid Namespace Found
snippet:
Greetings,
As your account is associate with [Customer Name], we are unable to complete your request. Please contact your organization's system administrator to remove you from their projects if you would like to delete your account. After removal from [Customer Name]'s projects, you will need to begin a new Privacy Request.
This ticket will be marked as 'Solved'.
Regards,
Support::SaaS::Account Deletion - Customer Contact Inform
macro on behalf of the customer using the contact information for them associated with the subscription in the Customer Portal.Account Ownership Verification: Verify that the requestor is the owner of the account in question by sending the Verification Challenges snippet.
Once the user replies back with their answers to the challenges, follow the Account Verification workflow using a data classification of RED
as all user data is classified as red. If verification fails or is otherwise not possible, apply the Account Verification Failed
label and respond with the following:
Greetings,
Unfortunately, your answers to our verification challenges have failed, so your request for account deletion is denied. This issue will be closed.
Regards,
Support Engineer:
in order.An overview of this process is outlined in the chart below.
If a group is using group managed accounts, user accounts may be orphaned until gitlab#209081 is fixed. You can use chatops to check whether a group has the relevant feature flags enabled.
When checking the user account in admin, the user will be badged as a "Group Managed Account". Double check that the user is no longer a member of any group.
In these cases, we can delete the account so that a new user account can be created.
Support::SaaS::Group Managed Account Deletion
macro, which outlines the criteria and deletion.