How To Resolve A User Request To Delete Their Account

Hello There,
Every once in a while, a user will ask to delete their account. I use Discourse because y’all have designed to accommodate a nice user experience. Can you share any suggestions on resolving a situation like mine? Thank you.
Be Well,

1 Like

Are you asking a support question seeking a technical answer, or seeking recommendations on a community management approach to minimize such occurances?

If you want the technical answer, you can anonymize a user (which scrubs all their identity info apart from any potentially identifying material written explicitly by them in freeform in posts), or you can delete them and delete their posts, as per this post:


Anonymize should be the first port of call.

If the user is nice about it, and deleting them won’t leave massive holes in lots of discussions, I tend to honor “but anonymizing isn’t enough, I need delete” requests if they are made in a reasonable way… versus, say, ragequitting.


Exactly this. On our previous software, deleting a user created massive issues (database stability, weird holes in conversations, thanks to a poorly designed custom software package.) The answer was almost invariably no. But if they weren’t super into everything, and only had a few posts, we’d help them out if they were polite and had a good reason (safety, something like that.)

Thankfully we’ve already set that precedent that we don’t delete posts even if you delete the account, so the anonymization option provided by discourse is a much needed change.


But how does refusing to delete their account go in the context of GDPR? So far, I haven’t had requests from users to delete their account, but we’re updating or privacy policy and it seems like it’s not an option to refuse. :thinking:

1 Like

By anonymizing you are removing all the key fields to identify the person, just not what they wrote.

My sites have Creative Commons BY SA licences. Anything someone writes on a site goes under that licence. If someone joins the forum they should be clear what that licence means which in my view is handing over the right for everyone (including the site) to use that data as per the licence conditions. Withdrawal of that data is not negotiable as the licence is irrevocable.

See Can You Revoke a Creative Commons License? - Plagiarism Today

So it’s important to get the licence right in the first place and probably where you should take your guidance as to whether the person has the right to ‘take back their posts’.

Perhaps CC & GDPR are not 100% compatible. I did a search and have not yet found an authority that discusses that fully.