Deleting your account and data (GDPR right to erasure)
How to permanently delete your VeloCMS account, what data is removed, what is retained for legal reasons, and the process for formal GDPR erasure requests.
You have the right to delete your VeloCMS account and request erasure of your personal data at any time. This guide explains how to do it and what the process means for your data.
Self-service account deletion (for blog owners)
Go to Admin → Account → Danger Zone. Click 'Delete my account'. You'll be asked to type your blog's subdomain to confirm — this prevents accidental deletion. After confirmation, a 14-day grace period begins. During this period your blog stays online but the deletion is queued. To cancel, log in and click 'Cancel account deletion' in the banner that appears at the top of every admin page.
Deleting your account cancels any active Stripe subscription immediately. No partial refunds are issued for the unused portion of the billing period.
What is deleted after the grace period
- Your account record (email, name, password hash)
- All blog posts, pages, and drafts
- All media files in Cloudflare R2
- All member records and their subscription data
- All newsletter campaign history
- All analytics data stored in VeloCMS
What is retained for legal reasons
VeloCMS retains certain data for the periods required by law: payment records and invoice data for 7 years (UK financial regulations), security logs for 90 days (fraud prevention), and anonymised aggregate usage statistics indefinitely. None of the retained data identifies you by name or email.
Formal GDPR erasure request
If you want to skip the 14-day grace period or request deletion of specific data without closing the account entirely, email privacy@velocms.org with 'Right to Erasure' in the subject. Include the email address on your account and specify what you'd like deleted. We respond within 30 days as required by UK GDPR. For data portability requests (Article 20), use the export function in Admin → Tools → Export before deleting.