Elido
Help center

Security

Delete your account (GDPR)

Request deletion of your Elido account and workspace data — what gets erased, what's retained, and how long the process takes.

Updated 2026-05-15

You have the right to erase your account and personal data under GDPR Article 17. This article explains exactly what we delete, what we retain (and why), and how to request deletion.

How to delete#

Self-service. Open Settings → Profile → Account → Delete account. Type your email to confirm. We start the 14-day grace period immediately and email you a confirmation.

Email request. If you've lost dashboard access, write to privacy@elido.app from the email on your account. We process email requests within 5 business days; a self-service request starts immediately.

What gets deleted#

After the 14-day grace period ends, we hard-delete:

  • Your user record (name, email, password hash, profile photo).
  • All API keys you issued personally.
  • All TOTP / passkey enrolments.
  • All sessions and refresh tokens.
  • Audit log entries are anonymised — the action is preserved, but your user ID becomes deleted-user-<random> so we can keep workspace audit history readable.

What you decide about: workspaces#

If you're the sole Owner of a workspace, you choose during the deletion flow what happens to it:

  1. Delete the workspace too. All links, custom domains, click analytics, and bio pages are deleted. Custom-domain DNS records remain in your registrar — only the Elido side is removed.
  2. Transfer ownership. Pick an existing member to promote to Owner. The workspace continues running; you exit cleanly.

If you're not the sole Owner, the workspace continues without you and the other Owners keep full control.

What is retained — and why#

A short list of things we keep for legal reasons after deletion:

  • Invoices and billing records — retained for 10 years per EU accounting law (Directive 2006/112/EC). Stored under a pseudonymised customer ID, with personal data redacted.
  • Anti-abuse history — if your account was flagged for hosting malicious URLs, we retain a hash of the email and the redacted abuse report for 7 years to prevent re-registration.
  • DPA / contractual records — if you signed a Data Processing Agreement, the executed copy is retained for 7 years after the contract end date.

Everything else is gone. We do not keep "soft-deleted" copies of your data once the 14-day grace period ends.

Grace period#

For 14 days after you submit a deletion request, you can sign back in to cancel. Click Cancel deletion on the banner that appears at the top of the dashboard. After 14 days, the deletion runs and cannot be reversed.

During the grace period your account is read-only: redirects continue, API calls return data, but no creates / updates are accepted. This prevents leaving incomplete data behind during the wait.

Export before deletion#

Most users want a copy of their data before deleting:

  • Links. Tools → Bulk export → All links — CSV with every link in the workspace.
  • Click events. Analytics → Export — CSV or Parquet of every click event. See click data export for the format.
  • QR codes. No bulk export — download from each link individually, or use the API.
  • Invoices. Settings → Billing → Download all invoices — bundled ZIP of every invoice.

Run these exports first; once deletion completes there is no way to retrieve them.

Restoring after deletion#

You can sign up again with the same email after deletion — but it's a fresh account, not a restoration. Old links, slugs, workspace, and click history are not recoverable.

If you held a custom slug that someone else has since claimed, we don't auto-restore it; the new owner keeps it.

Troubleshooting#

Deletion request hasn't started after 24 hours. Check the email we sent for a verification link. We won't start the grace period until you confirm via that link.

Workspace transfer step shows no candidates. You're the only member. Add at least one other Owner-eligible member first, or pick "delete workspace too".

My data subject access request needs more than CSV exports. Email privacy@elido.app — we run a full data-export tool that bundles every field we hold on a single user into a JSON archive within 30 days, per GDPR Article 15.

Account was deleted but I'm still getting emails. Marketing emails are sent via Resend with a separate suppression list — unsubscribe via the email footer. Transactional emails for shared workspaces continue while you're still on those workspaces; remove yourself first if you don't want them.

Was this helpful?
Need more? Email the team — replies within one working day.Contact support
Delete your account (GDPR) · Elido