diff --git a/backend/pkg/api/handlers/auth.go b/backend/pkg/api/handlers/auth.go
index 357a47cb5..603d0eab6 100644
--- a/backend/pkg/api/handlers/auth.go
+++ b/backend/pkg/api/handlers/auth.go
@@ -739,20 +739,34 @@ func (h *HandlerService) InternalPostLogout(w http.ResponseWriter, r *http.Reque
 }
 
 func (h *HandlerService) InternalDeleteUser(w http.ResponseWriter, r *http.Request) {
-	user, err := h.getUserBySession(r)
+	userId, err := h.GetUserIdBySession(r)
 	if err != nil {
 		handleErr(w, r, err)
 		return
 	}
 
-	// TODO allow if user has any subsciptions etc?
-	err = h.daService.RemoveUser(r.Context(), user.Id)
+	userInfo, err := h.daService.GetUserInfo(r.Context(), userId)
 	if err != nil {
 		handleErr(w, r, err)
 		return
 	}
+	// don't allow deletion of users with active subscriptions
+	if subscriptions := userInfo.Subscriptions; len(subscriptions) > 0 {
+		for _, subscription := range subscriptions {
+			if time.Unix(subscription.End, 0).After(time.Now()) {
+				handleErr(w, r, newConflictErr("user has active subscriptions, please cancel them first before deleting the account"))
+				return
+			}
+		}
+	}
 
-	err = h.purgeAllSessionsForUser(r.Context(), user.Id)
+	err = h.daService.RemoveUser(r.Context(), userId)
+	if err != nil {
+		handleErr(w, r, err)
+		return
+	}
+
+	err = h.purgeAllSessionsForUser(r.Context(), userId)
 	if err != nil {
 		handleErr(w, r, err)
 		return