diff --git a/app/models/user.rb b/app/models/user.rb
index f33e51ae..79bf1141 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -137,7 +137,7 @@ def set_trust(level, changed_by_user: nil, reason: nil, notes: nil)
 
   has_many :trust_level_audit_logs, dependent: :destroy
   has_many :trust_level_changes_made, class_name: "TrustLevelAuditLog", foreign_key: "changed_by_id", dependent: :destroy
-  has_many :deletion_requests, dependent: :destroy
+  has_many :deletion_requests, dependent: :restrict_with_error
   has_many :deletion_approvals, class_name: "DeletionRequest", foreign_key: "admin_approved_by_id"
 
   has_many :access_grants,
diff --git a/app/services/anonymize_user_service.rb b/app/services/anonymize_user_service.rb
index c2fcf613..367d92ca 100644
--- a/app/services/anonymize_user_service.rb
+++ b/app/services/anonymize_user_service.rb
@@ -12,8 +12,11 @@ def call
       preserve_emails_for_ban_tracking
       anonymize_user_data
       destroy_associated_records
-      invalidate_sessions
     end
+  rescue StandardError => e
+    Sentry.capture_exception(e, extra: { user_id: user.id })
+    Rails.logger.error "AnonymizeUserService failed for user #{user.id}: #{e.message}"
+    raise
   end
 
   private
@@ -57,13 +60,14 @@ def destroy_associated_records
     user.wakatime_mirrors.destroy_all
     user.project_repo_mappings.destroy_all
 
-    user.heartbeats.destroy_all
+    # tombstone
+    Heartbeat.unscoped.where(user_id: user.id, deleted_at: nil).update_all(deleted_at: Time.current)
+
+    WakatimeMirror.joins("INNER JOIN heartbeats ON heartbeats.id = wakatime_mirrors.heartbeat_id")
+                  .where(heartbeats: { user_id: user.id })
+                  .delete_all
 
     user.access_grants.destroy_all
     user.access_tokens.destroy_all
   end
-
-  def invalidate_sessions
-    user.sign_in_tokens.destroy_all
-  end
 end