diff --git a/app/jobs/send_user_anonymization_link_after_user_requested_job.rb b/app/jobs/send_user_anonymization_link_after_user_requested_job.rb
new file mode 100644
index 000000000..ba676bde5
--- /dev/null
+++ b/app/jobs/send_user_anonymization_link_after_user_requested_job.rb
@@ -0,0 +1,20 @@
+class SendUserAnonymizationLinkAfterUserRequestedJob < ApplicationJob
+  queue_as :mailers
+
+  def perform(user_id)
+    user = User.find(user_id)
+
+    return if user.anonymized_at?
+    PrivacyMailer.with(user_id: user.id).send_user_anonymization_link_after_user_requested.deliver_now
+  rescue Postmark::InactiveRecipientError => e
+    Rails.logger.error(e.message)
+    user.anonymize!
+  rescue Postmark::ApiInputError => e
+    if e.message.start_with?("Invalid 'To' address:")
+      Rails.logger.error(e.message)
+      user.anonymize!
+    else
+      raise e
+    end
+  end
+end
diff --git a/app/mailboxes/application_mailbox.rb b/app/mailboxes/application_mailbox.rb
new file mode 100644
index 000000000..3afdaedd9
--- /dev/null
+++ b/app/mailboxes/application_mailbox.rb
@@ -0,0 +1,6 @@
+class ApplicationMailbox < ActionMailbox::Base
+  PRIVACY_REGEX = /privacy@covidliste.com/i
+
+  # route for incoming emails on that email to PrivacyMailbox
+  routing PRIVACY_REGEX => :privacy
+end
diff --git a/app/mailboxes/privacy_mailbox.rb b/app/mailboxes/privacy_mailbox.rb
new file mode 100644
index 000000000..0949c0a64
--- /dev/null
+++ b/app/mailboxes/privacy_mailbox.rb
@@ -0,0 +1,16 @@
+class PrivacyMailbox < ApplicationMailbox
+  before_processing :find_user
+
+  def process
+    return if !@user || @user.anonymized_at?
+
+    Rails.logger.info("[PrivacyMailbox] Auto-sending an email notice to ##{@user.id} with a destroy link")
+    SendUserAnonymizationLinkAfterUserRequestedJob.perform_later(@user.id)
+  end
+
+  private
+
+  def find_user
+    @user ||= User.find_by(email: mail.from)
+  end
+end
diff --git a/app/mailers/privacy_mailer.rb b/app/mailers/privacy_mailer.rb
new file mode 100644
index 000000000..7c2b39948
--- /dev/null
+++ b/app/mailers/privacy_mailer.rb
@@ -0,0 +1,14 @@
+class PrivacyMailer < ApplicationMailer
+  default from: "Covidliste <privacy@covidliste.com>"
+
+  def send_user_anonymization_link_after_user_requested
+    @user = User.find(params[:user_id])
+
+    return if @user.email.blank?
+
+    mail(
+      to: @user.email,
+      subject: "Nous avons bien reçu votre email"
+    )
+  end
+end
diff --git a/app/views/privacy_mailer/send_user_anonymization_link_after_user_requested.mjml b/app/views/privacy_mailer/send_user_anonymization_link_after_user_requested.mjml
new file mode 100644
index 000000000..8f90e376e
--- /dev/null
+++ b/app/views/privacy_mailer/send_user_anonymization_link_after_user_requested.mjml
@@ -0,0 +1,19 @@
+<% authentication_token = @user.signed_id(purpose: "users.destroy", expires_in: 7.days) %>
+<mj-section padding-bottom="15px" padding-top="15px">
+  <mj-column>
+    <mj-text padding-bottom="0px">
+      <h1>Nous avons bien reçu votre email</h1>
+      <br/>
+      Si vous souhaitez supprimer votre compte, vous pouvez le faire directement ici :
+    </mj-text>
+    <mj-button href="<%= confirm_destroy_profile_url(authentication_token: authentication_token) %>" padding-bottom="0px">
+      Supprimer mon compte et mes données personnelles
+    </mj-button>
+    <mj-text>
+      <strong>Si le lien ne fonctionne pas</strong>, copiez et collez l’adresse suivante dans votre navigateur :
+      <br />
+      <%= confirm_destroy_profile_url(authentication_token: authentication_token) %>
+    </mj-text>
+    <%= render partial: "mailer/social_networks", formats: [:html] %>
+  </mj-column>
+</mj-section>
diff --git a/config/environments/production.rb b/config/environments/production.rb
index eb03c30b0..49a53f374 100644
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@@ -113,6 +113,9 @@
     password: ENV["SMTP_PASSWORD"]
   }
 
+  config.action_mailbox.ingress = :postmark
+  config.action_mailbox.queues.routing = :low
+
   config.force_ssl = true
   config.ssl_options = {hsts: {subdomains: true, preload: true, expires: 1.year}}
 
diff --git a/db/migrate/20211205222341_create_active_storage_tables.active_storage.rb b/db/migrate/20211205222341_create_active_storage_tables.active_storage.rb
new file mode 100644
index 000000000..87fabd766
--- /dev/null
+++ b/db/migrate/20211205222341_create_active_storage_tables.active_storage.rb
@@ -0,0 +1,36 @@
+# This migration comes from active_storage (originally 20170806125915)
+class CreateActiveStorageTables < ActiveRecord::Migration[5.2]
+  def change
+    create_table :active_storage_blobs do |t|
+      t.string :key, null: false
+      t.string :filename, null: false
+      t.string :content_type
+      t.text :metadata
+      t.string :service_name, null: false
+      t.bigint :byte_size, null: false
+      t.string :checksum, null: false
+      t.datetime :created_at, null: false
+
+      t.index [:key], unique: true
+    end
+
+    create_table :active_storage_attachments do |t|
+      t.string :name, null: false
+      t.references :record, null: false, polymorphic: true, index: false
+      t.references :blob, null: false
+
+      t.datetime :created_at, null: false
+
+      t.index [:record_type, :record_id, :name, :blob_id], name: "index_active_storage_attachments_uniqueness", unique: true
+      t.foreign_key :active_storage_blobs, column: :blob_id
+    end
+
+    create_table :active_storage_variant_records do |t|
+      t.belongs_to :blob, null: false, index: false
+      t.string :variation_digest, null: false
+
+      t.index %i[blob_id variation_digest], name: "index_active_storage_variant_records_uniqueness", unique: true
+      t.foreign_key :active_storage_blobs, column: :blob_id
+    end
+  end
+end
diff --git a/db/migrate/20211205222342_create_action_mailbox_tables.action_mailbox.rb b/db/migrate/20211205222342_create_action_mailbox_tables.action_mailbox.rb
new file mode 100644
index 000000000..0538e89b8
--- /dev/null
+++ b/db/migrate/20211205222342_create_action_mailbox_tables.action_mailbox.rb
@@ -0,0 +1,14 @@
+# This migration comes from action_mailbox (originally 20180917164000)
+class CreateActionMailboxTables < ActiveRecord::Migration[6.0]
+  def change
+    create_table :action_mailbox_inbound_emails do |t|
+      t.integer :status, default: 0, null: false
+      t.string :message_id, null: false
+      t.string :message_checksum, null: false
+
+      t.timestamps
+
+      t.index [:message_id, :message_checksum], name: "index_action_mailbox_inbound_emails_uniqueness", unique: true
+    end
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
index 979049dc6..919f5c949 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -10,11 +10,48 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 2021_06_15_105445) do
+ActiveRecord::Schema.define(version: 2021_12_05_222342) do
 
   # These are extensions that must be enabled in order to support this database
   enable_extension "plpgsql"
 
+  create_table "action_mailbox_inbound_emails", force: :cascade do |t|
+    t.integer "status", default: 0, null: false
+    t.string "message_id", null: false
+    t.string "message_checksum", null: false
+    t.datetime "created_at", precision: 6, null: false
+    t.datetime "updated_at", precision: 6, null: false
+    t.index ["message_id", "message_checksum"], name: "index_action_mailbox_inbound_emails_uniqueness", unique: true
+  end
+
+  create_table "active_storage_attachments", force: :cascade do |t|
+    t.string "name", null: false
+    t.string "record_type", null: false
+    t.bigint "record_id", null: false
+    t.bigint "blob_id", null: false
+    t.datetime "created_at", null: false
+    t.index ["blob_id"], name: "index_active_storage_attachments_on_blob_id"
+    t.index ["record_type", "record_id", "name", "blob_id"], name: "index_active_storage_attachments_uniqueness", unique: true
+  end
+
+  create_table "active_storage_blobs", force: :cascade do |t|
+    t.string "key", null: false
+    t.string "filename", null: false
+    t.string "content_type"
+    t.text "metadata"
+    t.string "service_name", null: false
+    t.bigint "byte_size", null: false
+    t.string "checksum", null: false
+    t.datetime "created_at", null: false
+    t.index ["key"], name: "index_active_storage_blobs_on_key", unique: true
+  end
+
+  create_table "active_storage_variant_records", force: :cascade do |t|
+    t.bigint "blob_id", null: false
+    t.string "variation_digest", null: false
+    t.index ["blob_id", "variation_digest"], name: "index_active_storage_variant_records_uniqueness", unique: true
+  end
+
   create_table "ahoy_clicks", force: :cascade do |t|
     t.string "campaign"
     t.string "token"
@@ -397,6 +434,8 @@
     t.index ["department"], name: "index_vmd_slots_on_department"
   end
 
+  add_foreign_key "active_storage_attachments", "active_storage_blobs", column: "blob_id"
+  add_foreign_key "active_storage_variant_records", "active_storage_blobs", column: "blob_id"
   add_foreign_key "campaign_batches", "campaigns"
   add_foreign_key "campaign_batches", "partners"
   add_foreign_key "campaign_batches", "vaccination_centers"
diff --git a/spec/jobs/send_user_anonymization_link_after_user_requested_job_spec.rb b/spec/jobs/send_user_anonymization_link_after_user_requested_job_spec.rb
new file mode 100644
index 000000000..a214047cf
--- /dev/null
+++ b/spec/jobs/send_user_anonymization_link_after_user_requested_job_spec.rb
@@ -0,0 +1,31 @@
+require "rails_helper"
+
+describe SendUserAnonymizationLinkAfterUserRequestedJob do
+  let!(:user) { create(:user) }
+
+  subject { SendUserAnonymizationLinkAfterUserRequestedJob.new.perform(user.id) }
+
+  context "user is not anonymized" do
+    before do
+      user.update(anonymized_at: nil)
+    end
+    it "sends the email" do
+      mail = double(:mail)
+      allow(PrivacyMailer).to receive_message_chain("with.send_user_anonymization_link_after_user_requested").and_return(mail)
+      expect(mail).to receive(:deliver_now)
+      subject
+    end
+  end
+
+  context "user is already anonymized" do
+    before do
+      user.update(anonymized_at: Time.now.utc)
+    end
+    it "does not send the email" do
+      mail = double(:mail)
+      allow(PrivacyMailer).to receive_message_chain("with.send_user_anonymization_link_after_user_requested").and_return(mail)
+      expect(mail).not_to receive(:deliver_now)
+      subject
+    end
+  end
+end
diff --git a/spec/mailers/privacy_mailer_spec.rb b/spec/mailers/privacy_mailer_spec.rb
new file mode 100644
index 000000000..0bac5b05e
--- /dev/null
+++ b/spec/mailers/privacy_mailer_spec.rb
@@ -0,0 +1,20 @@
+require "rails_helper"
+
+RSpec.describe PrivacyMailer, type: :mailer do
+  describe "#send_user_anonymization_link_after_user_requested" do
+    let(:mail) { described_class.with(user_id: user.id).send_user_anonymization_link_after_user_requested }
+    let(:user) { create(:user) }
+
+    it "renders the headers" do
+      expect(mail.subject).to eq("Nous avons bien reçu votre email")
+      expect(mail.to).to eq([user.email])
+      expect(mail.from).to eq(["privacy@covidliste.com"])
+    end
+
+    it "includes a signed link to the confirm_destroy_profile URL" do
+      match_data = mail.body.encoded.match(%r{/users/profile/confirm_destroy\?authentication_token=([^"]+)"})
+      token = CGI.unescape(match_data.captures.first)
+      expect(User.find_signed(token, purpose: "users.destroy")).to eq(user)
+    end
+  end
+end
diff --git a/test/mailers/previews/privacy_mailer_preview.rb b/test/mailers/previews/privacy_mailer_preview.rb
new file mode 100644
index 000000000..8cd918ef4
--- /dev/null
+++ b/test/mailers/previews/privacy_mailer_preview.rb
@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+class PrivacyMailerPreview < ActionMailer::Preview
+  def send_user_anonymization_link_after_user_requested
+    user = FactoryBot.create(:user)
+    PrivacyMailer.with(user_id: user.id).send_user_anonymization_link_after_user_requested.deliver_now
+  end
+end