diff --git a/app/models/user.rb b/app/models/user.rb
index 384064897..b620d8fcb 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -50,7 +50,7 @@ class User < ApplicationRecord
   validates :login, presence: true, format: { with: USER_LOGIN_REGEX }
   validates_uniqueness_of :login, case_sensitive: false
   validates :display_name, presence: true
-  validates :unsubscribe_token, presence: true, uniqueness: true
+  validates :unsubscribe_token, presence: true, uniqueness: true, on: :create
   validates_inclusion_of :valid_email, in: [true, false], message: "must be true or false"
 
   validates_with IdentityGroupNameValidator
diff --git a/lib/tasks/user.rake b/lib/tasks/user.rake
index ab6be1f67..5622ea90b 100644
--- a/lib/tasks/user.rake
+++ b/lib/tasks/user.rake
@@ -11,6 +11,14 @@ namespace :user do
     end
   end
 
+  desc 'Scrub unsubscribe_token of deactivated users'
+  task scrub_inactive_user_unsubscribe_token: :environment do
+    User.where(activated_state: 'inactive').select(:id).find_in_batches do |users|
+      ids = users.map(&:id)
+      User.where(id: ids).update_all(unsubscribe_token: nil)
+    end
+  end
+
   desc 'Backfill UX testing emails comms field in batches'
   task backfill_ux_testing_email_field: :environment do
     User.select(:id).find_in_batches do |users|
diff --git a/lib/user_info_scrubber.rb b/lib/user_info_scrubber.rb
index 1a0fe2d09..a42b23692 100644
--- a/lib/user_info_scrubber.rb
+++ b/lib/user_info_scrubber.rb
@@ -29,6 +29,7 @@ def self.scrub_details(user)
     user.valid_email = false
     user.private_profile = true
     user.api_key = nil
+    user.unsubscribe_token = nil
     user.tsv = nil
     user.save!
     user
diff --git a/spec/lib/user_info_scrubber_spec.rb b/spec/lib/user_info_scrubber_spec.rb
index fc8781d1d..64a65cf59 100644
--- a/spec/lib/user_info_scrubber_spec.rb
+++ b/spec/lib/user_info_scrubber_spec.rb
@@ -33,6 +33,10 @@ def scrub_user_details(user)(user)
         expect { described_class.scrub_personal_info!(user) }.to change(user, :credited_name).to(nil)
       end
 
+      it 'scrubs the unsubscribe_token' do
+        expect { described_class.scrub_personal_info!(user) }.to change(user, :unsubscribe_token).to(nil)
+      end
+
       it 'scrubs the encrypted_password' do
         expect { described_class.scrub_personal_info!(user) }.to change(user, :encrypted_password)
       end