diff --git a/systemd/conservancy-www-cleanup.service b/systemd/conservancy-www-cleanup.service
new file mode 100644
index 0000000000000000000000000000000000000000..8ce1e3253a318b07cbb30fe5cb45f03a1ad4560a
--- /dev/null
+++ b/systemd/conservancy-www-cleanup.service
@@ -0,0 +1,26 @@
+[Unit]
+Description=Cleanup Conservancy website
+Before=apache2.service
+
+[Service]
+Type=oneshot
+User=www
+ExecStart=/usr/bin/python /var/www/website/www/manage.py clearsessions --verbosity 0
+
+SystemCallFilter=~@clock @cpu-emulation @debug @module @mount @obsolete
+CapabilityBoundingSet=
+NoNewPrivileges=true
+
+PrivateDevices=true
+PrivateNetwork=true
+PrivateTmp=true
+PrivateUsers=true
+ProtectControlGroups=true
+ProtectHome=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+ProtectSystem=strict
+ReadWritePaths=/var/lib/www/database
+
+[Install]
+WantedBy=apache2.service