diff --git a/.github/workflows/branch-preview-cleanup.yml b/.github/workflows/branch-preview-cleanup.yml
new file mode 100644
index 00000000..a00cf1d7
--- /dev/null
+++ b/.github/workflows/branch-preview-cleanup.yml
@@ -0,0 +1,38 @@
+name: Cleanup branch preview
+on:
+  pull_request:
+    types: [closed]
+
+env:
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  ECR_NAME: ${{ secrets.ECR_NAME }}
+  KUBE_CLUSTER: ${{ secrets.KUBE_CLUSTER }}
+  KUBE_NAMESPACE: ${{ secrets.KUBE_NAMESPACE }}
+
+jobs:
+  cleanup-preview:
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
+      pull-requests: write
+    if: contains(github.event.pull_request.labels.*.name, 'preview:active')
+    steps:
+      - run: |
+          echo "${KUBE_CERT}" > ca.crt
+          kubectl config set-cluster ${KUBE_CLUSTER} --certificate-authority=./ca.crt --server=https://${KUBE_CLUSTER}
+          kubectl config set-credentials deploy-user --token=${KUBE_TOKEN}
+          kubectl config set-context ${KUBE_CLUSTER} --cluster=${KUBE_CLUSTER} --user=deploy-user --namespace=${KUBE_NAMESPACE}
+          kubectl config use-context ${KUBE_CLUSTER}
+          kubectl delete deployment moj-frontend-${{ github.head_ref }} -n ${KUBE_NAMESPACE}
+          kubectl delete service moj-frontend-service-${{ github.head_ref }} -n ${KUBE_NAMESPACE}
+          kubectl delete ingress moj-frontend-ingress-${{ github.head_ref }} -n ${KUBE_NAMESPACE}
+        env:
+          KUBE_CERT: ${{ secrets.KUBE_CERT }}
+          KUBE_TOKEN: ${{ secrets.KUBE_TOKEN }}
+          KUBE_CLUSTER: ${{ secrets.KUBE_CLUSTER }}
+      - name: Remove preview:active label
+        run: |
+          gh pr edit $PRNUM --remove-label "preview:active"
+        env:
+          PRNUM: ${{ github.event.number }}