diff --git a/functions/api/links/delete.js b/functions/api/links/delete.js
index 5dbdcc9..068ec8a 100644
--- a/functions/api/links/delete.js
+++ b/functions/api/links/delete.js
@@ -30,12 +30,17 @@ export async function onRequestPost({ request, env }) {
       return new Response("Missing fields",{ status:400 });
 
     const user = await env.D1_EV
-      .prepare("SELECT pass_hash, custom_slugs FROM users WHERE username = ?")
+      .prepare("SELECT pass_hash, custom_slugs, banned_until FROM users WHERE username = ?")
       .bind(username)
       .first();
     if (user?.pass_hash !== pass_hash)
       return new Response("Invalid credentials",{ status:401 });
 
+    if (user.banned_until && user.banned_until > Date.now()) {
+      const days = Math.ceil((user.banned_until - Date.now()) / 86400000);
+      return new Response(`Account banned for ${days} more days.`, { status: 403 });
+    }
+
     let slugs = [];
     try { slugs = JSON.parse(user.custom_slugs) } catch {}
     if (!Array.isArray(slugs) || !slugs.includes(slug))
@@ -66,4 +71,3 @@ export async function onRequestPost({ request, env }) {
     return new Response(e.message,{ status:500 });
   }
 }
-