diff --git a/src/services/auth.ts b/src/services/auth.ts
index 41eee6b..2ddc6b3 100644
--- a/src/services/auth.ts
+++ b/src/services/auth.ts
@@ -224,7 +224,23 @@ export async function refreshAccessToken(
 
 export async function logout(refreshTokenRaw: string): Promise<void> {
   const tokenHash = hashToken(refreshTokenRaw);
-  await prisma.refresh_tokens.deleteMany({ where: { token_hash: tokenHash } });
+  // Delete the current token
+  const token = await prisma.refresh_tokens.findFirst({ where: { token_hash: tokenHash } });
+  if (token) {
+    // Delete the current token and all replaced tokens in its chain
+    await prisma.refresh_tokens.deleteMany({
+      where: {
+        OR: [
+          { token_hash: tokenHash },
+          { replaced_by_hash: tokenHash },
+        ],
+      },
+    });
+  }
+  // Clean up expired tokens for all users
+  await prisma.refresh_tokens.deleteMany({
+    where: { expires_at: { lt: new Date() } },
+  });
 }
 
 export async function verifyAccessToken(token: string): Promise<AuthData | null> {