diff --git a/tasks/install_validation_tools.yml b/tasks/install_validation_tools.yml
index 7043aec07f43f6df495b9eee494e9e08cd685985..40b3442b1b8bc94578af2f1d0212fbcbed25ea0a 100644
--- a/tasks/install_validation_tools.yml
+++ b/tasks/install_validation_tools.yml
@@ -121,6 +121,8 @@
     owner: "root"
     group: "root"
   loop:
+    - "cleanup_daemon_@.service"
+    - "cleanup_daemon.timer"
     - "validation_daemon_any@.service"
     - "validation_daemon_any.socket"
     - "validation_daemon_@.service"    # Daemon service
@@ -139,6 +141,22 @@
     - "save"
   changed_when: false
 
+- name: enable & start cleanup daemon
+  ansible.builtin.systemd:
+    unit: "{{ item.u }}"
+    daemon_reload: true
+    enabled: true
+    state: "{{ item.s | default(omit) }}"    # this can never be idempotent
+  loop:
+    - u: "cleanup_daemon.timer"
+      s: "restarted"
+    - u: "cleanup_daemon_@ddz.service"
+    - u: "cleanup_daemon_@digas.service"
+    - u: "cleanup_daemon_@fotothek.service"
+    - u: "cleanup_daemon_@mediathek.service"
+    - u: "cleanup_daemon_@save.service"
+  changed_when: false
+
 - name: enable & start validation Webservice
   ansible.builtin.systemd:
     name: "validation_daemon_any.{{ item }}"
diff --git a/templates/usr/local/lib/systemd/system/cleanup_daemon.timer.j2 b/templates/usr/local/lib/systemd/system/cleanup_daemon.timer.j2
new file mode 100644
index 0000000000000000000000000000000000000000..c8e5e776f059e815a645f0b10d3bbcc542070250
--- /dev/null
+++ b/templates/usr/local/lib/systemd/system/cleanup_daemon.timer.j2
@@ -0,0 +1,10 @@
+[Unit]
+Description=Cleanup Daemon for Validation Tool (%i)
+
+[Timer]
+Unit=cleanup_daemon_@.service
+Persistent=true
+OnCalendar=daily
+
+[Install]
+WantedBy=default.target
diff --git a/templates/usr/local/lib/systemd/system/cleanup_daemon_@.service.j2 b/templates/usr/local/lib/systemd/system/cleanup_daemon_@.service.j2
new file mode 100644
index 0000000000000000000000000000000000000000..49bb34ed71a73bd3d89f71e04dad6a359e4aec83
--- /dev/null
+++ b/templates/usr/local/lib/systemd/system/cleanup_daemon_@.service.j2
@@ -0,0 +1,36 @@
+[Unit]
+Description=Cleanup Daemon for Validation Tool (%i)
+After=network.target
+
+[Service]
+ExecStart=/bin/bash -c 'find "/mnt/lza_repair_%i/validate/results/" -type f -mtime +15 -exec rm {} \\;'
+ExecReload=/bin/kill -HUP $MAINPID
+KillMode=process
+Restart=on-failure
+User={{ vault_service_user }}
+Group={{ vault_service_group }}
+Type=simple
+
+### Security features
+# documented at https://www.freedesktop.org/software/systemd/man/systemd.exec.html
+#ProtectSystem=strict
+#ProtectHome=read-only
+#ProtectHostname=true
+#ProtectClock=true
+#ProtectKernelTunables=true
+#ProtectKernelModules=true
+#ProtectKernelLogs=true
+#ProtectControlGroups=true
+#LockPersonality=true
+#MemoryDenyWriteExecute=true
+#RestrictRealtime=true
+#RestrictSUIDSGID=true
+## RemoveIPC=true
+## PrivateMounts=true
+## MountFlags=
+## SystemCallFilter is a Whitelist!!!
+#SystemCallFilter=@aio,@basic-io,@debug,@file-system,@network-io
+#SystemCallErrorNumber=1337
+
+[Install]
+WantedBy=multi-user.target