GDPR Rights
Effective 2026-04-18
If you are in the EEA, UK, or California, you have specific rights over the personal data we hold about you. This page explains how to exercise them. For background on what data we hold and why, see the Privacy Policy.
1. Your rights at a glance
- Access — get a copy of personal data we hold about you (GDPR Art. 15 / CCPA §1798.110).
- Rectification — correct inaccurate data (Art. 16).
- Erasure ("right to be forgotten") — delete your account and associated data (Art. 17 / CCPA §1798.105).
- Restriction — limit how we process your data while a dispute is resolved (Art. 18).
- Portability — receive your data in a structured, machine-readable format (Art. 20).
- Objection — object to processing based on legitimate interest (Art. 21).
- Withdraw consent — at any time, where processing relies on consent (Art. 7(3)).
- Opt-out of sale / sharing — CCPA: we do not sell or share personal data, so this right is moot but acknowledged.
2. How to submit a request
Choose whichever is most convenient:
- Self-service (registered users) — sign in and visit your Account page. The export and delete actions are being rolled out incrementally; where the in-app action is not yet live the email channel below works immediately.
- Email —
[email protected]with subject line "Data Subject Request" and a short description of which right you want to exercise.
3. What we need from you
- The email address tied to your account.
- Enough information to verify your identity. For most requests we confirm by emailing the address on file. For deletion or export of larger data sets we may ask for an additional confirmation.
- The specific right you wish to exercise (access, deletion, portability, etc.).
4. Our SLA
- We acknowledge requests within 5 business days.
- We complete requests within 30 days of verification (extendable by 60 days for complex requests, with notice).
- We do not charge a fee unless requests are manifestly unfounded or excessive (per Art. 12(5)).
5. What deletion looks like
- Account record removed; favorites and history wiped.
- User-id columns on search_logs / click_logs nulled (we keep the aggregate counts for analytics; nothing tied back to you).
- Backup copies cycle out within 30 days of deletion.
- Audit-log entries describing your administrative actions (if any) are retained for our compliance window of 2 years and then deleted.
6. Complaints
If you are unsatisfied with our response you may complain to your local data protection authority. EEA: see the EDPB list of national authorities. UK: the ICO. California: the California Privacy Protection Agency.
7. Authorized agents
California residents may use an authorized agent to submit a request. We will require written authorization from you and may ask you to verify the request directly.