Your Rights
Under GDPR, UK GDPR, and similar privacy laws, you have the following rights:
Right to Access (Article 15)
Request a complete copy of all personal data we hold. Provided within 30 days in JSON format.
Right to Rectification (Article 16)
Correct inaccurate or incomplete data. Update most info directly in the app. Other corrections within 14 days.
Right to Erasure — "Right to be Forgotten" (Article 17)
We will delete your account and business data within 30 days, remove push tokens immediately, anonymise third-party conversation data, and confirm deletion via email.
Right to Restrict Processing (Article 18)
Limit how we use your data while a dispute is being resolved.
Right to Data Portability (Article 20)
Receive your data in JSON or CSV format within 30 days.
Right to Object (Article 21)
Object to processing for direct marketing at any time.
Automated Decision-Making (Article 22)
Our AI processes scheduling conversations but does not produce legal or similarly significant effects — it simply books appointments.
Customer Data
Data processed on behalf of your customers is handled under legitimate interest and contractual necessity.
International Data Transfers
Data may be processed in the US (Railway, Anthropic, Resend) and EU (Twilio). Protected by Standard Contractual Clauses.
Data Breach Notification
In the event of a breach likely to affect your rights, we will notify you without undue delay and report to the relevant authority within 72 hours.
Supervisory Authorities
- EU: edpb.europa.eu
- UK: ico.org.uk
- Hungary: naih.hu
How to Exercise Your Rights
Email: privacy@ai-secretary.com
Subject: "Data Rights Request — [Right you are exercising]"
We respond within 30 days.