Whether you are in the EEA, Brazil, California, or anywhere else, you have the same rights to control your data at ScopeVeil. This page tells you what those rights are, how to exercise them, and who to contact.
For most rights, you can act directly from your account:
For anything not available in the dashboard (correction, restriction, objection, consent withdrawal, complaints), reach our Data Protection Officer via the contact form from the address associated with your account. We respond within 30 days.
You can request a copy of the personal data we hold about you. This is the same data the Export button gives you in JSON format.
GDPR Art. 15 · LGPD Art. 18 II · CCPA §1798.110
You can correct inaccurate or incomplete data. Most fields (name, organization name) are editable from your account settings. For anything else, contact the DPO.
GDPR Art. 16 · LGPD Art. 18 III · CCPA §1798.106
You can request that we delete your personal data. We anonymize your account immediately: name, email, password hash are replaced; API keys are revoked. Some data must be retained for legal compliance (billing records for 7 years per tax law), but is no longer linked to your identity.
GDPR Art. 17 · LGPD Art. 18 VI · CCPA §1798.105
Your data is exportable in a machine-readable format (JSON). You can move it to another provider, audit it, or just keep it.
GDPR Art. 20 · LGPD Art. 18 V
You can ask us to limit how we process your data. For example, to keep it stored but not use it for any active processing. Contact the DPO with the request.
GDPR Art. 18 · LGPD Art. 18 IV
You can object to specific processing activities, especially those based on our legitimate interest. We will reassess and stop unless we have an overriding legitimate ground.
GDPR Art. 21 · LGPD Art. 18 §2
Where processing is based on your consent (e.g. optional newsletter), you can withdraw it at any time without affecting the lawfulness of processing before withdrawal.
GDPR Art. 7 · LGPD Art. 8 §5
You can ask what subprocessors handle your data and where. See Privacy Policy Section 5 for the current list (Fly.io, Stripe, upstream LLM providers, New Relic, email delivery provider).
GDPR Art. 13 · LGPD Art. 18 VII
We will not discriminate against you (by denying service, charging different prices, or providing a lower quality) for exercising any right above.
CCPA §1798.125 · LGPD Art. 18 §3
If you believe we have not addressed your request adequately, you can lodge a complaint with your local data protection authority:
We do not sell your personal information, in any sense of "sale" under CCPA / CPRA, and we do not share it for cross-context behavioral advertising. There is no opt-out to apply because there is no sale.
Under LGPD Art. 41, every operator must publicly designate an Encarregado de Proteção de Dados. Same role as a Data Protection Officer under GDPR Art. 37.
Reach the DPO / Encarregado via our contact form. Pick the "Privacy / data rights" topic so it lands directly with the right team.