Data Subject Access Request

Submit a request to access, erase, port, correct, or object to the processing of your personal data. Five request types are supported, matching GDPR Articles 15, 16, 17, 20, and 21. We acknowledge within 24 hours and fulfil within 30 days, in line with GDPR Article 12.

Submit a request

Requests are acknowledged within 24 hours and fulfilled within 30 days, in line with GDPR Article 12. We may ask for additional information to confirm your identity before fulfilling the request, per Article 12 § 6.

Request type

Access (Article 15) — Show me what data you hold about me.

Erasure (Article 17) — Delete my data. Cascading delete through messages, embeddings, indexes.

Portability (Article 20) — Export my data as JSON (machine-readable) or PDF (human-readable).

Rectification (Article 16) — Correct or redact specific records.

Objection (Article 21) — Object to processing for the listed reason.

Your email address

We use this to acknowledge the request and verify your identity before fulfilment.

Description / details

Describe what data you need accessed, erased, exported, corrected, or objected to. Max 4,000 characters.

What happens next

Within 24 hours. Syncanix acknowledges the request by email, confirming the type and a reference ID.
Identity verification. Per GDPR Article 12 § 6, we may ask for additional information to verify your identity. This is the most common reason a DSAR takes longer than a few days.
Scope clarification (if needed). If the request is broad, we may ask which subset of data you mean.
Fulfilment. The response (export file, deletion confirmation, or similar) is delivered within 30 days of the original request — typically much sooner once identity is verified.
Audit log. Every DSAR is logged with the request type, fulfilment date, and responding admin. The log is auditable evidence for SOC 2 + GDPR audit cycles.

Out of scope

For requests touching data the host site (Syncanix's customer) controls — e.g. you want to delete data from a specific deployment of Syncanix embedded inside a third-party SaaS — please contact that host site's DSAR queue. Syncanix processes that data as a processor under the host's DPA; the controller is the host, not Syncanix. If you're not sure which is which, email admin@syncanix.com and we'll route the request.

Privacy notice → — retention defaults, GDPR Article-by-Article implementation.
DPA brief → — Article 28 processor obligations, SCCs, regional addenda.
Compliance status → — SOC 2, ISO 27001, EU AI Act, GDPR.

Direct escalation

If the form is unavailable or you prefer email, write to admin@syncanix.com directly. The same SLAs apply.

Submit a request

What happens next

Out of scope

Related

Direct escalation