Your GDPR rights

⚠️ Draft. Review with counsel before publishing.

Effective: 2026-05-06

This page is a quick reference to your GDPR rights. Details (legal bases, retention periods, subprocessors) are in our Privacy Policy.

1. What rights do I have?

GDPR (General Data Protection Regulation, EU 2016/679) grants you 8 key rights:

🔍 Right of access — Art. 15

Receive a copy of all your data we process. How: email privacy@youself.io with subject Access request. Response: within 30 days.

✏️ Right to rectification — Art. 16

Correct inaccurate or incomplete data. How: email privacy@youself.io with subject Rectification request. Or via the bot: /profile. Response: within 30 days.

🗑️ Right to erasure / “right to be forgotten” — Art. 17

Delete all your data, except what we must retain by law (e.g., payment records — 7 years per the Tax Code). How: email privacy@youself.io with subject Erasure request. Deleted immediately: knowledge base, Telegram binding, email hash. Retained longer: payment metadata (anonymized). Timeline: 30 days for full execution.

🛑 Right to restrict processing — Art. 18

Temporarily freeze processing (without deletion). How: email with subject Restriction request. When applicable: if you contest data accuracy, or we use data beyond original purpose.

📦 Right to portability — Art. 20

Receive your data in a machine-readable format (JSON), to take to another provider. How: email with subject Portability request. What’s included: email, profile, knowledge base, wallet history, LLM usage stats. Format: zipped JSON.

❌ Right to object — Art. 21

Object to processing based on legitimate interest (e.g., analytics). How: email with subject Objection request. Or disable analytics in settings (TBD).

🔓 Right to withdraw consent — Art. 7(3)

Withdraw previously given consent (e.g., to marketing emails). How: unsubscribe link at the bottom of emails. Or email privacy@youself.io.

⚖️ Right to lodge a complaint with a supervisory authority — Art. 77

If you believe we’re violating your rights, you can complain:

• In Ukraine: Ombudsperson — ombudsman.gov.ua
• In the EU: your local supervisory authority (e.g., CNIL in France, ICO in the UK, AEPD in Spain)
• All EU DPAs: edpb.europa.eu/about-edpb/board/members

2. How to file a request — step by step

1. Email privacy@youself.io with the appropriate subject (see above)
2. Verify identity — we’ll send a confirmation link to your registered email
3. Wait for receipt — confirmation within 3 business days
4. Response — full processing within 30 days (extendable to 60 for complex requests — we’ll notify you)

3. What you need to provide

For request verification:

• Email associated with your account
• Telegram ID (if account is bot-activated)
• Order ID (if the request concerns a payment)

We do NOT ask for document copies, biometrics, or sensitive data beyond what we already have.

4. Is it free?

Yes, free for the first request within 12 months.

If a request is manifestly unfounded or excessive, we may charge a reasonable fee (≤ €30) or refuse (GDPR Art. 12(5)). This is the exception, not the rule.

5. What if you reject my request?

We may limit a request when:

• Data is needed for legal compliance (tax reporting)
• Data is needed for legal claims defense
• The request infringes third-party rights (e.g., deleting a shared chat history)

In that case — we explain the reason in writing, and you can complain to the DPA.

6. Contact

• General inquiries: privacy@youself.io
• DPO: privacy@youself.io
• Complaints: ombudsman.gov.ua or your local EU DPA