Your GDPR Rights
Under the EU General Data Protection Regulation (Regulation (EU) 2016/679), you have specific rights regarding the personal data we process about you. This page explains those rights and how to exercise them.
For full context on what data we process and why, see our Privacy Policy.
1. Right to access (Art. 15)
You can request a copy of all personal data we hold about you. We will respond within 30 days with a structured export covering: account data, waitlist record, billing history, generation metadata, marketing events.
2. Right to rectification (Art. 16)
If any of your data is inaccurate or incomplete, you can request correction. You can edit most of your data directly in the app (profile, email, locale). For data you can't edit yourself, email us.
3. Right to erasure / "right to be forgotten" (Art. 17)
You can request deletion of all your personal data. We will action this within 30 days, subject to:
- Invoices and tax records must be retained for 7 years under Austrian tax law (§ 132 BAO) — these are anonymized to the extent possible while preserving the tax record
- Active billing disputes may delay full erasure until resolved
- Anti-fraud signals (suspended accounts for ToS violations) — limited identifiers retained to prevent re-registration
You can also self-delete your account anytime via the account dashboard (Settings → Delete account).
4. Right to restriction (Art. 18)
You can ask us to pause processing of your data while we investigate a complaint or correction request, instead of deleting it.
5. Right to data portability (Art. 20)
For data processed under consent or contract, you can request an export in machine-readable format (JSON). This includes your generation history, transaction log, and account profile.
6. Right to object (Art. 21)
- Direct marketing: you can opt out anytime by clicking unsubscribe in any marketing email, or by emailing hello@klipsy.ai. Effect: immediate
- Legitimate interest processing (server logs, security): you can object but we may refuse if our legitimate interest overrides your interest in this case (e.g., security investigation in progress)
7. Rights related to automated decision-making (Art. 22)
We do not make automated decisions with legal or significant effect about you. AI content generation is not "automated decision-making" within the meaning of Art. 22 — it generates content based on your prompts, but does not decide anything about your rights, credit access, or treatment.
8. How to exercise your rights
Two ways to submit a request
1. Self-service: many actions are available directly in your account (export, delete, locale change, marketing opt-out).
2. Email: hello@klipsy.ai with subject "GDPR request: [type]". Include your account email and the specific right you wish to exercise.
We may ask you to verify your identity (e.g., reply from the registered email address) to prevent unauthorized requests.
Response time: within 30 days (extendable to 90 days for complex requests; we will inform you within the first 30 days if an extension is needed).
Cost: free, unless requests are manifestly unfounded or excessive.
9. Right to lodge a complaint (Art. 77)
If you believe we are processing your data unlawfully, you can complain to:
- Austrian Data Protection Authority (Datenschutzbehörde): dsb.gv.at
- The supervisory authority in your EU country of residence — list at edpb.europa.eu
We always appreciate the chance to address concerns directly first — please email us before involving a regulator.
10. Data Protection Officer
We are not required to appoint a DPO under Art. 37 GDPR given the scale of our processing. All privacy-related queries are handled by the data controller (klipsy — contact at hello@klipsy.ai; full legal details in our Impressum).
11. International users (non-EU)
If you reside outside the EU/EEA, your local privacy law may also grant you similar rights (CCPA in California, LGPD in Brazil, UK GDPR, etc.). We treat all data subjects equivalently regardless of location and will honor analogous requests on a best-effort basis.