Data Subject Request

How to exercise your rights under applicable data-protection law

You have a number of rights over the personal data Glassbreak holds about you. This page explains what they are, how to exercise them, and what to expect from us. The full legal basis is set out in our Privacy Policy; this page is the operational companion.

1. How to submit a request

Send a single email to privacy@glassbreak.io with the subject line Data subject request — [your name or account email]. To help us identify your account quickly and avoid asking you for the same information twice, please include the information set out in section 3 below.

We do not currently offer a self-service portal for data requests; a human at Glassbreak processes every request. If we receive a request from an email address we cannot tie to an account, we may ask for additional verification.

2. What you can ask for

Access

A copy of the personal data we hold about you, the purposes of processing, recipients (including sub-processors), retention periods, and the source of the data if not provided by you.

Note: We cannot provide a copy of encrypted content — we do not hold the decryption keys. You can export your own decrypted content directly from the Service.

Rectification

Correction of inaccurate personal data, or completion of incomplete personal data.

Erasure (right to be forgotten)

Deletion of your personal data where one of the GDPR Art. 17 grounds applies. Account-level personal data and metadata can be deleted; encrypted ciphertext for which we hold no key may be retained on our own schedule, which is functionally equivalent to deletion since it is not readable without a key you control.

Restriction

Limit how we process your personal data while we investigate an objection or a contested accuracy claim.

Portability

Receive your personal data in a structured, commonly used, machine-readable format, or have it transmitted directly to another controller where technically feasible. Most of your portable data is available from the in-product export.

Objection

Object to processing based on legitimate interests or direct marketing. We do not currently send marketing emails.

Withdraw consent

Where processing relies on consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

Complaint

Lodge a complaint with your local supervisory authority — for example, the OAIC (Australia), the ICO (UK), CNIL (France), the Irish DPC, the PDPC (Singapore), or the relevant US state Attorney General.

3. Information to include

To process your request quickly, please include:

  • your full name and the email address(es) associated with your Glassbreak account(s);
  • the organisation(s) you are or were a member of, if any;
  • a clear description of the right you wish to exercise (you can name several);
  • the jurisdiction whose law you are invoking, if not obvious from context (e.g. "UK GDPR", "CCPA", "Australian Privacy Principles");
  • your preferred response format (PDF, JSON, CSV) for access or portability requests;
  • any proof of identity you wish to supply up front (we may ask for additional verification if necessary).

4. What happens next

  • We acknowledge receipt within two business days.
  • We respond substantively within 30 days of receipt (extendable by a further two months in complex cases — we will tell you within the first 30 days if we need an extension, and why).
  • Where the request is manifestly unfounded or excessive (in particular because of its repetitive character), we may charge a reasonable fee or refuse to act on it. We will explain our reasoning if we do.
  • We are required to ask the Controller (your employer or organisation) in some circumstances — for example, where you submitted the data on their behalf and they are the controller under our DPA. We will tell you when this is the case.

5. Email template

You can copy the template below as a starting point.

To: privacy@glassbreak.io
Subject: Data subject request — [your name or account email]

I am submitting a data subject request under [GDPR / UK GDPR / CCPA /
Australian Privacy Principles / other].

Account details
  Name:          [full name]
  Email:         [account email]
  Organisation:  [if applicable]

Right(s) I wish to exercise
  [ ] Access (copy of personal data we hold)
  [ ] Rectification (correction of inaccurate data)
  [ ] Erasure (deletion of personal data)
  [ ] Restriction (limit processing)
  [ ] Portability (machine-readable export)
  [ ] Objection (to a specific processing activity)
  [ ] Withdraw consent (where consent is the legal basis)
  [ ] Other: [describe]

Description (optional)
  [Add any context that will help us locate your data
   or scope the request]

Preferred response format
  [ ] PDF
  [ ] JSON
  [ ] CSV
  [ ] Other: [specify]

Signed: [your name, date]

6. Complaints

If you are not satisfied with how we handled your request, you may lodge a complaint with your local supervisory authority. Examples:

  • Australia — Office of the Australian Information Commissioner (OAIC), www.oaic.gov.au
  • UK — Information Commissioner's Office (ICO), ico.org.uk
  • EU — your national supervisory authority (e.g. CNIL in France, the Irish Data Protection Commission, the BfDI in Germany)
  • Singapore — Personal Data Protection Commission (PDPC)
  • Switzerland — Federal Data Protection and Information Commissioner (FDPIC)
  • United States — the relevant state Attorney General

7. Contact

Data subject requests: privacy@glassbreak.io.
Security reports: security@glassbreak.io.
Complaints about our handling of a request: complaints@glassbreak.io.

Submitting a request via this page does not waive any of your statutory rights or your right to complain to a supervisory authority. This document is provided for transparency and does not constitute legal advice.

Stay Updated

Get product updates and security insights. No spam, unsubscribe anytime.

We respect your privacy. See our privacy policy.