What this page covers
Soryx exists to help you erase your personal data from data brokers across the EU. But Soryx is itself a controller of a small amount of data about you - the details you give us to run your account. This page explains how to exercise your GDPR rights over that data: your Soryx profile, billing records, support history, and the persona details you ask us to search for.
The rights you can exercise
As a data subject in the EU/EEA, you can exercise any of the following rights over the personal data Soryx holds about you. We honour them free of charge unless a request is manifestly unfounded or excessive.
| Right | Article | What you get |
|---|---|---|
| Access | Art. 15 | A copy of the personal data we hold about you, plus how and why we process it. |
| Portability | Art. 20 | Your data in a structured, machine-readable format (JSON) you can reuse elsewhere. |
| Erasure | Art. 17 | Permanent deletion of your account data when you no longer want us to hold it. |
| Rectification | Art. 16 | Correction of any inaccurate or incomplete data we hold about you. |
| Restriction & objection | Art. 18 & 21 | Pause or object to specific processing while a question is resolved. |
How to submit a request
There are two equally valid ways to make a request:
- In-app, from settings. Sign in and open Settings → Privacy & data. You can export your data, correct your details, or delete your account directly - no email required. This is the fastest route and verifies your identity automatically because you are already signed in.
- By email. Write to privacy@soryx.ai and tell us which right you want to exercise. A plain-language request is enough - you do not need to cite the law or use any particular wording.
If you used the in-app tools, there is nothing more to do - access exports and account deletion are self-service. Email requests are handled by our privacy team and, where needed, our Data Protection Officer.
Our response time
We respond to every request within one month of receiving it, as required by Article 12(3) of the GDPR. If your request is unusually complex, or you have made several requests, we may extend this by up to two further months - but we will tell you within the first month and explain why.
Verifying your identity
Before we act on a request made by email, we may need to confirm that you are who you say you are. This protects you: it stops someone else from accessing or deleting your data by pretending to be you. We will ask only for what is strictly necessary to establish a reasonable match - usually confirmation from the email address on your account - and we will not reuse that information for any other purpose.
What happens when you erase your account
When you ask us to erase your Soryx account, we stop processing your data immediately and complete deletion within 30 days. We remove your profile, persona details, dashboard history and support records. We retain only the minimum required by law - for example, billing records we are obliged to keep for tax purposes - and we delete those once the legal retention period ends. We will confirm in writing once erasure is complete.
EU-native, with a named DPO
Soryx is built and hosted in the European Union, and we handle every request under the EU GDPR. Our Data Protection Officer oversees all data-subject requests and is your direct point of contact for anything sensitive or unresolved. You can reach the DPO at dpo@soryx.ai.
If you are not satisfied with how we have handled your request, you have the right to lodge a complaint with the Irish Data Protection Commission (www.dataprotection.ie) or with the supervisory authority in your own EU/EEA country. We would always appreciate the chance to put things right first.