Your right to erasure
Under the General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act (CCPA) and other applicable privacy laws, you have the right to request deletion of personal data that AiSignal holds on you. We honour this right promptly and transparently — one short email gets the request opened.
How to request deletion
Send an email to [email protected] from the email address associated with your AiSignal account. Use the subject line “Data deletion request” and include:
- The email address associated with your account (so we can verify identity).
- The specific data you wish to delete, or “all my personal data” if you want a full account wipe.
- Any reference numbers (order IDs, ticket IDs, optimisation IDs) that help us locate the records.
If you can't email from the registered address, we can still process the request but will need to verify your identity through an alternative channel — usually by sending a confirmation link to the registered email, or by asking for transaction-history details only the account holder would know.
What we delete
On confirmed deletion requests, we remove:
- Your user account, including name, email, hashed password, login history and admin notes.
- Every entry test and optimisation order you've placed, including the target URLs, the engine responses, the scores and the deliverables.
- Every support ticket you've opened, including the full message thread.
- All visitor records identifiable by your IP address.
- Personal data held by third-party processors on our behalf (Mailgun delivery logs, Stripe customer records, Cloudflare security logs). We pass the deletion request through to each processor and confirm completion before closing the request.
What we may have to retain
Some categories of data must be retained for legal compliance even after a deletion request:
- Tax records. Invoices and payment records are kept for the period required by the tax authority in our jurisdiction of incorporation (typically 5–10 years).
- Anti-fraud records. Records of any fraud investigations or sanctions screenings are retained as required by anti-money-laundering law.
- Audit-trail of the deletion itself. We retain a record of the fact and date of the deletion request — but not the deleted data — so we can prove compliance if asked by a Supervisory Authority.
If your deletion request would require us to retain some data for legal reasons, we tell you which categories and why at the time of confirmation.
Timeline
- Within 1 business day — we acknowledge receipt of the request.
- Within 5 business days — we verify your identity and confirm the scope of the deletion.
- Within 30 days — deletion is complete (longer in complex cases, in which case we tell you why and provide a revised timeline, as permitted by GDPR Art. 12).
If your request is denied
We may refuse a deletion request if it is manifestly unfounded, excessive (e.g. repetitive) or where retention is legally required. If we refuse, we explain why and inform you of your right to lodge a complaint with your local Supervisory Authority (the ICO in the UK, your national DPA in the EU, the CPPA in California, etc.).
For end-users of AiSignal customers
If you are an end-user whose personal data was processed by a AiSignal customer (i.e. you didn't sign up directly), please contact that customer first — they are the Data Controller and decide on retention. We act as the Data Processor and can only delete the data when the customer instructs us to.
Account closure (self-service)
You can close your account at any time from the account settings page once logged in. Closing an account is a separate action from a formal data deletion request: it prevents new logins immediately, and the data is then queued for deletion in line with the timeline above.
Contact
For deletion requests: [email protected].
For general support: [email protected].
To lodge a complaint with a Supervisory Authority, visit your national data-protection regulator's website. UK: ICO (ico.org.uk). EU: edpb.europa.eu/members.