GDPR request workflow
Submit and track data subject requests.
This notice is a software product baseline and should be reviewed by qualified legal counsel before production launch.
How requests are handled
Requests are recorded with status, due date, request metadata, and identity verification state. We may need to coordinate with a customer when GreenDirective acts as processor.
Verification
We verify identity before disclosing, deleting, or changing personal data.
Self-service export
Authenticated users can download an account-level personal data export from `/api/privacy/me/export`. Security-sensitive fields and customer-controlled business records are excluded.
Self-service erasure
Authenticated users can request account erasure from `/api/privacy/me/delete`. Erasure is blocked until organization ownership is transferred where the user is the sole active owner.