Different types of privacy requests have different response windows, based on the law that governs each type.
Data Rights Requests (DSARs)
- Acknowledgment: within 10 business days of submission. You'll receive an email confirming we got your request.
- Full response: within 45 calendar days. This may be extended by an additional 45 days for complex requests, in which case we'll notify you of the extension.
- Governing law: California Consumer Privacy Act (CCPA) and equivalent state laws.
Do Not Sell or Share Requests
- Processing: within 15 business days.
- Confirmation: we'll email you when processing is complete.
- Governing law: California Consumer Privacy Act (CCPA) and equivalent state laws.
Marketing Opt-Out Requests
- Processing: within 10 business days.
- Confirmation: we'll email you when processing is complete.
- Note: you may receive a few more marketing messages while our systems update — these should stop within the 10-day window.
- Governing law: CAN-SPAM (email), TCPA (phone/SMS), and state opt-out rules.
If We Need More Time
In rare cases — for example, very large or complex requests, or when we need additional information from you to verify your identity — we may need additional time. If that happens, we'll email you with an explanation and a new estimated date.
If Your Request Is Denied
Some requests can't be fully fulfilled. For example, we may keep certain records to comply with tax, warranty, or fraud-prevention requirements even after a deletion request. If we deny all or part of your request, we'll explain why and tell you what your options are.
Comments
0 comments
Article is closed for comments.