Data Subject Request

How to exercise your data rights.

If your personal information is held by Verinode (as an operator, an operator’s team member, or as a third party named in data an operator forwarded to us), you can ask us to act on it. This page explains the rights, the process, and the contact path.

Last updated: May 2026

Who can submit a request

Three categories of people typically submit Data Subject Requests:

  • ·Operators and operator team members whose account or personal information lives at Verinode. Most rights below are exercisable directly in Settings → Privacy without contacting us.
  • ·Third parties (vendors, subcontractors, customers, insurance adjusters, TPA staff) whose name, email, or other identifying information appears in emails or documents that an operator forwarded to us. You can ask to be excluded from operator-side analytics or to have your information erased.
  • ·Anyone uncertain whether we hold their information. Send the request and we will check.

Your rights

Depending on where you live, you have some or all of these rights. We honour the strongest applicable standard.

Access.
Get a copy of the personal data we hold about you, what we use it for, who we share it with, and how long we keep it. GDPR Article 15 / CCPA §1798.110.
Rectification.
Correct inaccurate or incomplete data. GDPR Article 16.
Erasure (right to be forgotten).
Delete your personal data from our systems. Processed within 30 days. Includes the PII database, the intelligence layer, backup systems (within 90 days), and LLM processing caches (within 7 days). GDPR Article 17 / CCPA §1798.105.
Restriction.
Pause specific kinds of processing while we resolve a dispute or while we verify the accuracy of your data. GDPR Article 18.
Portability.
Get a machine-readable export of the data you provided to us. We deliver CSV or JSON, your choice. GDPR Article 20.
Object.
Object to processing carried out under legitimate interest. Includes adjusters and TPA staff who object to being included in operator-side analytics built from forwarded emails. GDPR Article 21.
Withdraw consent.
Revoke any consent you previously gave (for example behavioural telemetry or public recognition). Operators do this from Settings → Privacy; others can email us.
Non-discrimination.
We will not retaliate against operators or anyone else for exercising a right under this page. CCPA §1798.125.
Complaint.
File a complaint with a supervisory authority. EU/EEA: your local Data Protection Authority. UK: the Information Commissioner’s Office. California: the California Attorney General.

How to submit a request

If you are an operator or operator team member

Most rights are exercisable directly inside the platform without contacting us:

  • ·Access and portability: Settings → Privacy → Export my data.
  • ·Rectification: edit your profile and operator records in-app.
  • ·Erasure: Settings → Privacy → Delete my account.
  • ·Withdraw consent: toggle off in Settings → Privacy.

For any right not exposed in the platform, email [email protected].

If you are a third party named in operator-forwarded data

Email [email protected] with the subject line “Data subject request” and include:

  • ·Your full name and the email address you want us to search against (work email is most common).
  • ·Which right you want to exercise (access, erasure, exclusion from operator analytics, etc.).
  • ·One sentence about how your information may have come to us, if you know (for example: “I am an adjuster at carrier X and corresponded with operator Y”). Optional but speeds up verification.

What happens next

  1. 1.Acknowledgement within 3 business days. We confirm receipt and tell you which steps will follow.
  2. 2.Verification. We need to confirm the request comes from the person whose data we hold. We may send a one-time verification link to the email address on file, or ask for a second piece of identifying information. We do not require a copy of government ID.
  3. 3.Action. We complete the request and confirm in writing what we did. Standard SLA:
  • ·Access and portability: 14 days.
  • ·Erasure: 30 days for live systems, 90 days for backup purge.
  • ·Object / exclusion from analytics: 30 days.
  • ·Rectification: 14 days.

If we need to extend the timeline (rare; only for unusually complex requests), we tell you within the initial period and explain why.

Fees and limits

Requests are free. There is no charge for export, deletion, access reports, or objection.

We may charge a reasonable fee, or decline to act, if a request is manifestly unfounded or excessive (for example repeated identical requests). We will explain the reason in writing if we ever do so. GDPR Article 12(5).

If you are unhappy with our response

Email us back at [email protected] and we will escalate to the Verinode privacy lead.

You can also lodge a complaint with the supervisory authority in your jurisdiction. See the “Complaint” right above for who that is.

Related

  • ·Data Use Policy — the structural commitments behind how we handle operator data.
  • ·Privacy Notice — what personal information we collect and on what legal basis.
  • ·Subprocessors — the third parties that process personal information on our behalf.

This is a living document. Material changes to this process are announced 30 days in advance.