GDPR Data Subject Rights Guide

Last updated: April 2026

This document explains how data subjects can exercise their rights under the General Data Protection Regulation (GDPR).

How to Exercise Your Rights

1. Right of Access (Article 15)

What: Obtain a copy of all personal data we hold about you.

How:

Dashboard: Settings > Privacy > Export My Data
API: GET /v1/users/me/data
Email: privacy@featuresignals.com

Response time: Within 30 days.

2. Right to Rectification (Article 16)

What: Correct inaccurate personal data.

How:

Dashboard: Settings > General (update name, email)
Email: privacy@featuresignals.com for data not editable in the dashboard

3. Right to Erasure / Right to Be Forgotten (Article 17)

What: Request deletion of your personal data.

How:

Dashboard: Settings > Privacy > Delete My Account
API: DELETE /v1/users/me
Email: privacy@featuresignals.com

Process:

Account is soft-deleted immediately (cannot log in)
30-day grace period allows recovery by contacting support
After 30 days, all personal data is permanently deleted
Audit log entries are anonymized (actor replaced with "deleted-user-xxx")

Note: If you are the sole owner of an organization, you must transfer ownership or delete the organization first.

4. Right to Data Portability (Article 20)

What: Receive your data in a structured, machine-readable format.

How:

API: POST /v1/organizations/{orgID}/data-export (generates JSON ZIP)
Dashboard: Settings > Privacy > Export Organization Data

The export includes: projects, flags, environments, segments, team members, audit logs, API key metadata, webhooks, and subscription data.

5. Right to Restrict Processing (Article 18)

What: Limit the processing of your personal data.

How: Contact privacy@featuresignals.com with your specific request.

6. Right to Object (Article 21)

What: Object to processing based on legitimate interest.

How: Contact privacy@featuresignals.com. We will cease processing unless we demonstrate compelling legitimate grounds.

What: Withdraw consent for consent-based processing (e.g., marketing emails).

How:

Dashboard: Settings > Privacy > Communication Preferences
Email: Unsubscribe link in any marketing email

Data Protection Officer

For GDPR inquiries: dpo@featuresignals.com

Supervisory Authority

You have the right to lodge a complaint with your local data protection supervisory authority.

How to Exercise Your Rights​

1. Right of Access (Article 15)​

2. Right to Rectification (Article 16)​

3. Right to Erasure / Right to Be Forgotten (Article 17)​

4. Right to Data Portability (Article 20)​

5. Right to Restrict Processing (Article 18)​

6. Right to Object (Article 21)​

7. Right to Withdraw Consent (Article 7)​

Data Protection Officer​

Supervisory Authority​

How to Exercise Your Rights

1. Right of Access (Article 15)

2. Right to Rectification (Article 16)

3. Right to Erasure / Right to Be Forgotten (Article 17)

4. Right to Data Portability (Article 20)

5. Right to Restrict Processing (Article 18)

6. Right to Object (Article 21)

7. Right to Withdraw Consent (Article 7)

Data Protection Officer

Supervisory Authority