Sortio Logo
Sortio
Back to Home

Privacy Requests

Exercise your data protection rights under GDPR (EEA/UK).

Your rights

If you are located in the European Economic Area (EEA) or United Kingdom (UK), you have the following rights regarding your personal data under the GDPR and UK GDPR:

  • Access the personal data we hold about you
  • Correct inaccurate or incomplete data
  • Request deletion of your personal data
  • Restrict processing of your data
  • Object to processing based on legitimate interests
  • Request data portability (for data provided under consent or contract)

US residents: see Your Privacy Choices for CCPA, CPRA, and equivalent state-law rights (including opt-out of sale and sharing, limit-use, and non-discrimination).

How to make a request

All data-subject requests are handled by email. Access, portability, correction, restriction, and objection requests are fulfilled manually so we can verify your identity against the email on your account before releasing or modifying personal data. Account deletion can also be initiated in-app under Settings, Account, Delete account, which uses a two-step email-confirmed flow.

Email us from your registered address

Send your request to marcus@getsortio.com from the email address linked to your Sortio account.

What to expect

1

Identity verification

Before fulfilling deletion, correction, or export requests, we confirm that the request comes from the account owner. We may ask you to reply from the email address on file, click a one-time verification link, or provide the last four digits of the payment method on the account. We never ask for full payment details or government identifiers.

2

Response timeframe

GDPR / UK GDPR: we respond within one month (30 days) of receiving a verified request. In complex cases, this may be extended by up to two additional months and we will notify you of any such extension.

CCPA / CPRA: we respond within 45 days, extendable once for an additional 45 days with notice.

3

Data deletion propagation

Where applicable, deletions are propagated to our processors as outlined in our Sub-processors page.

Data portability

For data portability requests, we will provide your data in a commonly used, machine-readable format (typically JSON). This applies to data you provided to us under consent or as part of our contract with you.

Withdrawing consent

Where we process your data based on consent (such as optional diagnostics or marketing communications), you can withdraw your consent at any time by contacting us at marcus@getsortio.com or adjusting your settings in the app under Settings ▸ Privacy.

Lodge a complaint

If you believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local data protection supervisory authority in the EEA or the Information Commissioner's Office (ICO) in the UK.