Privacy rights · Last updated May 11, 2026

Your data, your call.

Access it, delete it, correct it, or take it elsewhere. We respond to every request within 30 days (45 in complex cases, with a heads-up). Exercising these rights never affects your access to the service or the price you pay.

Your rights

Six things you can ask us to do.

Right to know / access
Get a copy of every piece of personal data we hold about you, with metadata about how it was collected, why, and who it has been shared with.
GDPR Art. 15 · CCPA §1798.110 · UK GDPR Art. 15 · VCDPA / CPA / CTDPA equivalents
Right to delete
Erase your personal data. We delete it within 30 days unless we have a legal obligation to retain it (e.g., tax records). We will tell you what is being kept and why.
GDPR Art. 17 · CCPA §1798.105 · UK GDPR Art. 17
Right to correct
Update anything we have wrong — name, email, role, specialty. Effective within 30 days; we propagate changes to any processor that needs them.
GDPR Art. 16 · CPRA §1798.106 · UK GDPR Art. 16
Right to portability
Receive your personal data in a structured, commonly-used, machine-readable format (JSON or CSV). Available for data we process on the basis of consent or contract.
GDPR Art. 20 · UK GDPR Art. 20
Right to opt out of sale or sharing
Stop us from selling or "sharing" your data for cross-context behavioural advertising. We do not sell or share data for ads — but the right exists, and you can confirm we are not.
CCPA / CPRA · multi-state equivalents
Right to object / restrict
Object to processing based on legitimate interests (e.g., support tickets, abuse prevention). We weigh the objection against our basis and document the outcome.
GDPR Art. 21 · UK GDPR Art. 21

How to ask

Two ways to file a request.

Default

Email us

Send to support@rnpocketpal.com with subject [DATA REQUEST]. Include the type of request and the email address tied to your account.

Web form

Use the support form

Set the subject to [DATA REQUEST]. The form auto-redacts patient-shaped content; you don’t need to include any clinical detail to verify your identity.

What to include in your request

Your account email (the one you signed up with).
Which right you’re exercising (access, delete, correct, etc.).
Optional: a brief reason, so we can route your request to the right person.
If you’re submitting on behalf of someone else (e.g., as their legal agent under CCPA), include proof of authorisation.

We may need to verify your identity before honoring a request. For most requests, a confirmation email to your account address is enough. For high-risk requests (large data exports, deletions), we may ask you to confirm via a second channel.

What happens next

Our response timeline.

Day 0
You file the request
Email or web form. You get an auto-acknowledgement within minutes with a ticket reference.
Day 1–3
We verify your identity
A confirmation email to your account address; we may ask one follow-up question.
Day 3–14
We process the request
Access requests: we compile a JSON export. Deletion: we run the deletion across all processors. Correction: we update the field.
Day 30 (max)
We close the loop
You get a final confirmation with the action we took. For access requests, you get the data as a download link valid for 14 days.

If we got it wrong

You can complain to a regulator.

We hope you give us a chance to fix it first — email support@rnpocketpal.com with subject [ESCALATE] and the founder reviews it personally. But you also have the right to lodge a complaint with the relevant supervisory authority:

UK: Information Commissioner’s Office — ico.org.uk
EU: Your national Data Protection Authority — find yours via EDPB
California: California Privacy Protection Agency — cppa.ca.gov
Other US states: your state Attorney General’s office (Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, etc.)

See also our privacy policy for the full data-handling posture, and our cookie policy for tracking specifics.