legal / bunpav
Data rights
A practical request process for account holders and visitors, including rights available under India’s DPDP framework, the GDPR, and applicable US state laws.
Last updated July 19, 2026
1. How this page works
This page supplements the Privacy Policy. Rights depend on your location, the data involved, and the reason it is processed. We extend core access, correction, and deletion request paths to all bunpav users, even where a particular statute does not require every right listed below.
2. Rights you may exercise
- Access and confirmation: ask whether we process your personal data and request a copy or summary.
- Correction: correct inaccurate or incomplete account and workspace information.
- Deletion: request deletion of eligible personal data and account closure.
- Portability: request eligible data in a structured, commonly used format.
- Restriction or objection: ask us to limit or stop processing in circumstances recognized by applicable law.
- Withdraw consent: withdraw consent for optional processing without affecting processing that occurred before withdrawal.
- Analytics choice: reject or later disable analytics through Cookie settings.
- Grievance and appeal: raise a privacy grievance and request review of our response.
- Nomination: where India’s DPDP framework applies, nominate another person to exercise applicable rights in the event of death or incapacity.
We do not sell personal data or use it for cross-context behavioral advertising, so there is no sale to opt out of under the current product configuration.
3. Submit a request
- Email [email protected] from the address tied to your account where possible.
- Use “Data rights request” in the subject.
- State the right, the relevant account or workspace, your country or state, and the data or period involved.
- Do not email passwords, full payment-card details, government ID, or authentication tokens.
Authorized agents should identify the person they represent and provide evidence of authority. We may confirm the request directly with the account holder.
4. Identity verification
We verify requests in proportion to their sensitivity. Verification may use the registered email, a fresh sign-in, knowledge of account activity, or other low-risk information. We will not disclose account data to an unverified requester. If we cannot verify identity or authority, we may deny or narrow the request and explain why.
5. What deletion means
Account deletion removes or de-identifies eligible profile, session, membership, and studio usage data from active systems. It may also remove workspace access and make generated history unavailable. Files already downloaded to your device are not remotely deleted.
We may retain limited order, tax, receipt, security, anti-fraud, dispute, and legal-hold records when law or a legitimate legal need requires it. Residual copies may remain in protected backups until the normal backup cycle completes. Retained data is isolated from ordinary product use.
6. Timing, fees, and appeals
We acknowledge requests and respond within the period required by applicable law. Complex, repetitive, or multi-account requests may take longer where the law permits; we will explain an extension. Requests are generally free, but we may charge a lawful reasonable fee or decline manifestly unfounded or excessive requests.
If we deny a request, we will give the reason and available appeal or complaint route. Reply with “Appeal” in the subject to request internal review. You may also complain to the Data Protection Board of India, an EEA/UK supervisory authority, a US state attorney general, or another competent regulator where applicable.
7. Workspace administrators
If your account is part of an organization, an owner or admin may control workspace membership and organization-level records. Contact the organization first for workspace instructions. AISOLO Technologies Private Limited remains responsible for requests concerning data it controls directly and will coordinate where necessary.
8. Privacy grievances
Send a grievance to [email protected] with “Privacy grievance” in the subject. Include the relevant dates, account, event, and desired resolution. We will investigate and respond under applicable grievance procedures.