What can I do about this clause?

{'method': 'EMAIL', 'recipient': 'privacy@copy.ai', 'difficulty': 'EASY', 'action_type': 'DELETE_DATA', 'instructions': 'Email privacy@copy.ai with your full name, account email, and a description of your request (access, deletion, correction, or portability). Copy.ai is required to respond within 45 days, with a possible 45-day extension.', 'deadline_days': 45, 'deadline_hours': None} {'method': 'EMAIL', 'recipient': 'privacy@copy.ai', 'difficulty': 'EASY', 'action_type': 'EXPORT_DATA', 'instructions': 'Email privacy@copy.ai requesting a copy of all personal data held about you (data portability request). Specify that you want data in a portable, machine-readable format if required by your jurisdiction.', 'deadline_days': 45, 'deadline_hours': None}

Which regulatory agencies enforce this type of clause?

{'agency': 'FTC', 'reason': 'The FTC has enforcement authority over failures to honor privacy rights representations made to consumers under FTC Act Section 5.', 'complaint_url': 'https://reportfraud.ftc.gov/'}, {'agency': 'State_AG', 'reason': 'State attorneys general in California, Virginia, Colorado, and Connecticut enforce data subject rights under their respective state privacy laws.', 'complaint_url': 'https://www.naag.org/find-my-ag/'}

What is the severity of this clause?

ConductAtlas classifies this Data Subject Rights (GDPR and US State Laws) clause as medium severity. Severity reflects the magnitude of rights affected, the breadth of users impacted, and the degree of discretion the platform retains.

Data Subject Rights (GDPR and US State Laws) — Copy.ai

Share 𝕏 Share in Share 🔒 PDF

What it is

Depending on where you live, you have the right to see, correct, delete, or move your personal data, and Copy.ai must respond to your request within 45 days.

Consumer impact (what this means for users)

Users in the EU, UK, California, and other qualifying states can request access to, deletion of, or portability of their personal data by emailing privacy@copy.ai, and Copy.ai is obligated to respond within 45 days.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.

Delete Your Data
Within 45 days
Email privacy@copy.ai with your full name, account email, and a description of your request (access, deletion, correction, or portability). Copy.ai is required to respond within 45 days, with a possible 45-day extension.
Export Your Data
Within 45 days
Email privacy@copy.ai requesting a copy of all personal data held about you (data portability request). Specify that you want data in a portable, machine-readable format if required by your jurisdiction.

Cross-platform context

See how other platforms handle Data Subject Rights (GDPR and US State Laws) and similar clauses.

Compare across platforms →

Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

These rights give users meaningful control over their personal data, but exercising them requires proactive action — Copy.ai does not automatically delete or restrict processing of your data.

View original clause language

Depending on your location, you may have certain rights regarding your personal information, including the right to access, correct, delete, or transfer your personal data. You may also have the right to object to or restrict certain processing of your personal data. To exercise these rights, please contact us at privacy@copy.ai. We will respond to your request within 45 days, with a possible extension of an additional 45 days where reasonably necessary.

Institutional analysis (Compliance & legal intelligence)

REGULATORY FRAMEWORK: This provision directly implicates GDPR Arts. 15-22 (access, rectification, erasure, restriction, portability, objection rights; enforced by EU DPAs), CCPA/CPRA §§1798.100, 1798.105, 1798.110, 1798.115, 1798.120 (California rights; enforced by CPPA and CA AG), Virginia CDPA §§59.1-578–59.1-581, Colorado CPA C.R.S. §6-1-1306, and Connecticut CTDPA §42-515k. The 45-day response timeline aligns with CCPA requirements but may be shorter than GDPR's one-month standard for some request types.

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

FTC

The FTC has enforcement authority over failures to honor privacy rights representations made to consumers under FTC Act Section 5.
File a complaint →
State AG

State attorneys general in California, Virginia, Colorado, and Connecticut enforce data subject rights under their respective state privacy laws.
File a complaint →

Provision details

Document information

Document

Copy.ai Privacy Policy

Entity

Copy.ai

Document last updated

April 29, 2026

Tracking information

First tracked

April 30, 2026

Last verified

April 30, 2026

Record ID

CA-P-004318

Document ID

CA-D-00478

Evidence Provenance

Source URL

https://www.copy.ai/privacy-policy

Wayback Machine

View archived versions →

SHA-256

9183ba77b2f278d16e28b621008d3faeb2076ade22123648a918780406964874

Verified

✓ Snapshot stored ✓ Change verified

How to Cite

ConductAtlas Policy Archive
Entity: Copy.ai | Document: Copy.ai Privacy Policy | Record: CA-P-004318
Captured: 2026-04-30 08:38:18 UTC | SHA-256: 9183ba77b2f278d1…
URL: https://conductatlas.com/platform/copyai/copyai-privacy-policy/data-subject-rights-gdpr-and-us-state-laws/
Accessed: May 2, 2026

Classification

Severity

Medium

Data Subject Rights (GDPR and US State Laws)