Depending on where you live, you may have the right to see, fix, or delete the personal data Fly.io holds about you, and to move your data elsewhere.
This analysis describes what Fly.io's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
These rights give users meaningful control over their personal data, but exercising them requires knowing they exist and actively contacting Fly.io to invoke them.
Interpretive note: The exact scope of rights and the operational process for exercising them are not fully detailed in the available document text; practical exercise of rights depends on Fly.io's internal procedures.
EU, UK, and California users have legally recognized rights to access, correct, delete, or port their personal data held by Fly.io, and can exercise these rights by contacting the company directly.
Cross-platform context
See how other platforms handle User Rights for EU, UK, and California Residents and similar clauses.
Compare across platforms →Monitoring
Fly.io has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"Depending on your location, you may have certain rights regarding your personal information, including the right to access, correct, or delete your data, the right to restrict or object to processing, and the right to data portability. California residents may also have rights under the California Consumer Privacy Act.— Excerpt from Fly.io's Fly.io Privacy Policy
REGULATORY LANDSCAPE: This provision reflects GDPR Articles 15 through 21 (access, rectification, erasure, restriction, objection, portability) and UK GDPR equivalents. CCPA Sections 1798.100 through 1798.125 provide California residents with parallel rights including the right to know, delete, and opt out of sale. Both frameworks impose response time obligations (30 days under GDPR, 45 days under CCPA) and restrict the ability to charge fees for handling requests. GOVERNANCE EXPOSURE: Medium. The policy acknowledges rights but does not specify the response timeframes or the process for verifying identity before honoring requests. Operational readiness to handle rights requests within statutory timeframes is a compliance requirement, not merely a policy commitment. JURISDICTION FLAGS: EU and UK users have the most comprehensive rights framework. California residents have CCPA rights enforceable by the California Privacy Protection Agency and the California AG. Other US states with comprehensive privacy laws (Virginia, Colorado, Connecticut, Texas, and others) may also create enforceable rights for their residents that are not separately called out in the policy. CONTRACT AND VENDOR IMPLICATIONS: Enterprise customers whose end users may submit rights requests should understand that under the controller-processor framing, Fly.io would handle requests about its own data collection but that deploying customers must handle requests regarding application-level data themselves. COMPLIANCE CONSIDERATIONS: Organizations should verify that Fly.io has operationalized rights request handling with documented response procedures and identity verification steps. Legal teams should assess whether the policy's rights provisions are sufficiently specific to meet GDPR Articles 13 and 14 disclosure requirements regarding how rights can be exercised.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
These rights give users meaningful control over their personal data, but exercising them requires knowing they exist and actively contacting Fly.io to invoke them.
EU, UK, and California users have legally recognized rights to access, correct, delete, or port their personal data held by Fly.io, and can exercise these rights by contacting the company directly.
ConductAtlas has identified this type of provision across 4 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Fly.io.