Leonardo AI · Leonardo AI Privacy Policy · View original document ↗

Regional Data Subject Rights

Low severity Low confidence Inferredfromcontext Unique · 0 of 343 platforms
Share 𝕏 Share in Share 🔒 PDF
Monitor governance changes for Leonardo AI Create a free account to receive the weekly governance digest and monitor one platform for governance changes.
Create free account No credit card required.
Document Record

What it is

The policy provides specific rights disclosures for EU, UK, and California users, including rights to access, correct, delete, and port their personal data, and to object to or restrict certain processing activities. These rights are exercisable by contacting Leonardo AI.

This analysis describes what Leonardo AI's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology

ConductAtlas Analysis

Why it matters (compliance & governance perspective)

Knowing your data rights is essential for controlling how your personal information is used, and the existence of regional-specific rights means the protections available to you depend significantly on where you are located.

Interpretive note: The specific verbatim rights disclosure language was not extractable from the provided HTML; the analysis reflects standard GDPR, UK GDPR, and CCPA rights disclosures typical of platforms with Leonardo AI's user base and jurisdictional scope.

Change history

removed Jun 2, 2026

This generic provision was replaced with the more detailed and actionable 'User Data Rights and Opt-Out Mechanisms' provision that specifies rights and contact procedures.

View full change record →

Consumer impact (what this means for users)

EU and UK users have GDPR rights including access, rectification, erasure, restriction, portability, and objection. California residents have CCPA/CPRA rights including the right to know, delete, correct, and opt out of sale or sharing. The practical effectiveness of these rights depends on Leonardo AI's response processes and timelines.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.
  • Delete Your Data
    Email privacy@leonardo.ai with your data subject request, specifying your right (access, deletion, correction, or portability), your account email, and your jurisdiction. Leonardo AI is required to respond within 30 days under GDPR or 45 days under CCPA.

How other platforms handle this

Garmin Medium

If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...

Ledger Medium

At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.

Strava Medium

We use information to enhance the quality, reliability, and/or accuracy of our AI Features by creating, developing, training, testing, improving, and maintaining AI and ML models run by Strava or our service providers. We use aggregated, de-identified data for this purpose. We also use personal info...

See all platforms with this clause type →

Monitoring

Leonardo AI has changed this document before.

Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Start Monitor free trial Or create a free account →
ConductAtlas Analysis

Institutional analysis (Compliance & governance intelligence)

REGULATORY LANDSCAPE: This provision directly engages GDPR Articles 15-22 (data subject rights) for EU users, UK GDPR equivalent provisions for UK users, CCPA/CPRA Sections 1798.100-1798.125 for California residents, and the Australian Privacy Act APP 12 (access) and APP 13 (correction) for Australian users. Enforcement is by the relevant national data protection authority for EU users, the ICO for UK users, the California Privacy Protection Agency and California AG for California residents, and the OAIC for Australian users. GOVERNANCE EXPOSURE: Medium. Operationalizing data subject rights across multiple jurisdictions requires documented response workflows, identity verification procedures, and compliance with statutory response timelines (30 days under GDPR, 45 days under CCPA). Failure to respond within required timeframes creates regulatory exposure. JURISDICTION FLAGS: EU users have the broadest and most enforceable rights framework under GDPR, with complaints routable to national DPAs and significant administrative fine exposure. California users have state-level enforcement by the CPPA. Australian users have OAIC oversight. The adequacy of the rights exercise process for each jurisdiction should be independently verified. CONTRACT AND VENDOR IMPLICATIONS: Data subject rights requests that require action by sub-processors (e.g., data deletion from cloud infrastructure providers) require contractual flow-down obligations in data processing agreements. Compliance teams should verify that deletion requests can be operationally fulfilled across all data stores including AI training data repositories. COMPLIANCE CONSIDERATIONS: Response workflow documentation, identity verification procedures, and escalation paths for complex requests should be reviewed. The ability to fulfill deletion requests for data that may have been incorporated into AI model training is a specific operational challenge that warrants legal and technical assessment.

Full compliance analysis

Regulatory citations, enforcement risk, and due diligence action items.

Track 1 platform — free Try Monitor free for 14 days

Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.

Applicable agencies

  • State AG
    State Attorneys General, including the California AG and CPPA, have enforcement authority over CCPA/CPRA rights compliance for California residents.
    File a complaint →

Applicable regulations

EU AI Act
European Union
CCPA/CPRA
California, USA
Colorado AI Act
US-CO
Connecticut Data Privacy Act Amendments
US-CT
EU AI Act - High Risk Provisions
EU
FTC Act Section 5
United States Federal
GDPR
European Union
Indiana Consumer Data Protection Act
US-IN
Kentucky Consumer Data Protection Act
US-KY
Universal Opt-Out Mechanism Expansion 2026
US

Provision details

Document information
Document
Leonardo AI Privacy Policy
Entity
Leonardo AI
Document last updated
May 5, 2026
Tracking information
First tracked
April 30, 2026
Last verified
May 9, 2026
Record ID
CA-P-007583
Document ID
CA-D-00480
Evidence Provenance
Source URL
Wayback Machine
Content hash (SHA-256)
ac60ef265e1e05c94b28dd719ab4d9bf7339502e5ad85457006b8f18e885cc23
Analysis generated
April 30, 2026 06:59 UTC
Methodology
Evidence
✓ Snapshot stored   ✓ Hash verified
Citation Record
Entity: Leonardo AI
Document: Leonardo AI Privacy Policy
Record ID: CA-P-007583
Captured: 2026-04-30 06:59:23 UTC
SHA-256: ac60ef265e1e05c9…
URL: https://conductatlas.com/platform/leonardo-ai/leonardo-ai-privacy-policy/regional-data-subject-rights/
Accessed: July 4, 2026
Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.
Classification
Severity
Low
Categories

Other risks in this policy

Related Analysis

Compliance Governance Intelligence

Need to monitor specific governance provisions?

Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.

Arbitration clauses AI governance Data rights Indemnification Retention policies
Start Compliance free trial

Or start with Monitor →

Built from archived source documents, structured governance mappings, and historical version tracking.

Frequently Asked Questions

What does Leonardo AI's Regional Data Subject Rights clause do?

Knowing your data rights is essential for controlling how your personal information is used, and the existence of regional-specific rights means the protections available to you depend significantly on where you are located.

How does this clause affect you?

EU and UK users have GDPR rights including access, rectification, erasure, restriction, portability, and objection. California residents have CCPA/CPRA rights including the right to know, delete, correct, and opt out of sale or sharing. The practical effectiveness of these rights depends on Leonardo AI's response processes and timelines.

Is ConductAtlas affiliated with Leonardo AI?

No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Leonardo AI.