The policy states that users may have rights to access, correct, delete, or export their personal data depending on jurisdiction, and that California residents may opt out of the sale or sharing of personal information, with all requests submitted to privacy@leonardo.ai.
This analysis describes what Leonardo AI's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision establishes the procedural mechanism for exercising data subject rights, requiring email contact rather than an in-platform self-service tool, which is the primary avenue for users to exercise GDPR, CCPA, and Australian Privacy Act entitlements.
Interpretive note: The policy does not specify response timelines or the verification process for rights requests, creating uncertainty about whether the mechanism fully satisfies GDPR Article 12 procedural requirements.
This new provision explicitly addresses regional data subject rights including CCPA compliance for California residents, providing users with actionable mechanisms to exercise their rights.
View full change record →Under this clause, users may submit access, correction, deletion, or portability requests by emailing privacy@leonardo.ai, with the specific rights available depending on the user's jurisdiction. California residents may additionally opt out of the sale or sharing of personal information through the same contact mechanism.
How other platforms handle this
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...
Depending on where you are located, you may have certain rights regarding your personal information, including the right to access, correct, delete, or restrict processing of your personal information, the right to data portability, and the right to object to or withdraw consent for certain processi...
For individuals in the United States, please also refer to our Notice For Individuals Residing In Certain US States below and the Consumer Health Data Policy.
Monitoring
Leonardo AI has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Depending on your location, you may have certain rights regarding your personal information, including the right to access, correct, delete, or port your data. To exercise these rights, please contact us at privacy@leonardo.ai. For California residents, you may also have the right to opt out of the sale or sharing of your personal information.— Excerpt from Leonardo AI's Leonardo AI Privacy Policy
REGULATORY LANDSCAPE: This provision engages GDPR Chapter III (data subject rights including access, rectification, erasure, and portability), CCPA/CPRA (rights to know, delete, correct, and opt out of sale/sharing), and the Australian Privacy Act 1988 APP 12 (access) and APP 13 (correction). The absence of an in-platform self-service rights mechanism may be evaluated by EU data protection authorities against GDPR Article 12's requirement that rights be exercisable in an easily accessible manner. Enforcement authorities include EU national DPAs, the California Privacy Protection Agency, and the OAIC. GOVERNANCE EXPOSURE: Medium. The email-only rights request mechanism is operationally functional but may face scrutiny regarding response time compliance (GDPR requires response within one month) and whether the mechanism constitutes a sufficiently accessible channel for GDPR purposes. JURISDICTION FLAGS: EU/EEA users have the most detailed rights framework under GDPR. California residents have CCPA/CPRA rights including opt-out of sharing. Australian users have rights under the Australian Privacy Act. CONTRACT AND VENDOR IMPLICATIONS: Organizations using Leonardo AI on behalf of clients or employees should establish internal procedures for routing data subject requests to privacy@leonardo.ai and tracking response timelines for GDPR compliance. COMPLIANCE CONSIDERATIONS: Legal teams should assess whether the email-based rights mechanism meets GDPR Article 12 accessibility and response timeline requirements, establish a documented request intake and fulfillment workflow, and confirm that deletion requests can be fulfilled including any training data implications.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision establishes the procedural mechanism for exercising data subject rights, requiring email contact rather than an in-platform self-service tool, which is the primary avenue for users to exercise GDPR, CCPA, and Australian Privacy Act entitlements.
Under this clause, users may submit access, correction, deletion, or portability requests by emailing privacy@leonardo.ai, with the specific rights available depending on the user's jurisdiction. California residents may additionally opt out of the sale or sharing of personal information through the same contact mechanism.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Leonardo AI.