What can I do about this clause?

{'method': 'EMAIL', 'recipient': 'privacy@leonardo.ai', 'difficulty': 'EASY', 'action_type': 'EXPORT_DATA', 'instructions': 'Email privacy@leonardo.ai to request a copy of all personal data Leonardo AI holds about you. State your account email address and specify that you are making a data portability or subject access request under GDPR, CCPA, or applicable law.', 'deadline_days': None, 'deadline_hours': None} {'method': 'EMAIL', 'recipient': 'privacy@leonardo.ai', 'difficulty': 'EASY', 'action_type': 'DELETE_DATA', 'instructions': 'Email privacy@leonardo.ai to request deletion of your personal data. Include your account email and cite your right to erasure under GDPR Art. 17, CCPA, or applicable law.', 'deadline_days': None, 'deadline_hours': None}

Which regulatory agencies enforce this type of clause?

{'agency': 'State_AG', 'reason': "California's Attorney General and the CPPA enforce CCPA/CPRA data subject rights, including the right to delete personal information and opt out of data sharing.", 'complaint_url': 'https://www.naag.org/find-my-ag/'}

What is the severity of this clause?

ConductAtlas classifies this User Rights and Data Subject Requests clause as medium severity. Severity reflects the magnitude of rights affected, the breadth of users impacted, and the degree of discretion the platform retains.

Do other platforms have similar clauses?

Yes. ConductAtlas has identified similar User Rights and Data Subject Requests clauses across approximately 1 other tracked platforms. You can compare how platforms differ on this clause type in the cross-platform comparison view.

User Rights and Data Subject Requests — Leonardo AI

Share 𝕏 Share in Share 🔒 PDF

What it is

Depending on where you live, you may have rights to see, correct, delete, or move your personal data — and you can request these by emailing privacy@leonardo.ai.

Consumer impact (what this means for users)

You can request access to, correction of, deletion of, or export of your Leonardo AI personal data by emailing privacy@leonardo.ai, but the policy does not specify how quickly your request will be handled.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.

Export Your Data

Email privacy@leonardo.ai to request a copy of all personal data Leonardo AI holds about you. State your account email address and specify that you are making a data portability or subject access request under GDPR, CCPA, or applicable law.
Delete Your Data

Email privacy@leonardo.ai to request deletion of your personal data. Include your account email and cite your right to erasure under GDPR Art. 17, CCPA, or applicable law.

Cross-platform context

See how other platforms handle User Rights and Data Subject Requests and similar clauses.

Compare across platforms →

Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

These rights are only meaningful if the company responds promptly and in full — the policy does not specify response timeframes, which may fall below GDPR's 30-day requirement if not operationalised.

View original clause language

Depending on your location, you may have certain rights regarding your personal information, including the right to access, correct, or delete your personal information, the right to data portability, the right to object to or restrict processing, and the right to withdraw consent. To exercise any of these rights, please contact us at privacy@leonardo.ai.

Institutional analysis (Compliance & legal intelligence)

REGULATORY FRAMEWORK: GDPR Arts. 15–22 establish data subject rights (access, rectification, erasure, restriction, portability, objection, and rights related to automated decision-making) with a 30-day response deadline (extendable to 3 months for complex requests) under Art. 12. CCPA/CPRA §1798.100–1798.125 establishes analogous rights for California residents with 45-day response deadlines. Australian APP 12 (access) and APP 13 (correction) govern rights for Australian users. The OAIC enforces Australian rights; EU supervisory authorities enforce GDPR rights; the CPPA enforces CPRA rights.

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

State AG

California's Attorney General and the CPPA enforce CCPA/CPRA data subject rights, including the right to delete personal information and opt out of data sharing.
File a complaint →

Provision details

Document information

Document

Leonardo AI Privacy Policy

Entity

Leonardo AI

Document last updated

April 29, 2026

Tracking information

First tracked

April 30, 2026

Last verified

April 30, 2026

Record ID

CA-P-004200

Document ID

CA-D-00480

Evidence Provenance

Source URL

https://leonardo.ai/privacy-policy

Wayback Machine

View archived versions →

SHA-256

ac60ef265e1e05c94b28dd719ab4d9bf7339502e5ad85457006b8f18e885cc23

Verified

✓ Snapshot stored ✓ Change verified

How to Cite

ConductAtlas Policy Archive
Entity: Leonardo AI | Document: Leonardo AI Privacy Policy | Record: CA-P-004200
Captured: 2026-04-30 06:59:23 UTC | SHA-256: ac60ef265e1e05c9…
URL: https://conductatlas.com/platform/leonardo-ai/leonardo-ai-privacy-policy/user-rights-and-data-subject-requests/
Accessed: May 2, 2026

Classification

Severity

Medium

User Rights and Data Subject Requests