Depending on where you live, you may be able to ask MetaMask to show you, correct, delete, or give you a copy of your personal data. The ability to exercise these rights depends on your jurisdiction.
This analysis describes what MetaMask's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
For users in the EU, UK, and California, these rights are legally backed by GDPR, UK GDPR, and CCPA/CPRA respectively; however, the policy's conditional framing means users outside these jurisdictions may have fewer enforceable rights against Consensys.
Interpretive note: The operational completeness of rights fulfillment, particularly whether deletion requests extend to Infura-held data, cannot be confirmed from the policy text alone and depends on internal implementation.
EU, UK, and California residents have legally enforceable rights to access and delete their MetaMask-related personal data; users in other jurisdictions should review the policy to assess what rights are available to them, as the policy's rights grant is jurisdiction-dependent rather than universal.
How other platforms handle this
Depending on your location, you may have the following rights with respect to your personal data: the right to access your personal data; the right to correct inaccurate personal data; the right to request deletion of your personal data; the right to data portability; the right to restrict or object...
Depending on where you live, you may have the right to access the personal data we hold about you, to request its correction or deletion, to receive a copy of your data in a portable format, to object to certain processing, and to withdraw consent where processing is based on consent. To exercise yo...
We are committed to maintaining your trust, and while we do not sell your personal information or share your personal information with third parties for purposes of cross-context behavioral advertising where restricted by applicable law, we want you to understand when and with whom we may share the ...
Monitoring
MetaMask has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"Depending on your jurisdiction, you may have rights to access, correct, delete, or receive a copy of your personal data, as well as the right to object to or restrict certain processing. To exercise these rights, you may submit a request to us at the contact information provided below.— Excerpt from MetaMask's MetaMask Privacy Policy
REGULATORY LANDSCAPE: GDPR Articles 15-22 establish the specific rights referenced (access, rectification, erasure, portability, objection, restriction). CCPA Section 1798.100 and CPRA amendments establish parallel rights for California residents. The UK GDPR mirrors GDPR rights for UK users. Supervisory authorities including the Irish Data Protection Commission and the UK ICO have enforcement jurisdiction over rights request compliance. GOVERNANCE EXPOSURE: Medium. Operational implementation of rights requests is a common area of regulatory scrutiny. Given that user data is distributed across MetaMask and Infura systems, ensuring that deletion requests cascade to Infura's infrastructure may require specific operational procedures. Response time compliance (30 days under GDPR, 45 days under CCPA) is a measurable enforcement exposure. JURISDICTION FLAGS: EU and UK users have the most robust rights and the strongest enforcement mechanisms. California residents have CPRA-enhanced rights including the right to correct. Users in other US states with emerging privacy laws (Virginia, Colorado, Texas) may also have applicable rights depending on their residency and the date of the policy. CONTRACT AND VENDOR IMPLICATIONS: Organizations using MetaMask for employees or customers should assess whether they have contractual rights to require Consensys to honor rights requests on behalf of their data subjects, and whether MetaMask's rights fulfillment capabilities meet their own data processor obligations. COMPLIANCE CONSIDERATIONS: Legal teams should audit the rights request intake and fulfillment process, confirm that requests trigger data deletion at both MetaMask and Infura levels, and ensure response time SLAs are documented and met. The policy's contact mechanism for rights requests should be tested for operability.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
For users in the EU, UK, and California, these rights are legally backed by GDPR, UK GDPR, and CCPA/CPRA respectively; however, the policy's conditional framing means users outside these jurisdictions may have fewer enforceable rights against Consensys.
EU, UK, and California residents have legally enforceable rights to access and delete their MetaMask-related personal data; users in other jurisdictions should review the policy to assess what rights are available to them, as the policy's rights grant is jurisdiction-dependent rather than universal.
ConductAtlas has identified this type of provision across 2 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by MetaMask.