Depending on where you live, you may be able to ask MetaMask to show you, correct, delete, or give you a copy of your personal data. The ability to exercise these rights depends on your jurisdiction.
This analysis describes what MetaMask's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
For users in the EU, UK, and California, these rights are legally backed by GDPR, UK GDPR, and CCPA/CPRA respectively; however, the policy's conditional framing means users outside these jurisdictions may have fewer enforceable rights against Consensys.
Interpretive note: The operational completeness of rights fulfillment, particularly whether deletion requests extend to Infura-held data, cannot be confirmed from the policy text alone and depends on internal implementation.
EU, UK, and California residents have legally enforceable rights to access and delete their MetaMask-related personal data; users in other jurisdictions should review the policy to assess what rights are available to them, as the policy's rights grant is jurisdiction-dependent rather than universal.
How other platforms handle this
Depending on where you live, you may have certain rights regarding your personal information. These rights may include the right to access your personal information, the right to correct inaccurate data, the right to delete your data, the right to portability, the right to object to processing, and ...
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
Monitoring
MetaMask has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Depending on your jurisdiction, you may have rights to access, correct, delete, or receive a copy of your personal data, as well as the right to object to or restrict certain processing. To exercise these rights, you may submit a request to us at the contact information provided below.— Excerpt from MetaMask's MetaMask Privacy Policy
REGULATORY LANDSCAPE: GDPR Articles 15-22 establish the specific rights referenced (access, rectification, erasure, portability, objection, restriction). CCPA Section 1798.100 and CPRA amendments establish parallel rights for California residents. The UK GDPR mirrors GDPR rights for UK users. Supervisory authorities including the Irish Data Protection Commission and the UK ICO have enforcement jurisdiction over rights request compliance. GOVERNANCE EXPOSURE: Medium. Operational implementation of rights requests is a common area of regulatory scrutiny. Given that user data is distributed across MetaMask and Infura systems, ensuring that deletion requests cascade to Infura's infrastructure may require specific operational procedures. Response time compliance (30 days under GDPR, 45 days under CCPA) is a measurable enforcement exposure. JURISDICTION FLAGS: EU and UK users have the most robust rights and the strongest enforcement mechanisms. California residents have CPRA-enhanced rights including the right to correct. Users in other US states with emerging privacy laws (Virginia, Colorado, Texas) may also have applicable rights depending on their residency and the date of the policy. CONTRACT AND VENDOR IMPLICATIONS: Organizations using MetaMask for employees or customers should assess whether they have contractual rights to require Consensys to honor rights requests on behalf of their data subjects, and whether MetaMask's rights fulfillment capabilities meet their own data processor obligations. COMPLIANCE CONSIDERATIONS: Legal teams should audit the rights request intake and fulfillment process, confirm that requests trigger data deletion at both MetaMask and Infura levels, and ensure response time SLAs are documented and met. The policy's contact mechanism for rights requests should be tested for operability.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
For users in the EU, UK, and California, these rights are legally backed by GDPR, UK GDPR, and CCPA/CPRA respectively; however, the policy's conditional framing means users outside these jurisdictions may have fewer enforceable rights against Consensys.
EU, UK, and California residents have legally enforceable rights to access and delete their MetaMask-related personal data; users in other jurisdictions should review the policy to assess what rights are available to them, as the policy's rights grant is jurisdiction-dependent rather than universal.
ConductAtlas has identified this type of provision across 2 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by MetaMask.