Depending on your location, you may have the right to ask Poe to show you, correct, or delete the personal data it holds about you, and you can make these requests by emailing privacy@poe.com.
This analysis describes what Poe's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The policy grants data rights on a jurisdiction-dependent basis, meaning the availability and scope of rights (such as GDPR erasure rights or CCPA deletion rights) depend on where the user lives; users outside covered jurisdictions may have fewer or no enforceable rights under this policy.
Users in the EU, UK, California, and other covered jurisdictions can request access to, correction of, or deletion of their personal data by contacting privacy@poe.com; users in other locations may have limited rights under this policy depending on applicable local law.
Cross-platform context
See how other platforms handle User Rights: Access, Deletion, and Correction and similar clauses.
Compare across platforms →Monitoring
Poe has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"Depending on where you live, you may have certain rights regarding your personal information, such as the right to request access to, correction of, or deletion of information we hold about you. To exercise these rights, please contact us at privacy@poe.com. We will respond to your request within the timeframe required by applicable law.— Excerpt from Poe's Poe Privacy Policy
1) REGULATORY LANDSCAPE: This provision engages GDPR Articles 15 (access), 16 (rectification), 17 (erasure), CCPA Sections 1798.100 and 1798.105, and UK GDPR equivalents. The response timeline is described as complying with 'applicable law,' which under GDPR is one month (extendable to three months) and under CCPA is 45 days (extendable by a further 45 days). The policy does not specify how identity verification is handled for data subject requests, which is an operational compliance requirement. 2) GOVERNANCE EXPOSURE: Medium. The rights framework is disclosed at a high level, consistent with common industry practice, but the absence of specific response timelines and identity verification procedures in the visible policy text creates operational ambiguity. 3) JURISDICTION FLAGS: EU/EEA and UK users have the most comprehensive rights under GDPR and UK GDPR. California residents have rights under CCPA/CPRA. Virginia, Colorado, Connecticut, and Texas residents have rights under their respective state privacy laws. Users outside these jurisdictions may have limited rights under this policy. 4) CONTRACT AND VENDOR IMPLICATIONS: The ability to fulfill deletion and access requests may be limited for data already transmitted to third-party AI model providers, as noted elsewhere in the policy. Enterprise customers should assess whether Poe's data subject request procedures meet their own obligations as data controllers. 5) COMPLIANCE CONSIDERATIONS: The identity verification procedure for data subject requests should be documented and tested for compliance with GDPR and CCPA requirements. A process should be established to coordinate deletion requests with third-party AI model providers where user data has been transmitted to those parties. Response time tracking should be implemented to ensure compliance with applicable statutory deadlines.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The policy grants data rights on a jurisdiction-dependent basis, meaning the availability and scope of rights (such as GDPR erasure rights or CCPA deletion rights) depend on where the user lives; users outside covered jurisdictions may have fewer or no enforceable rights under this policy.
Users in the EU, UK, California, and other covered jurisdictions can request access to, correction of, or deletion of their personal data by contacting privacy@poe.com; users in other locations may have limited rights under this policy depending on applicable local law.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Poe.