What can I do about this clause?

{'method': 'EMAIL', 'recipient': 'privacy@stability.ai', 'difficulty': 'EASY', 'action_type': 'DELETE_DATA', 'instructions': 'Email privacy@stability.ai specifying that you wish to exercise your right to erasure (GDPR Art. 17) or deletion (CCPA §1798.105). Include your full name, account email address, and a clear statement of your request. Stability AI must respond within 30 days under GDPR.', 'deadline_days': 30, 'deadline_hours': None} {'method': 'EMAIL', 'recipient': 'privacy@stability.ai', 'difficulty': 'EASY', 'action_type': 'EXPORT_DATA', 'instructions': 'Email privacy@stability.ai requesting a copy of all personal data held about you under GDPR Art. 15 or CCPA §1798.110. Specify your account details and the format in which you would like to receive the data.', 'deadline_days': 30, 'deadline_hours': None}

Which regulatory agencies enforce this type of clause?

{'agency': 'State_AG', 'reason': 'California residents can escalate CPRA rights violations to the California Privacy Protection Agency or California Attorney General if Stability AI fails to honour deletion or access requests.', 'complaint_url': 'https://www.naag.org/find-my-ag/'}

What is the severity of this clause?

ConductAtlas classifies this Data Subject Rights (Access, Deletion, Portability) clause as medium severity. Severity reflects the magnitude of rights affected, the breadth of users impacted, and the degree of discretion the platform retains.

Do other platforms have similar clauses?

Yes. ConductAtlas has identified similar Data Subject Rights (Access, Deletion, Portability) clauses across approximately 8 other tracked platforms. You can compare how platforms differ on this clause type in the cross-platform comparison view.

Data Subject Rights (Access, Deletion, Portability) — Stability AI

Share 𝕏 Share in Share 🔒 PDF

What it is

Depending on where you live, you have the right to see, correct, delete, or move your personal data held by Stability AI, and you can request this by emailing their privacy team.

Consumer impact (what this means for users)

EU, UK, and California users can formally request access to, correction of, or deletion of their personal data from Stability AI by emailing privacy@stability.ai, and the company is legally required to respond within 30 days under GDPR.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.

Delete Your Data
Within 30 days
Email privacy@stability.ai specifying that you wish to exercise your right to erasure (GDPR Art. 17) or deletion (CCPA §1798.105). Include your full name, account email address, and a clear statement of your request. Stability AI must respond within 30 days under GDPR.
Export Your Data
Within 30 days
Email privacy@stability.ai requesting a copy of all personal data held about you under GDPR Art. 15 or CCPA §1798.110. Specify your account details and the format in which you would like to receive the data.

Cross-platform context

See how other platforms handle Data Subject Rights (Access, Deletion, Portability) and similar clauses.

Compare across platforms →

Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

These rights are legally enforceable in the EU, UK, and California, meaning Stability AI is legally obligated to respond to your requests within set timeframes — typically 30 days under GDPR.

View original clause language

Depending on your location, you may have certain rights regarding your personal information, including the right to access, correct, or delete your personal data, the right to data portability, and the right to object to or restrict our processing of your personal data. To exercise these rights, please contact us at privacy@stability.ai.

Institutional analysis (Compliance & legal intelligence)

REGULATORY FRAMEWORK: GDPR Arts. 15-22 establish rights of access, rectification, erasure, restriction, portability, and objection, enforceable by EU and UK data protection authorities with fines up to €20M or 4% of global turnover. UK GDPR mirrors these provisions post-Brexit. CCPA §§1798.100-1798.125 (as amended by CPRA) grant California residents equivalent rights enforced by the CPPA. The GDPR Art. 12 requires responses within one calendar month, extendable by two months for complex requests.

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

State AG

California residents can escalate CPRA rights violations to the California Privacy Protection Agency or California Attorney General if Stability AI fails to honour deletion or access requests.
File a complaint →

Provision details

Document information

Document

Stability AI Privacy Policy

Entity

Stability AI

Document last updated

April 29, 2026

Tracking information

First tracked

April 28, 2026

Last verified

April 28, 2026

Record ID

CA-P-003727

Document ID

CA-D-00330

Evidence Provenance

Source URL

https://stability.ai/privacy-policy

Wayback Machine

View archived versions →

SHA-256

ab8463c1a698bccc246c55dd2af2b3ea094ea7c70c2ca61b926c6b9eac014966

Verified

✓ Snapshot stored ✓ Change verified

How to Cite

ConductAtlas Policy Archive
Entity: Stability AI | Document: Stability AI Privacy Policy | Record: CA-P-003727
Captured: 2026-04-28 05:31:08 UTC | SHA-256: ab8463c1a698bccc…
URL: https://conductatlas.com/platform/stability-ai/stability-ai-privacy-policy/data-subject-rights-access-deletion-portability/
Accessed: May 2, 2026

Classification

Severity

Medium

Data Subject Rights (Access, Deletion, Portability)