Depending on where you live, you may have the right to see, fix, delete, or limit how Stability AI uses your personal data; California residents have additional specific rights under state law.
This analysis describes what Stability AI's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The policy acknowledges jurisdiction-specific data rights for EU, UK, and California users, and provides a contact mechanism (privacy@stability.ai) for exercising these rights, which is an important practical pathway for users who wish to control their data.
Interpretive note: The policy acknowledges rights exist but does not specify response timelines or verification procedures, creating some uncertainty about operational implementation.
EU and UK users may request access to, correction, deletion, portability, or restriction of their personal data under GDPR and UK GDPR; California residents may opt out of data sale or sharing and request disclosure of data collected about them under CCPA/CPRA. These rights are exercisable by contacting privacy@stability.ai.
How other platforms handle this
If you are located in the EEA, UK, or Switzerland, you have certain rights with respect to your personal information, including the right to access your personal data, to correct or delete your personal data, to restrict processing of your personal data, to data portability, and to object to process...
If you are a California resident, you may have certain rights under the California Consumer Privacy Act (CCPA). These rights may include: the right to know about personal information collected, disclosed, or sold; the right to delete personal information collected from you; the right to opt-out of t...
Depending on where you live, you may have certain rights with respect to your personal information. These rights may include: The right to know what personal information we have collected about you, including the categories of personal information, the categories of sources from which we collected i...
Monitoring
Stability AI has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"Depending on your location, you may have certain rights with respect to your personal information, including the right to access, correct, delete, or restrict processing of your personal data. California residents may have additional rights under the California Consumer Privacy Act.— Excerpt from Stability AI's Stability AI Privacy Policy
1) REGULATORY LANDSCAPE: The provision engages GDPR Articles 15-22 (data subject rights including access, rectification, erasure, restriction, portability, and objection), UK GDPR equivalent provisions, and CCPA/CPRA Sections 1798.100 through 1798.199 (consumer rights regarding personal information). Enforcement authorities include the UK ICO, EU national supervisory authorities, and the California Attorney General. The policy's acknowledgment of these rights does not itself guarantee compliance; the adequacy of the response mechanisms must be assessed separately. 2) GOVERNANCE EXPOSURE: Medium. The policy identifies rights but does not specify response timelines (GDPR requires response within one month), identity verification procedures, or the process for handling complex or contested requests. Gaps in these operational details may create exposure in the event of a data subject complaint or regulatory inquiry. 3) JURISDICTION FLAGS: EU and UK users have the most comprehensive set of enforceable rights under GDPR and UK GDPR. California residents have CCPA/CPRA rights including the right to opt out of data sharing for cross-context behavioral advertising. Users outside these jurisdictions may have limited or no enforceable rights under the policy as stated. 4) CONTRACT AND VENDOR IMPLICATIONS: B2B customers who process end-user data through Stability AI's services should confirm that their own data subject rights procedures are coordinated with Stability AI's handling of such requests, particularly for deletion and portability requests that may affect data held by Stability AI as a processor. 5) COMPLIANCE CONSIDERATIONS: Compliance teams should verify that internal procedures for handling data subject access requests meet GDPR one-month response timelines; audit identity verification procedures to ensure they are neither excessively burdensome nor inadequate; confirm that CCPA opt-out mechanisms are implemented on the website; and test the privacy@stability.ai contact pathway to ensure it routes to an appropriately staffed function.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The policy acknowledges jurisdiction-specific data rights for EU, UK, and California users, and provides a contact mechanism (privacy@stability.ai) for exercising these rights, which is an important practical pathway for users who wish to control their data.
EU and UK users may request access to, correction, deletion, portability, or restriction of their personal data under GDPR and UK GDPR; California residents may opt out of data sale or sharing and request disclosure of data collected about them under CCPA/CPRA. These rights are exercisable by contacting privacy@stability.ai.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Stability AI.