User Rights (GDPR, CCPA, and Other Jurisdictions)

What it is

Depending on where you live, you may have rights to access, correct, delete, or export your data, or to object to how it is used. California residents also have the right to opt out of data sale or sharing. You can exercise these rights by emailing privacy@tabnine.com.

Why it matters (compliance & governance perspective)

The policy acknowledges and provides a contact mechanism for exercising rights under GDPR, CCPA, CPRA, and related frameworks, which is directly actionable for users who wish to access or delete their data.

This document changed recently

Consumer impact (what this means for users)

Users in the EU, UK, California, and other jurisdictions with data protection laws can submit requests to access, correct, delete, or port their personal data, including code snippet data, by contacting privacy@tabnine.com; California residents can also request to opt out of any sale or sharing of their personal information.

What you can do

Institutional analysis (Compliance & governance intelligence)

1) REGULATORY LANDSCAPE: This provision engages GDPR Articles 15-22 (rights of data subjects), the UK GDPR equivalent provisions, CCPA and CPRA Sections 1798.100-1798.199, and PIPEDA Principle 9. Enforcement authorities include EU supervisory authorities (under the one-stop-shop mechanism, Tabnine's lead supervisory authority based on its EU establishment, if any), the UK ICO, and the California Privacy Protection Agency. Response timelines under GDPR are 30 days (extendable by two months with notice); under CCPA the standard response period is 45 days (extendable by an additional 45 days). 2) GOVERNANCE EXPOSURE: Medium. The policy provides a single email contact for all data subject requests globally, which is operationally simple but may create bottlenecks if request volume increases. The policy does not specify response timelines or verification procedures, which are operationally required under GDPR and CCPA to avoid regulatory exposure. 3) JURISDICTION FLAGS: EU/EEA users have the right to lodge complaints with their national supervisory authority if requests are not handled appropriately. California residents have enforcement rights through the CPPA and private right of action for certain data breaches under CCPA. UK users can complain to the ICO. Canadian users can complain to the Office of the Privacy Commissioner. 4) CONTRACT AND VENDOR IMPLICATIONS: Enterprise customers acting as controllers using Tabnine as a processor must ensure that their data processing agreement includes provisions for Tabnine to assist with data subject requests within regulatory timelines, as required by GDPR Article 28(3)(e). 5) COMPLIANCE CONSIDERATIONS: Compliance teams should implement and test a documented data subject request intake, verification, and response process. Timelines and verification methods should be specified in internal procedures even if not detailed in the public policy. The opt-out of sale or sharing right under CPRA should be mapped to specific data flows with analytics and marketing vendors to confirm it can be operationally fulfilled.

Applicable agencies

Applicable regulations

Provision details

Other risks in this policy

• Code Snippet Collection and AI Model Training (Free/Pro Users) high
• Personal Data Categories Collected medium
• Third-Party Sub-Processor and Data Sharing medium
• Data Retention medium
• International Data Transfers medium
• Cookies and Tracking Technologies medium

Related Analysis

• OpenAI Changed Its Privacy Policy 4 Times in One Week. Here Is What Actually Changed.

  Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.