ExifSweep
Data rights

Data requests

Exercise your GDPR, UK GDPR, or CCPA rights. We process every request within 30 days (most within a week).

The fastest path

Email privacy@exifsweep.com from the address tied to your account. Include the request type below and your account email. Done.

We don't use a form for this on purpose — a quick email reaches a human within hours.

What you can request

Access (Art. 15)

A JSON dump of everything we have tied to your account: profile, subscription, usage counters, API keys (prefix only — raw values are never recoverable), audit events.

Subject: Data Access Request — privacy@exifsweep.com

Erasure / right to be forgotten (Art. 17)

Permanent deletion of your account + all associated rows. We retain the bare minimum (Stripe customer ID + invoice records) only as required by tax law (6–7 years). Everything else gone within 24 hours.

Subject: Account Deletion Request

Portability (Art. 20)

Receive your data in a structured, machine-readable JSON format. Same content as Access, ready to import elsewhere.

Subject: Data Portability Request

Rectification (Art. 16)

Correct anything inaccurate. Most fields (email, password) you can change yourself in settings; for anything you can't, email us.

Subject: Data Rectification Request

Restriction (Art. 18)

Pause all processing of your data while a dispute is open. Account temporarily disabled, no charges, data preserved.

Subject: Data Restriction Request

Objection (Art. 21)

Opt out of fingerprint-based reputation tracking. You'll fall back to email-only quota enforcement (signed-in users only).

Subject: Object to Fingerprint Tracking

Anonymous users

If you've never signed up but you've used the free tier, we've stored a hashed fingerprint of your browser and a hashed prefix of your IP — both with 30-day TTL. We can't identify or delete these on request because we don't store anything that maps back to you personally. If you want to be certain nothing is retained, wait 30 days from your last visit; everything auto-decays.

Verification

For sensitive requests (deletion, full data export), we verify identity by sending a confirmation link to your account email. The link expires in 24 hours. We never ask for passwords, photo ID, or anything beyond what's already on file.

Response timeline

  • · First response: within 7 days, usually next business day
  • · Resolution: within 30 days (GDPR Art. 12(3) maximum)
  • · Extension: we don't extend. If something genuinely can't be done in 30 days we'll explain why and propose a workaround
  • · Cost: free for the first request per calendar year; we may charge reasonable cost for clearly unfounded or repetitive requests (this almost never happens)

Complaints

If you're not satisfied with our handling, you have the right to lodge a complaint with your local supervisory authority — for EU residents that's the Data Protection Authority in your country of residence. List of national DPAs.

Ready to submit a request?

Email us with the subject line for the request type above. Include your account email in the body.

Email privacy@exifsweep.com

See also: Privacy policy · Terms of service