Last updated: February 2026
For EU/EEA Residents
If you are located in the European Union or European Economic Area, you have specific rights under the General Data Protection Regulation (GDPR). This page explains those rights and how to exercise them. DeepAuth is committed to protecting your personal data and respecting your privacy rights.
You have the right to obtain confirmation as to whether your personal data is being processed by DeepAuth and, if so, to access that data along with information about how it is being used. This includes the right to obtain a copy of the personal data we hold about you. You may request access to your data at any time by contacting our Data Protection Officer.
You have the right to request that inaccurate personal data about you be corrected without undue delay. You also have the right to have incomplete personal data completed, including by providing a supplementary statement. You can update most of your personal information directly through your DeepAuth account settings, or contact us for assistance.
You have the right to request the deletion of your personal data in certain circumstances, including when the data is no longer necessary for the purpose it was collected, when you withdraw consent, or when you object to processing and there are no overriding legitimate grounds.
Please note that certain data may be exempt from erasure, including data that has been anchored to a blockchain (which is immutable by nature), data required for compliance with legal obligations, and data necessary for the establishment, exercise, or defense of legal claims.
You have the right to receive your personal data in a structured, commonly used, and machine-readable format. You also have the right to transmit that data to another controller without hindrance, where technically feasible. This applies to data you have provided to us and which is processed based on your consent or a contract, and where processing is carried out by automated means.
You have the right to request restriction of processing of your personal data in certain circumstances, including when you contest the accuracy of the data (for a period enabling us to verify accuracy), when processing is unlawful but you prefer restriction to erasure, when we no longer need the data but you require it for legal claims, or when you have objected to processing pending verification of our legitimate grounds.
You have the right to object to the processing of your personal data based on our legitimate interests or for direct marketing purposes. If you object, we will stop processing your data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims. You can object to marketing communications at any time.
You have the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects or similarly significantly affects you. DeepAuth's trust scoring and verification tier systems involve automated processing but are not used as the sole basis for decisions that produce legal effects. Human review is available upon request for any automated verification outcome.
DeepAuth processes your personal data on the following legal bases under the GDPR:
DeepAuth may transfer your personal data to countries outside the EU/EEA, including the United States. When we do so, we ensure appropriate safeguards are in place, including EU Standard Contractual Clauses (SCCs) approved by the European Commission, adequacy decisions where applicable, and binding corporate rules for transfers within our corporate group. You may request a copy of the safeguards in place by contacting our Data Protection Officer.
To exercise any of your GDPR rights, you may:
We will respond to your request within 30 days. If your request is complex or we receive a high volume of requests, we may extend this period by up to two additional months, in which case we will notify you. We may ask you to verify your identity before processing your request to ensure the security of your personal data.
DeepAuth has appointed a Data Protection Officer (DPO) to oversee compliance with data protection regulations. You may contact our DPO at:
If you believe that your data protection rights have been violated, you have the right to lodge a complaint with your local supervisory authority. A list of EU/EEA data protection authorities can be found on the European Data Protection Board website. We encourage you to contact us first so we can try to resolve your concern directly.
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. Account data is retained while your account is active. Identity verification data is retained for the duration of your account plus any additional period required by applicable law. Blockchain-anchored attestation records are permanent and immutable by design. For more details, please refer to our Privacy Policy.