hAI
HEXAI

GDPR Compliance

Back to Home

GDPR Compliance

Your data protection rights under the General Data Protection Regulation (GDPR)

Effective: May 25, 2018
GDPR Compliant

Your Data Protection Rights

Right to Access

Request a copy of your personal data

Right to Rectify

Correct inaccurate personal data

Right to Erasure

Request deletion of your data

Data Portability

Export your data in a standard format

What is GDPR?

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018. It gives individuals in the European Union greater control over their personal data and how it's processed by organizations.

At HEXAI, we are committed to GDPR compliance and protecting your privacy rights, regardless of where you're located. We believe everyone deserves strong data protection.

Right of Access (Article 15)

You have the right to know what personal data we hold about you and how we use it.

What you can request:

  • Confirmation that we process your personal data
  • A copy of your personal data in a readable format
  • Information about how we use your data
  • Details about data sharing with third parties
  • How long we retain your data
  • Your rights regarding your data

How to request: Email us at privacy@hexai.com or use the "Export Data" feature in your account settings. We'll respond within 30 days.

Right to Rectification (Article 16)

You have the right to have inaccurate personal data corrected or completed if it's incomplete.

What you can do:

  • Update your profile information directly in your account
  • Request correction of inaccurate data we hold
  • Add missing information to complete your profile
  • Update your communication preferences
Right to Erasure (Article 17)

Also known as the "right to be forgotten," you can request deletion of your personal data in certain circumstances.

When you can request deletion:

  • The data is no longer necessary for the original purpose
  • You withdraw consent and there's no other legal basis
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed
  • Deletion is required for compliance with legal obligations

Important Note

We may need to retain some data for legal compliance, legitimate business interests, or to fulfill contractual obligations. We'll explain if we cannot delete certain data.

Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format.

What you can export:

  • Profile information and account settings
  • Learning progress and test scores
  • Practice session recordings and transcripts
  • Writing samples and AI feedback
  • Study plans and goals
  • Communication preferences

Export formats available:

JSONCSVPDFZIP Archive
Additional Rights

Right to Restrict Processing

You can request that we limit how we process your data in certain situations.

Right to Object

You can object to processing based on legitimate interests or for direct marketing.

Rights Related to Automated Decision-Making

You have rights regarding automated processing and profiling that affects you.

Right to Withdraw Consent

You can withdraw consent at any time where processing is based on consent.

How to Exercise Your Rights

Contact Methods

  • Email: privacy@hexai.com (preferred method)
  • Phone: +1 (555) 123-4567
  • Mail: HEXAI Data Protection Officer, 123 Innovation Drive, San Francisco, CA 94105

Response Timeline

  • We'll acknowledge your request within 72 hours
  • We'll respond to most requests within 30 days
  • Complex requests may take up to 90 days (we'll explain why)
  • We'll keep you updated on progress for longer requests

Identity Verification

To protect your privacy, we may need to verify your identity before processing certain requests. This helps ensure we don't share your data with unauthorized parties.

Complaints and Supervisory Authority

If you're not satisfied with how we handle your data protection rights, you have the right to lodge a complaint with a supervisory authority.

EU Supervisory Authorities

You can contact the data protection authority in your EU country. Here are some key contacts:

  • Ireland: Data Protection Commission (DPC)
  • Germany: Federal Commissioner for Data Protection and Freedom of Information
  • France: Commission Nationale de l'Informatique et des Libertés (CNIL)
  • UK: Information Commissioner's Office (ICO)

We're here to help: Before filing a complaint, please contact us directly. We're committed to resolving any concerns you may have about your data protection rights.

Your Data, Your Rights

We're committed to protecting your privacy and respecting your data protection rights under GDPR

Start Learning Securely