Request Access to Your Personal Data
Under the General Data Protection Regulation (GDPR) and UK GDPR, you have the right to request a copy of your personal data and related information. This is commonly referred to as a "Subject Access Request" (SAR).
Response Timeframes
Standard Processing
We will typically respond to your Subject Access Request within one month of receiving your request. This timeframe begins when we receive a valid request with sufficient information to identify you and locate your data.
For complex requests involving extensive data searches or numerous requests from the same individual, we may extend this period by up to two additional months. If an extension is necessary, we will notify you within the first month and explain the reasons for the delay.
Response times are regulated under GDPR Article 12 to ensure timely access to your data.
Who Can Submit Requests
Data Subjects
Any individual whose personal data we process can submit a Subject Access Request directly to us.
Authorised Representatives
Requests may be submitted by an authorised representative on your behalf, provided they can demonstrate proper authority to act for you.
Identity Verification
We will take reasonable steps to verify your identity before disclosing any personal data to protect your privacy and security.
This verification process helps us comply with GDPR requirements whilst protecting your personal information from unauthorised access.
How to Submit Your Request
Two Simple Options
01
Email Submission
Send your request to privacy@strangebrain.aiwith the subject line "Subject Access Request".
Please include: your full name, email address used with our services, any relevant identifiers (username, order number), and specify particular data or time periods of interest (optional but helpful).
02
Written Requests
You may also submit requests by post to our registered address. Include the same information as listed for email submissions.
8520 Allison Pointe Blvd
Ste 223 PMB 804343
Indianapolis, IN, 46250-4299, US
Important: You don't need to use a specific form to make a Subject Access Request. Any clear written request is acceptable under EDPB guidelines.
Identity Verification Requirements
What We May Request
- Additional information to confirm your identity (such as partial account details)
- For representatives: signed authorisation or power of attorney documentation
- Clarification of your relationship to the data subject
We will minimise the additional information we collect and use it solely for processing your SAR. Under GDPR Article 12(6), we may request extra information where we have reasonable doubts about identity.
"We take your privacy seriously and will only request the minimum information necessary to verify your identity and process your request safely."
What Information You Will Receive
In response to your Subject Access Request, we will provide a copy of your personal data along with comprehensive information required by law under GDPR Article 15:
Data Processing Purposes
The reasons why we process your personal data
Data Categories & Recipients
Types of personal data and who we share it with, including international transfers
Retention & Rights Information
How long we keep your data, your rights to rectification, erasure, restriction, and objection
Automated Decision-Making
Details of any automated decision-making, including profiling, with meaningful information about the logic and consequences
What We Generally Cannot Include
Third-Party Data
Documents containing other people's personal data unless we can reasonably redact their information to protect their privacy.
Confidential Information
Company trade secrets, confidential business information, or legally privileged communications that don't relate to your personal data.
Rights of Others
Data that would adversely affect the rights and freedoms of other individuals if disclosed, as guided by GDPR and EDPB guidance.
Where we apply redactions or exemptions, we will explain our reasoning and the legal basis for any limitations on disclosure.
Fees & Delivery Methods
Standard Policy
No fee is charged in most cases for Subject Access Requests. We may only charge a reasonable fee if a request is manifestly unfounded or excessive, and we must be able to demonstrate this.
If a fee applies, we will inform you before processing and may pause the response timeline until payment is received, as permitted under GDPR Article 12.
Secure Delivery
We typically respond electronically via secure link or encrypted attachment unless you request otherwise. Sensitive information will always be transferred using appropriately secure methods.
You won't be required to collect data in person unless you specifically agree to this arrangement.
Our Response Process
1
Acknowledgment
We confirm receipt of your request and begin processing
2
Verification
We verify your identity and authority if additional confirmation is needed
3
Data Search
We search our systems and those of our processors where applicable
4
Compilation & Review
We compile results, apply lawful exemptions, and make necessary redactions
5
Secure Delivery
We send your response securely with explanations of any redactions
This process follows European Data Protection Board guidelines to ensure comprehensive and lawful responses.
Contact & Complaint Information
Privacy Contact
Email: privacy@strangebrain.ai
Our Data Protection Officer or privacy team is available to assist with any questions about your Subject Access Request or other privacy matters.
Complaint Routes
If you're not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) or seek judicial remedy.
Additional Services
- Accessible formats available upon request
- Multiple language support for SARs
- Translation assistance when needed
Data Sources: We typically search customer accounts, billing systems, support records, product telemetry, marketing databases, security logs, and relevant processor systems. Strictly anonymised data is outside the scope of SARs.
We retain minimal records of SAR requests for compliance and audit purposes, separate from the disclosed data itself.