
We will typically respond to your Subject Access Request within one month of receiving your request. This timeframe begins when we receive a valid request with sufficient information to identify you and locate your data.
For complex requests involving extensive data searches or numerous requests from the same individual, we may extend this period by up to two additional months. If an extension is necessary, we will notify you within the first month and explain the reasons for the delay.
Any individual whose personal data we process can submit a Subject Access Request directly to us.
Requests may be submitted by an authorised representative on your behalf, provided they can demonstrate proper authority to act for you.
We will take reasonable steps to verify your identity before disclosing any personal data to protect your privacy and security.
This verification process helps us comply with GDPR requirements whilst protecting your personal information from unauthorised access.
Send your request to privacy@strangebrain.aiwith the subject line "Subject Access Request".
Please include: your full name, email address used with our services, any relevant identifiers (username, order number), and specify particular data or time periods of interest (optional but helpful).
You may also submit requests by post to our registered address. Include the same information as listed for email submissions.
8520 Allison Pointe Blvd
Ste 223 PMB 804343
Indianapolis, IN, 46250-4299, US
We will minimise the additional information we collect and use it solely for processing your SAR. Under GDPR Article 12(6), we may request extra information where we have reasonable doubts about identity.
"We take your privacy seriously and will only request the minimum information necessary to verify your identity and process your request safely."
In response to your Subject Access Request, we will provide a copy of your personal data along with comprehensive information required by law under GDPR Article 15:
The reasons why we process your personal data
Types of personal data and who we share it with, including international transfers
How long we keep your data, your rights to rectification, erasure, restriction, and objection
Details of any automated decision-making, including profiling, with meaningful information about the logic and consequences
Documents containing other people's personal data unless we can reasonably redact their information to protect their privacy.
Company trade secrets, confidential business information, or legally privileged communications that don't relate to your personal data.
Data that would adversely affect the rights and freedoms of other individuals if disclosed, as guided by GDPR and EDPB guidance.
Where we apply redactions or exemptions, we will explain our reasoning and the legal basis for any limitations on disclosure.
No fee is charged in most cases for Subject Access Requests. We may only charge a reasonable fee if a request is manifestly unfounded or excessive, and we must be able to demonstrate this.
If a fee applies, we will inform you before processing and may pause the response timeline until payment is received, as permitted under GDPR Article 12.
We typically respond electronically via secure link or encrypted attachment unless you request otherwise. Sensitive information will always be transferred using appropriately secure methods.
You won't be required to collect data in person unless you specifically agree to this arrangement.
We confirm receipt of your request and begin processing
We verify your identity and authority if additional confirmation is needed
We search our systems and those of our processors where applicable
We compile results, apply lawful exemptions, and make necessary redactions
We send your response securely with explanations of any redactions
This process follows European Data Protection Board guidelines to ensure comprehensive and lawful responses.
Email: privacy@strangebrain.ai
Our Data Protection Officer or privacy team is available to assist with any questions about your Subject Access Request or other privacy matters.
If you're not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) or seek judicial remedy.
Data Sources: We typically search customer accounts, billing systems, support records, product telemetry, marketing databases, security logs, and relevant processor systems. Strictly anonymised data is outside the scope of SARs.
Under the General Data Protection Regulation (GDPR) and UK GDPR, you have the right to request a copy of your personal data and related information. This is commonly referred to as a "Subject Access Request" (SAR).