UK GDPR requirement: All data requests must be responded to within 30 days of receipt. Deletion requests must be actioned within 30 days. Access requests must result in a data export sent to the user.
Open requests
4
This month
Due within 7 days
2
Action needed
Completed (30 days)
11
Avg. 3.2 days
Overdue
0
All clear
All (4)
Access (2)
Deletion (1)
Portability (1)
Completed
| # | User | Type | Received | Due | SLA | Status | Assigned | |
|---|---|---|---|---|---|---|---|---|
| #GDR-001 | [email protected] | Access | 10 Jun 2026 | 10 Jul 2026 | 28 days left |
In progress | Jordan | |
| #GDR-002 | [email protected] | Deletion | 5 Jun 2026 | 5 Jul 2026 | 19 days left |
Pending | Unassigned | |
| #GDR-003 | [email protected] | Access | 12 Jun 2026 | 12 Jul 2026 | 26 days left |
Pending | Unassigned | |
| #GDR-004 | [email protected] | Portability | 8 Jun 2026 | 8 Jul 2026 | 22 days left |
In progress | Rachel |
Right of Access
Export all personal data held about the user. Use the Supabase export function + Stripe billing history. Send as a ZIP to their email within 30 days.
Right to Erasure
Delete all personal data: Supabase account, cloud files, email list, support tickets. Retain billing records (7 years, legal requirement). Notify user once done.
Data Portability
Provide data in a machine-readable format (JSON/CSV). Includes account info, subscription history, cloud sync file list. Not the files themselves unless Access also requested.