◆ Legal

GDPR Compliance

Last updated: April 2026 · Aletheos Technologies Inc.

Our Legal Basis

Aletheos is built around your legal right to privacy erasure. Every scan and removal request we execute is grounded in the General Data Protection Regulation (GDPR), the UK GDPR, and the California Consumer Privacy Act (CCPA).

◆ GDPR Article 17 — Right to Erasure ("Right to be Forgotten")

The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.

→ Read the full text of GDPR Article 17 at gdpr-info.eu

How Aletheos Applies Article 17

When you use our Web Data Removal or AI Model Scanner products, Aletheos acts as your authorised agent to submit GDPR Article 17 erasure requests to data brokers and AI model providers on your behalf. Each request:

Identifies you as the data subject.
Cites your legal right under GDPR Article 17 (or CCPA Section 1798.105 where applicable).
Requests erasure within the legally required timeframe (typically 30 days).
Generates a timestamped audit trail as evidence of the request.

Always-On Monitoring

Aletheos's Always-On Monitoring feature (available on Professional and Business plans) works as follows:

A scheduled scan runs against your configured profile at your chosen interval (weekly or monthly).
If new broker exposures or AI model data appearances are detected, you receive an email alert.
Removal requests are automatically re-submitted for any newly discovered exposures.
This feature uses the same scanning engine as manual scans — no additional data is stored beyond the 90-day retention window.

Always-On Monitoring is not available on the Free plan. It is included in Professional and Business tiers. Contact privacy@aletheos.tech to enable it on your account.

Audit Trail

Every scan you perform generates:

A timestamped scan record stored in your account for 90 days.
A one-time downloadable PDF report emailed to your registered address at the time of the scan.
A compliance certificate (Data Deletion product) issued upon successful deletion confirmation.

Aletheos does not store downloadable reports permanently — we generate them on demand and email them to protect your privacy. Once downloaded, keep your report in a safe place.

Data Broker Compliance Rates

Under GDPR, data controllers are legally required to respond to erasure requests within 30 days. Compliance rates vary by broker tier:

Tier A brokers (e.g. Spokeo, Whitepages, BeenVerified) — typically respond within 7–14 days.
Tier B brokers — typically respond within 14–30 days.
Tier C brokers — may require manual follow-up; Aletheos tracks these and re-submits where needed.

Your Rights

As an Aletheos user, you have the full rights of a GDPR data subject, including the right to access, correct, restrict, and erase the data we hold about you. To exercise any of these rights, email privacy@aletheos.tech.

If you believe your GDPR rights have been violated, you also have the right to lodge a complaint with your local supervisory authority (e.g., the ICO in the UK, or your national DPA in the EU).

CCPA (California)

California residents have additional rights under the CCPA, including the right to know what personal information is collected, the right to delete personal information, and the right to opt out of sale. Aletheos does not sell personal information. To exercise CCPA rights, email privacy@aletheos.tech.