Draft — pending legal review

Data Subject Request (DSR)

Last updated April 28, 2026

You have the right to access, correct, delete, or get a copy of your personal information. Use this page to submit a request. We respond to verified requests within 45 days (extendable to 90 days for complex requests, with notice to you).

Submit a request

Until our intake form is live, email privacy@raiseappraisal.com with subject line “Privacy Rights Request” and include your full name, the email on your RaiseAppraisal account, your state of residence, and which right you are exercising (see options below).

What You Can Request

Access: Tell me what personal information you have about me.
Correct: Fix inaccurate personal information about me.
Delete: Delete my personal information (subject to legal exceptions like billing records).
Portable copy: Give me my data in a common format.
Limit sensitive PI: Limit use of financial / geolocation data to what's necessary.
Opt out of marketing: Stop sending marketing emails (you can also click unsubscribe in any marketing email).
Opt out of AI training: Opt out of de-identified data use for AI improvement.
Other: Describe your request in detail.

What to Include in Your Request

Your full name
The email address associated with your RaiseAppraisal account
Your state of residence (helps us route your request to the correct legal framework)
Which right you are exercising (from the list above)
Any additional details that would help us understand your request
Whether you are submitting on your own behalf or as an authorized agent

How We Process Requests

Acknowledgment

Within 5 business days of receiving your request, we'll send a confirmation email with a reference number and the date by which we'll respond.

Identity Verification

Before responding to most requests, we verify your identity. This protects you from someone else accessing or deleting your data. Marketing opt-out requests do not require verification.

Authenticated users: confirm the request via the user's account dashboard.
Unauthenticated requesters: confirm details about the account that only the user would know (recent activity, billing zip code, last 4 of card on file).
Deletion requests: higher verification standard (multi-factor confirmation).

What We Do for Each Request Type

Request Type	What We Do
Access	Compile a report of all personal information we hold; send via secure download link.
Correct	Update the data; confirm completion.
Delete	Delete account, uploaded PDFs, generated documents, support tickets, audit logs (subject to legal exceptions like billing records — explained in the response).
Portability	Provide JSON export of account data.
Limit sensitive PI	Note user preference; restrict downstream uses where applicable.
Opt out of marketing	Update email preferences; confirm.
Opt out of AI training	Set flag; future de-identification skipped.

Response

Within 45 days, we'll email a substantive response that includes what we did (or didn't do, with reason), what was retained and why (legal exceptions), the confirmation date, and how to appeal if you're dissatisfied.

Legal Exceptions to Deletion

When a deletion request comes in, we honor it for most data but retain certain categories per legal requirement:

Category	Why Retained	Period
Billing / subscription records	Tax compliance (IRS)	7 years
Audit logs of subscription state changes	Class-action defense	5 years
Records subject to litigation hold	Active litigation	Until hold released

We disclose these exceptions in our deletion response so you understand what was deleted vs. retained.

Authorized Agents

CPRA permits California residents to designate an authorized agent to make a request. We require:

Written authorization signed by the user, naming the agent and the specific request
Proof of agent identity (government ID)
Confirmation from the user (we may email or call to confirm)

We do not process agent requests until all three are received.

Verification Standards

Per CPRA, verification standard varies by request risk:

Low risk (right to know categories of PI): match 2 data points (e.g., email + last 4 of card)
Medium risk (right to know specific pieces of PI): match 3 data points
High risk (right to delete): account login + email confirmation + check of recent activity

Non-Discrimination

We will not discriminate against you for exercising your privacy rights. Specifically:

We will not deny service
We will not charge different prices
We will not provide a different level of service
We will not retaliate

Our Response-Time Commitments

Type	Target Response Time
Acknowledge receipt	5 business days
Identity verification request	7 business days
Substantive response (simple)	30 days
Substantive response (complex)	45 days
Maximum response time	90 days (with notice)

Related Policies

Privacy Policy — full description of rights
Data Retention Schedule (internal policy) — what we keep and how long
Sub-Processor List — where requests cascade

Questions? Contact privacy@raiseappraisal.com.

← Back to RaiseAppraisal