Skip to main content

Default Policies

DataGrail provides pre-built privacy request policies for common regulations across the globe. All policies listed below are created active in your account by default and can be managed from the Policies Overview page. If you have Automatic Policy Updates enabled, DataGrail will add new policies as legislation is enacted.

Core Policies

These foundational policies form the backbone of your privacy program and cover major jurisdictions.

Global Privacy Rights

This is the fallback policy applied when a data subject's location does not match any jurisdiction-specific policy. It cannot be deactivated.

  • Location: Global (fallback)
  • Request Duration: 30 days
  • Extension: 60 days
  • Authorized Agent: No
  • Verification: Email
  • Languages: English
  • Privacy Rights: Access, Deletion
  • Consent Banner: Show
  • Consent Model: Opt-out
CPRA

Policy applied to privacy requests from California.

  • Location: California
  • Request Duration: 45 days
  • Extension: 45 days
  • Authorized Agent: No
  • Verification: Email
  • Languages: English
  • Privacy Rights: Access, Deletion, Portability, Correction, Opt Out
  • Consent Banner: Show
  • Consent Model: Opt-out
GDPR

Policy applied to privacy requests from the European Union.

  • Location: European Union
  • Request Duration: 30 days
  • Extension: 60 days
  • Authorized Agent: No
  • Verification: Email
  • Languages: English
  • Privacy Rights: Access, Deletion, Access Categories, Portability, Pause Processing, Correction
  • Consent Banner: Show
  • Consent Model: Opt-in
UK-GDPR

Policy applied to privacy requests from the United Kingdom.

  • Location: United Kingdom
  • Request Duration: 30 days
  • Extension: 60 days
  • Authorized Agent: No
  • Verification: Email
  • Languages: English
  • Privacy Rights: Access, Deletion, Access Categories, Portability, Pause Processing, Correction
  • Consent Banner: Show
  • Consent Model: Opt-in
US Standard

The US Standard Policy covers all US states that do not have a dedicated state-specific policy.

  • Location: United States
  • Request Duration: 45 days
  • Extension: 45 days
  • Authorized Agent: No
  • Verification: Email
  • Languages: English
  • Privacy Rights: Access, Deletion, Portability, Correction
  • Consent Banner: Show
  • Consent Model: Opt-out

US State Policies

These policies cover specific US state privacy laws. When a data subject is geolocated to a particular state, the state-specific policy takes precedence over the broader US Standard policy.

Texas Data Privacy and Security Act (TDPSA)

Policy applied to privacy requests from Texas.

  • Location: Texas
  • Request Duration: 45 days
  • Extension: 45 days
  • Authorized Agent: Yes
  • Verification: Email
  • Languages: English
  • Privacy Rights: Access, Portability, Deletion, Correction, Opt Out
  • Consent Banner: Show
  • Consent Model: Opt-out

Consent banner can be hidden if opt-out has a clear link in the footer.

Florida Digital Bill of Rights (FDBR)

Policy applied to privacy requests from Florida.

  • Location: Florida
  • Request Duration: 45 days
  • Extension: 15 days
  • Authorized Agent: Yes
  • Verification: Email
  • Languages: English
  • Privacy Rights: Access, Portability, Deletion, Correction, Opt Out
  • Consent Banner: Hide
  • Consent Model: Opt-out

Can deny correction requests if users can self-serve correction. Consent setting is based on the assumption that the privacy policy lists the opt-out method.

Virginia Consumer Data Protection Act (VCDPA)

Policy applied to privacy requests from Virginia.

  • Location: Virginia
  • Request Duration: 45 days
  • Extension: 45 days
  • Authorized Agent: Yes
  • Verification: Email
  • Languages: English
  • Privacy Rights: Access, Portability, Deletion, Correction, Opt Out
  • Consent Banner: Show
  • Consent Model: Opt-out

Authorized agent requirement applies primarily to parental requests. Consent banner can be hidden if opt-out has a clear link in the footer.

Connecticut Data Privacy Act (CTDPA)

Policy applied to privacy requests from Connecticut.

  • Location: Connecticut
  • Request Duration: 45 days
  • Extension: 45 days
  • Authorized Agent: Yes
  • Verification: Email
  • Languages: English
  • Privacy Rights: Access, Portability, Deletion, Correction, Opt Out
  • Consent Banner: Hide
  • Consent Model: Opt-out

Consent setting is based on the assumption that the privacy policy lists the opt-out method.

Colorado Privacy Act (CPA)

Policy applied to privacy requests from Colorado.

  • Location: Colorado
  • Request Duration: 45 days
  • Extension: 45 days
  • Authorized Agent: Yes
  • Verification: Email
  • Languages: English
  • Privacy Rights: Access, Portability, Deletion, Correction, Opt Out
  • Consent Banner: Show
  • Consent Model: Opt-out

Authorized agent requirement applies primarily to parental requests. Consent banner can be hidden if opt-out has a clear link in the footer.

Utah Consumer Privacy Act (UCPA)

Policy applied to privacy requests from Utah.

  • Location: Utah
  • Request Duration: 45 days
  • Extension: 45 days
  • Authorized Agent: No
  • Verification: Email
  • Languages: English
  • Privacy Rights: Access, Portability, Deletion, Correction, Opt Out
  • Consent Banner: Show
  • Consent Model: Opt-out

Consent banner can be hidden if opt-out has a clear link in the footer. Technically, deletion and opt-out rights are exercised more narrowly than other states.

Oregon Request Policy (OCPA)

The Oregon Request Policy covers all the rights included in the US Standard Policy with the addition of the Third Party Disclosure right.

  • Location: Oregon
  • Request Duration: 45 days
  • Extension: 45 days
  • Authorized Agent: No
  • Verification: Email
  • Languages: English
  • Privacy Rights: Access, Portability, Deletion, Correction, Third Party Disclosure
  • Consent Banner: Show
  • Consent Model: Opt-out
Montana Consumer Data Privacy Act (MTCDPA)

Policy applied to privacy requests from Montana.

  • Location: Montana
  • Request Duration: 45 days
  • Extension: 45 days
  • Authorized Agent: No
  • Verification: Email
  • Languages: English
  • Privacy Rights: Access, Portability, Deletion, Correction, Opt Out
  • Consent Banner: Show
  • Consent Model: Opt-out
Delaware Personal Data Privacy Act (DPDPA)

Policy applied to privacy requests from Delaware.

  • Location: Delaware
  • Request Duration: 45 days
  • Extension: 45 days
  • Authorized Agent: No
  • Verification: Email
  • Languages: English
  • Privacy Rights: Access, Deletion, Correction, Third Party Disclosure, Opt Out, Portability
  • Consent Banner: Show
  • Consent Model: Opt-out
Iowa Consumer Data Protection Act (ICDPA)

Policy applied to privacy requests from Iowa.

  • Location: Iowa
  • Request Duration: 90 days
  • Extension: 45 days
  • Authorized Agent: No
  • Verification: Email
  • Languages: English
  • Privacy Rights: Access, Deletion, Opt Out, Portability
  • Consent Banner: Show
  • Consent Model: Opt-out
Nebraska Data Privacy Act (NDPA)

Policy applied to privacy requests from Nebraska.

  • Location: Nebraska
  • Request Duration: 45 days
  • Extension: 45 days
  • Authorized Agent: No
  • Verification: Email
  • Languages: English
  • Privacy Rights: Access, Deletion, Opt Out, Portability, Correction
  • Consent Banner: Show
  • Consent Model: Opt-out
New Hampshire Privacy Act (NHPA)

Policy applied to privacy requests from New Hampshire.

  • Location: New Hampshire
  • Request Duration: 45 days
  • Extension: 45 days
  • Authorized Agent: No
  • Verification: Email
  • Languages: English
  • Privacy Rights: Access, Deletion, Opt Out, Portability, Correction
  • Consent Banner: Show
  • Consent Model: Opt-out
New Jersey Privacy Act (NJPA)

Policy applied to privacy requests from New Jersey.

  • Location: New Jersey
  • Request Duration: 45 days
  • Extension: 45 days
  • Authorized Agent: No
  • Verification: Email
  • Languages: English
  • Privacy Rights: Access, Deletion, Opt Out, Portability, Correction
  • Consent Banner: Show
  • Consent Model: Opt-out
Tennessee Information Protection Act (TIPA)

Policy applied to privacy requests from Tennessee.

  • Location: Tennessee
  • Request Duration: 45 days
  • Extension: 45 days
  • Authorized Agent: No
  • Verification: Email
  • Languages: English
  • Privacy Rights: Access, Deletion, Opt Out, Portability, Correction
  • Consent Banner: Hide
  • Consent Model: Opt-out
Minnesota Consumer Data Privacy Act (MNCDPA)

Policy applied to privacy requests from Minnesota.

  • Location: Minnesota
  • Request Duration: 45 days
  • Extension: 45 days
  • Authorized Agent: No
  • Verification: Email
  • Languages: English
  • Privacy Rights: Access, Deletion, Opt Out, Portability, Correction
  • Consent Banner: Show
  • Consent Model: Opt-out
Maryland Online Data Privacy Act (MODPA)

Policy applied to privacy requests from Maryland.

  • Location: Maryland
  • Request Duration: 45 days
  • Extension: 45 days
  • Authorized Agent: Yes
  • Verification: Email
  • Languages: English
  • Privacy Rights: Access, Deletion, Opt Out, Portability, Correction, Third Party Disclosure
  • Consent Banner: Show
  • Consent Model: Opt-out
Indiana Consumer Data Protection Act (INCPDA)

Policy applied to privacy requests from Indiana.

  • Location: Indiana
  • Request Duration: 45 days
  • Extension: 45 days
  • Authorized Agent: No
  • Verification: Email
  • Languages: English
  • Privacy Rights: Access, Deletion, Opt Out, Portability, Correction
  • Consent Banner: Show
  • Consent Model: Opt-out
Kentucky Consumer Data Protection Act (KCDPA)

Policy applied to privacy requests from Kentucky.

  • Location: Kentucky
  • Request Duration: 45 days
  • Extension: 45 days
  • Authorized Agent: No
  • Verification: Email
  • Languages: English
  • Privacy Rights: Access, Deletion, Opt Out, Portability, Correction
  • Consent Banner: Show
  • Consent Model: Opt-out
Rhode Island Data Transparency and Privacy Protection Act (RIDTPPA)

Policy applied to privacy requests from Rhode Island.

  • Location: Rhode Island
  • Request Duration: 45 days
  • Extension: 45 days
  • Authorized Agent: Yes
  • Verification: Email
  • Languages: English
  • Privacy Rights: Access, Deletion, Opt Out, Portability, Correction
  • Consent Banner: Show
  • Consent Model: Opt-out

International Policies

These policies cover privacy regulations outside the United States.

General Law for the Protection of Personal Data (LGPD)

Policy applied to privacy requests from Brazil.

  • Location: Brazil
  • Request Duration: 15 days
  • Extension: 1 day
  • Authorized Agent: No
  • Verification: Email
  • Languages: Portuguese, Portuguese (Brazil), English
  • Privacy Rights: Access, Deletion, Portability, Correction
  • Consent Banner: Show
  • Consent Model: Opt-in
Personal Information Protection and Electronic Documents Act (PIPEDA)

Policy applied to privacy requests from Canada.

  • Location: Canada
  • Request Duration: 30 days
  • Extension: 30 days
  • Authorized Agent: No
  • Verification: Email
  • Languages: French, French (Canada), English
  • Privacy Rights: Access, Deletion, Portability, Pause Processing, Correction
  • Consent Banner: Show
  • Consent Model: Opt-in
Quebec 64

Policy applied to privacy requests from Quebec.

  • Location: Quebec
  • Request Duration: 30 days
  • Extension: 30 days
  • Authorized Agent: No
  • Verification: Email
  • Languages: English, French, French (Canada)
  • Privacy Rights: Correction, Access, Portability, Deletion, Pause Processing, Opt Out
  • Consent Banner: Show
  • Consent Model: Opt-in
Personal Information Protection Law (PIPL)

Policy applied to privacy requests from China.

  • Location: China
  • Request Duration: 30 days
  • Extension: 30 days
  • Authorized Agent: No
  • Verification: Email
  • Languages: Chinese (Simplified), Chinese (Traditional), English
  • Privacy Rights: Access, Deletion, Portability, Pause Processing, Correction
  • Consent Banner: Show
  • Consent Model: Opt-in
Act on the Protection of Personal Information (APPI)

Policy applied to privacy requests from Japan.

  • Location: Japan
  • Request Duration: 14 days
  • Extension: 1 day
  • Authorized Agent: No
  • Verification: Email
  • Languages: English, Japanese
  • Privacy Rights: Correction, Access, Access Categories, Deletion, Pause Processing, Third Party Disclosure
  • Consent Banner: Show
  • Consent Model: Opt-out

 

Need help?
If you have any questions, please reach out to your dedicated Account Manager or contact us at support@datagrail.io.

Disclaimer: The information contained in this message does not constitute as legal advice. We would advise seeking professional counsel before acting on or interpreting any material.