Which rights can I request?

Access (a copy of your data), erasure/deletion, opt-out of model training, data portability in a machine-readable format, and rectification of inaccurate data. The wording adapts to the right you choose.

How long does a provider have to respond?

Under GDPR and UK GDPR the standard limit is one month; under CCPA it is 45 days. The generated letter cites the correct deadline for the law you select.

Can I really opt out of AI training?

GDPR and similar laws give you the right to object to processing for training. Most major providers offer this, though some require an account setting in addition to a written request. The letter asks them to confirm the effective date of exclusion.

Is this legal advice?

No. It is a template generator to help you communicate clearly. For complex situations, an unresolved request, or a complaint to a regulator, consult a qualified data protection professional.

Is my information sent anywhere?

No. The letter is assembled entirely in your browser from the details you enter. Nothing is uploaded, stored, or shared.

AI Data Rights Request Template

Major AI providers process enormous amounts of personal data, and privacy laws give you concrete rights over that data — but exercising them means writing a clear, correctly framed request. The AI Data Rights Request Template generates that letter for you, tailored to the provider, the specific right, and the law that applies.

How it works

Choose the AI provider (OpenAI, Anthropic, Google, Microsoft, Meta, or another), the right you want to exercise, and whether EU GDPR, UK GDPR, or California’s CCPA/CPRA applies to you. Add your name, the email on your account, and any extra detail such as the field you want corrected.

The tool assembles a complete letter: a clear subject line, an identity statement, the legally framed request body for the right you selected, the correct statutory response deadline, and a request for written confirmation. The opt-out-of-training option, for example, explicitly asks the provider to exclude your past and future interactions from any training or fine-tuning dataset and to confirm the date the exclusion takes effect.

Tips and notes

Send the letter to the provider’s current published privacy contact — the suggested address in the generated letter is a starting point, but companies change channels, and some require you to use an in-product privacy dashboard or web form. Including your account email up front speeds up identity verification.

Keep a dated copy of what you sent. If a provider misses the deadline or refuses without citing a valid exemption, that record is what you would attach to a complaint to a supervisory authority such as the ICO or your EU data protection authority. This is a template, not legal advice — for anything contentious, talk to a data protection professional. The whole letter is built in your browser, so none of your details leave the page.