Signed-in users can use the Web or mobile Privacy Request Center. Web offers an immediate JSON export. Deletion is scheduled after a 7-day cancellation period; solo workspaces can be deleted automatically, while team ownership conflicts receive administrator review.
Requests you can make
- Access the personal information associated with your account.
- Correct inaccurate profile, membership, billing-contact, or support information.
- Receive an export of eligible account or workspace information in a reasonably usable format.
- Delete a project, workspace record, account, or other eligible personal information.
- Restrict or object to certain processing where applicable law provides that right.
- Ask a question about analytics, AI routing, connected providers, retention, or a previous request.
How to submit a request
The primary route is Account → Privacy Request Center in the Web app or Me → Privacy and account data in the mobile app. The authenticated request records identity verification, request type, status, due date, response notes, and completion. The Web app can immediately download a JSON copy of eligible account and owned-workspace data.
If you cannot sign in, email support from the account address when possible. Use the subject “LabRat data request” or “LabRat account deletion” and include the account email, workspace name, request type, and scope.
Identity and authority checks
LabRat may ask you to sign in, confirm a message sent to the account email, identify a recent workspace action, or provide proof that an authorized agent may act for you. Workspace deletion or transfer requires owner authority. Verification information is used only to process and document the request.
What account deletion covers
- The Supabase authentication account and LabRat profile, after verification and completion.
- Personal workspace membership, settings, saved provider secrets, device registrations, runner registrations, and account-linked usage records.
- Workspace projects, captures, reports, scores, competitors, requirements, blueprints, generated package records, and other workspace content when the requester owns the workspace and deletion does not conflict with another valid owner or required retention.
- Support and billing-request records, except limited records that must be kept for fraud prevention, disputes, accounting, or legal compliance.
A request to delete the LabRat account does not delete an independently created OpenAI, Anthropic, Google, You.com, Tavily, Paddle, Apple, Google Play, or other provider account. Contact that provider separately for its account and retained data.
Subscriptions and external billing
Before deletion, cancel any active subscription through the provider that bills it or ask support for the correct route. Account deletion does not automatically stop a subscription managed by an app store or external payment provider. LabRat will explain any known active billing status during verification.
Timing and limited retention
Verified requests are due within one month under the GDPR unless a lawful extension applies. LabRat records the due date. Deletion requests receive a 7-day cancellation period; single-user owned workspaces are then processed automatically, while owned workspaces with other members move to administrator review for ownership or deletion resolution.
Limited information may be retained when necessary for security, fraud prevention, charge disputes, tax or accounting records, legal claims, or another legal obligation. Protected backups retain residual copies only for the configured backup lifecycle and are not restored to ordinary product use after a completed deletion.
Questions or appeal
If LabRat cannot fulfill all or part of a request, the response will explain the reason where permitted and identify any available appeal or complaint route. You may also contact the privacy or data-protection authority available in your location.