GDPR / Data Rights

This notice applies where the EU GDPR, UK GDPR, Swiss data-protection law, or similar European privacy rules apply to BlazeAuth’s processing of personal data. It supplements the Privacy Policy and focuses on data subject rights and account deletion.

BlazeAuth generally acts as the controller for account, billing, support, and website interaction data that it collects for its own operations. For customer content processed on behalf of a business customer, BlazeAuth may instead act as a processor or service provider, depending on the role described in the applicable agreement and service context.

If a request relates to personal data that a customer submitted to the Service about its own end users, BlazeAuth may direct the requester to that customer as the relevant controller, while providing assistance to the customer where required by law or contract.

Subject to applicable law and verification of identity, you may request access to your personal data, correction of inaccurate data, restriction of processing, objection to certain processing, data portability, withdrawal of consent where processing depends on consent, and erasure of personal data.

These rights are not absolute. BlazeAuth may limit or refuse a request where permitted by law, including where we cannot verify identity or authority, compliance would adversely affect the rights of others, or specific records must be retained for security, anti-fraud, tax, accounting, contractual, or legal claims purposes.

If you believe BlazeAuth has handled your personal data unlawfully, you may contact us first so we can try to resolve the issue, and you may also lodge a complaint with the supervisory authority in your country of habitual residence, place of work, or place of the alleged infringement.

You may permanently delete your BlazeAuth account at any time through the Profile section of your account in dashboard.blazeauth.net. This self-service deletion flow is the primary method for closing an account and requesting erasure of the associated personal data, and it takes effect immediately once confirmed by the user.

If you cannot access the dashboard or need assistance, you may also contact support@blazeauth.net from the email address associated with the account. We may ask for reasonable verification of identity and authority before acting on an email-based request.

Once a user confirms self-service deletion in the Profile section, account access is disabled immediately and the deletion is irreversible. BlazeAuth does not restore deleted accounts and cannot recover deleted data back into active use, except to the limited extent specific records must be retained by law for compliance, dispute resolution, fraud prevention, or legal claims.

Limited copies may remain temporarily in secure backups and audit logs for resilience and security purposes, but those copies are removed or expire under standard retention schedules and are not used to restore a deleted account for customer access. Once the deletion workflow is completed, account and data recovery are not possible.

To exercise GDPR-related rights, contact support@blazeauth.net and describe the request with enough detail for us to identify the account and the data involved. If the request concerns a security-sensitive issue, you may also copy security@blazeauth.net.

Account deletion does not normally require a support request because it is available directly in the Profile section of dashboard.blazeauth.net. Support is an additional channel for cases where self-service deletion is unavailable or further help is needed.

If you act through an authorized representative, BlazeAuth may request evidence of that authority. If the request concerns data submitted by a BlazeAuth customer about its own end users, we may refer the request to that customer as the relevant controller.

BlazeAuth reviews requests case by case and aims to respond without undue delay. Where GDPR-style law applies, we generally respond within one month to rights requests submitted to support, although we may request information needed to verify identity, authority, or scope, and may extend the response period by up to two additional months for complex or numerous requests where applicable law permits.

This response timeline applies to support-handled rights requests. It does not delay self-service account deletion that a user confirms directly in the Profile section of dashboard.blazeauth.net.

If BlazeAuth declines or cannot fully fulfill a request, we will explain the legal, security, or technical basis for that outcome and, where applicable, any remaining options available to you.