Your US State Privacy Rights
If you are a US resident, several state privacy laws give you rights over your personal information. This page explains those rights and how to exercise them with OWL. It supplements — and does not replace — the OWL privacy policy, which remains the full description of what we collect and what we can and cannot see.
1. Your rights
Depending on your state, you may have the right to:
- Know / access — confirm whether we process your personal information and get a copy of it.
- Delete — request deletion of personal information we hold about you (subject to legal exceptions and the retention described in the privacy policy).
- Correct — fix inaccurate personal information (for example, your account email).
- Portability — receive your personal information in a portable, usable format.
- Opt out of sale / sharing — we do not sell personal information and do not share it for cross-context targeted advertising, so there is nothing to opt out of; we will confirm this on request.
- Opt out of targeted advertising — we do not run targeted advertising or trackers.
- Limit use of sensitive personal information — we do not use sensitive personal information for advertising or profiling; OWL's design means we cannot read your file or message contents at all.
- Non-discrimination — we will not discriminate against you for exercising any of these rights.
2. How to exercise your rights
Email privacy@ndevr.org (and use in-product account controls where available — you can edit account details and delete files, messages, or your whole account directly). To protect your data, we will take reasonable steps to verify your identity, typically by confirming control of the account email tied to the request; we cannot disclose or delete data based on an unverifiable request.
We aim to respond within the timeframe your state's law requires (generally 45 days, extendable once where permitted). Where your state provides an appeal process for a denied request, we will tell you how to appeal in our response.
3. State-by-state summary
A non-exhaustive summary of the comprehensive US state privacy laws. The rights above apply to residents of these states under their respective laws; effective dates are when the law became enforceable for consumers.
| State | Law | In effect |
|---|---|---|
| California | CCPA, as amended by the CPRA | Jan 2020 (CPRA amendments Jan 2023) |
| Virginia | Consumer Data Protection Act (VCDPA) | Jan 2023 |
| Colorado | Colorado Privacy Act (CPA) | Jul 2023 |
| Connecticut | Data Privacy Act (CTDPA) | Jul 2023 |
| Utah | Consumer Privacy Act (UCPA) | Dec 2023 |
| Texas | Data Privacy and Security Act (TDPSA) | Jul 2024 |
| Oregon, Montana, and others | Comprehensive state privacy laws | 2024–2026 (varies) |
Additional states continue to enact comprehensive privacy laws; we apply the rights above to residents of any state with a comparable law, whether or not it is listed here.
4. Authorized agents & minors
- Authorized agents. You may use an authorized agent to submit a request on your behalf where your state's law allows it; we may ask the agent for proof of authorization and may still verify your identity directly.
- Minors. OWL is not directed to children, and we do not knowingly collect personal information from children under 13 (see privacy policy §16). We do not sell or share personal information of minors.
5. Scope
This is a disclosure page describing how we honour US state privacy rights; it is not a certification. For the complete description of our data practices, sub-processors, retention, and security, see the privacy policy.