What a DSAR is
Under GDPR, PIPEDA, CCPA, and similar privacy laws, individuals have the right to:
- Access the personal data an organization holds about them
- Correct inaccurate data
- Delete data (the "right to erasure")
- Export their data in a portable format
- Restrict processing of their data
- Object to certain types of processing
How to submit a DSAR
If you are a member of an organization using Sembr:
- Contact your organization directly. They are the data controller; we are their processor.
- Your organization can fulfill standard DSARs through Sembr's built-in tooling: one-click access export and one-click deletion (with a 7-day cooling-off period before final erasure).
- If your organization is unresponsive, you can contact Sembr through the contact link in the footer and we will route the request.
If you have a direct relationship with Sembr (e.g., you signed up for our waitlist):
- Use the contact link in the footer to submit your request. We respond within 30 days, typically within 7.
How Sembr's tooling supports your organization
Built-in to every Sembr workspace:
- Access export: generates a JSON file of all personal data Sembr holds for one member, exportable from the member detail page
- Deletion: soft-delete with audit trail, hard-delete after a 7-day cooling-off period
- Audit chain: every DSAR action (request received, fulfilled, declined) is captured in the tamper-evident audit log
The full policy
We are drafting the full DSAR policy with privacy counsel ahead of public launch. For specifics today, use the contact link in the footer.