Server Manager/ Help
Open Server Manager →

Your GDPR rights & data export

Under EU GDPR you have the right to access, correct, delete, and export your data, and to object to certain processing. How to exercise each right at Server Manager: mostly via email, with response within 30 days as required by law.

Last updated May 27, 2026

EU data-protection law gives you six concrete rights over the data Server Manager holds about you. Here's what each one means in practice and how to exercise it.

1. Right of access (Art. 15)

What it is: you can request a copy of all personal data we hold about you.

How to exercise: email igor.cardines@gmail.com with subject "GDPR access request" from the email address registered to your account. We'll send you a machine-readable export (JSON) of:

  • Your account record
  • Your saved server profiles (alias, host, port, username — not the encrypted credential blob, which is useless without your passphrase, and not your passphrase either since we don't have it)
  • Your usage logs (per-LLM-call records)
  • Your billing records on our side (pass dates, costs, payment method IDs — Stripe holds the actual payment data; export from Stripe separately if needed)
  • Per-purchase consent records (timestamps, accepted TOS / Privacy versions)
  • Free-tier grant + observed-VPS-host records
  • File snapshots (Undo records) — file paths + base64 content

Response time: within 30 days. Free of charge, unless the request is "manifestly unfounded or excessive" (it almost never is).

2. Right of rectification (Art. 16)

What it is: you can ask us to correct inaccurate or out-of-date personal data.

How to exercise:

  • Your name is pulled from your Google account if you signed in via Google. Update it on Google's side; it'll sync on next login.
  • Your email address is your unique identifier. To change it: email us — we don't have a self-service email-change flow yet.
  • Your billing address / tax ID lives at Stripe. Click your avatar → Account → Manage billing to update it in their customer portal.

For anything else, email igor.cardines@gmail.com.

3. Right of erasure ("right to be forgotten") (Art. 17)

What it is: you can ask us to delete your data entirely.

How to exercise: the simplest path is the Delete account section on your Account page (scroll to the bottom). One click + a confirmation step + your email retyped = your account is queued for deletion.

What happens:

  • Account immediately deactivated (signed out, cannot sign back in)
  • Soft-deleted for 30 days in case you change your mind (contact us to restore)
  • Hard-deleted after 30 days by an automated job — all your data is removed from the database

Exceptions (data we may retain after deletion):

  • Billing records required by Italian tax law for 10 years (invoice records, transaction amounts, your VAT-ID if you provided one). These are kept by Stripe AND in our own audit-log database in minimized form.
  • Per-purchase consent records linked to those billing records (the Art. 16(m) waiver audit trail), for the same retention period.

Everything else is fully deleted. See Deleting your account for the full picture.

4. Right to data portability (Art. 20)

What it is: you can request your data in a machine-readable, portable format so you can move to another service.

How to exercise: same as Right of access — email us, we send JSON. Currently this is a manual export; we'll automate it if demand justifies it.

5. Right to object to processing (Art. 21)

What it is: you can object to certain processing, particularly for direct marketing or profiling.

How it applies here: Server Manager doesn't do direct marketing. We don't profile you for advertising, personalization, or third-party sharing. The only processing we do is:

  • Operating the service (running agent commands on your server)
  • Billing (Stripe)
  • Abuse prevention (free-tier IP collision check, rate limits)
  • Service emails (authentication, support replies)

If you object to any of these, the only path is to delete your account — we can't operate the service without doing them.

6. Right to restriction of processing (Art. 18)

What it is: while we're investigating an access / rectification / objection request, you can ask us to pause processing of your data.

How to exercise: include "request restriction during review" in your email. We'll suspend your account and pause all processing (except mandatory legal retention) until the underlying request is resolved.

Contact

Email: igor.cardines@gmail.com

Include in your message:

  • Your registered email address (must match the sender for us to verify the request)
  • Which right you're exercising (access / rectification / erasure / portability / object / restriction)
  • Any specifics about what data or what processing

We'll respond within 30 days as required by GDPR. In practice, usually within a few business days.

Related

  • What Server Manager stores about youA plain-English inventory of every piece of data we hold — your email, your server connection metadata, billing records, usage counts. What we never store: SSH passwords/keys in plaintext, chat history past your session.
  • Deleting your accountOne-click deletion on the Account page. Account is immediately deactivated; data is soft-deleted for 30 days in case you change your mind; hard-deleted after that. Your servers on your hosting provider are untouched — Server Manager only releases its record of them.