Privacy Rights Matrix (DSAR)

Right	What the customer asks	Backend support	Statutory deadline
Access / Know	"What do you have on me?"	`DataExportRequest` (export)	45 days (TDPSA), +45 extension
Delete	"Delete my data"	`AccountDeletionRequest` (tracks deleted/anonymized/retained)	45 days
Portability	"Give me my data"	`DataExportRequest`	45 days
Correct	"Fix my data"	manual via account	45 days
Opt-out	"Stop selling/sharing"	consent flags (`GDPRConsent`/`CCPAPreference`)	as soon as practicable

¶ Privacy Rights Matrix (DSAR)