Your rights
When you connect to a business through Overturo you keep a defined set of rights over the data you share. They apply whenever Overturo is acting as the trust conductor — across consent flows, agreements, and approvals. These rights sit alongside our trust charter and privacy policy.
- Last updated:
- March 2026
- Version:
- 1.0
- Applies to:
- All Overturo principals
These aren't just promises. Overturo enforces them at the protocol layer — purpose scoping, revocation propagation, and audit-chain transparency are built into how the platform issues and verifies consent, not added as a policy on top.
Access
You can ask for a copy of the data a business holds about you, and the trail of the consents and agreements that allowed it to hold it. We surface that trail directly from the audit chain — every record is signed and timestamped.
Portability
Anything you've shared through Overturo can be exported in a portable format. You can move it to another provider, share it with a regulator, or keep it for your own records.
Erasure
You can request that a business delete what you've shared. Overturo records the request, forwards it to the business, and tracks completion within the deadline that applies to your region.
Revocation
You can revoke consent at any time, for any purpose, without giving a reason. Revocation takes effect immediately for future use; data already lawfully used is governed by the original agreement.
Complaint
If a business doesn't honour these rights, you can escalate through Overturo. We pass the complaint to the business and to the relevant data-protection authority for your region.
How to exercise these rights
Most rights have a direct entry point in your Overturo dashboard. For anything that needs human review, get in touch and we'll route it.