Commit to best data practices, be ahead of the curve.
Join our community of companies working towards fairer data for all.
- Working with
A direct data channel to your customers
Let customers know that their rights are important to you
Reduce the time you spend processing SARs
Our system uses TrustID and multi-factor authentication
Speak to one of our team
Our mission is to make data fairer for all involved:
that includes businesses who share our ethos
See how requests are sent
Rightly acts as a data conduit between individuals and companies, giving users a safer and easier way to control their data
Our standardised & customisable approach enables forward-thinking companies to better serve their customers, and equips them for future requests
Security comes first
We work closely with our cloud provider, Amazon Web Services, and leading web security firms to ensure that we exceed expectations for data security
Received your first request from Rightly?
You have received a request directly from the data subject. If you are satisfied that the data subject has met your criteria for identification and verification then respond correctly, either using the built in webform or replying directly to the email.
No - our systems are set up such that we cannot see the contents of any data sent back to a user. We do not want to be able to see this data.
We validate all email addresses used to set up an account and encourage users to verify their phone numbers. Look for the green ticks on the data request to see validated personal data.
All IDs uploaded sent through our system authenticated using third party expertise, TrustID.
We use the expertise of third party ID service to authenticate the passport or drivers license that our users provide us.
More information on our collaboration with TrustID can be found on their website, https://www.trustid.co.uk/case-studies/
All communications from rightly come from a fixed root domain:
- All links to our forms start with https://www.rightly.co.uk/...
- All of our outbound emails finish with the suffix '@inbound.rightly.co.uk'
- Any further information provided to companies will come from https://rightly-prod-live-eu.s3.amazonaws.com.
Do not respond to anything else.
Just as gmail or outlook is not considered a third party when communicating with customers, Rightly is the tool that users have used to communicate with you. Rightly cannot and will not read the data inside the user account.
Yes, we invite you to test the system, please sign on and request your data from a company of your choice. Please remember to give us feedback on your experience.
Account information is held for as long as users hold the account. Users data will be deleted after one year as default.
The platform is free for both consumers and businesses. We are building additional features that consumers and businesses may want to pay for - the main platform will always be free.
We have a zero tolerance policy for abuse of personal data laws on our platform. If you believe a user is being misused, please let us know and we will investigate immediately.
How to write a great privacy notice
- DPO's Blog
We've put together our top tips to help you write a stellar privacy notice, suitable for all organisations.
- 4 minutes
How effective were regulations after Cambridge Analytica?
- Key issues
- DPO's Blog
The Cambridge Analytica scandal revealed how easy it was for political campaigns to use social media data to target and manipulate people into voting a certain way. GDPR and other regulations quickly came into place to make sure this never happened again.
- 4 minutes