Ask us anything.
Personal data, GDPR and more FAQs
While not always the case, we do unfortunately live in a world where clear, fair and customer-centric personal data practices are still not commonplace. We’re on a mission to change that.
We value the trust people put in us, and want to keep earning it. If you have any more questions, concerns or ideas, you can tweet us or get in touch with our support team and we’ll be in touch as soon as possible.
Questions we're often asked:
Rightly is free because our service should be accessible to everyone, not just those who can pay for it. Managing your data should be simple and easy, it’s yours after all.
To read more about this, check out ‘Why we’re free’.
This is because it’s your legal right to:
- Ask any company what information they have about you, and what they’re doing with it.
- Tell any company to delete all of the information they have about you.
- Demand that any company updates inaccurate information it’s storing about you.
Rightly makes it easy for you to do all of the above with any company of your choosing. So, in practice, you can use Rightly to:
- Get your credit files for free
- Get evidence to appeal a parking ticket
- Delete your data from supermarkets
And much much more! You can see all of the ways that you can use Rightly for free here.
Naturally, we’d really recommend using Rightly! But, this is also because it’s genuinely better for our users.
We built Rightly so that having more control over your data would be simple and easy. Using Rightly does that by saving you time, effort and giving you support along the way.
When you go directly to a company or companies, it often requires sifting through their privacy policies and websites to work out the correct way of sending a request, what details to send, and who best to contact. It also often involves a lot of back and forth between you and the company, and there’s no one to speak to if you feel that you’re being treated unfairly or something is wrong.
With Rightly, you only need to upload your details or sign in with your social account once to start sending multiple requests. We’ve mapped out exactly what’s needed in a request, saving you valuable time spent playing email ping pong with companies.
You can manage all of your responses in one place, and also speak to our friendly support team if anything goes wrong.
Companies have to respond to your request because by law, you have the right to know whether a company has your personal data, and what they’re doing with it.
P.S. Companies are also required by law to respond to you within 30 days, even if it’s only to inform you that they don't have any of your personal data.
Not at the moment, but we’ve built a great web app that’s completely mobile friendly.
Companies often respond within a few days, but may take up to 30. They may also ask for a bit more information to confirm your identity depending on their own policy.
If a company doesn’t respond within this timeframe, we’re here to help! Get in touch with us here.
No, you can send as many requests as you like.
The only exception to this is sending the same two types of request to the same company. For example, you couldn’t send two deletion requests to the same company before they’ve been given a chance to reply to the first.
Some types of data suit different formats, so we allow companies to send back your data in whatever way they think is best. Sometimes, this is in a format that isn't too easy to read, which we find frustrating on your behalf! When this happens, we take it up with the company, so please do let us know if it does.
We’re also currently putting together a guide on how to best understand the data sent back to you. You can keep an eye out for this on our blog.
No, don’t worry! We’ll email you to update you on how your requests are going, and send helpful content when it’s strictly necessary. We won’t send you lots of marketing emails - we don’t want to spam you.
You can accept marketing preferences to be sent our educational blog content if you'd like.
This is a great question.
If the data is wrong because it’s incomplete, you can tell the company that this is the case through the platform, or drop us a line for some help.
If however, although it’s unlikely, the data that the company sends back data isn’t yours, then please let the business know and get in touch with the Rightly support team so they can help.
Get in touch, we’d love to help.
Make sure you have your request email address and request reference to hand.
If the company is still active, but simply using a different name, you can still send them a request.
For help on this, feel free to contact ourSupport team.
Of course. You can do this by going into ‘App Settings’ and selecting ‘Delete Data and Close Account’. If you have any questions or concerns about this, please get in touch with our Support team who'd be happy to help.
At Rightly, we want to make sure that we support everyone, including vulnerable consumers.
If you’d like to send a request through Rightly but are vulnerable, please reach out to our support team. They'd be happy to help.
More broadly, we’d recommend registering with the Vulnerability Registration Service (VRS). The VRS is a not-for-profit organisations that helps vulnerable consumers, for free. You can read more about them here.
Security at Rightly
In short, very. The safety of your data is our absolute priority.
Our mission is giving people more control over their data. Doing anything that would mean that people had less control over their data would be our nightmare.
To ensure this never happens, we’ve worked with leading web security firms and our cloud provider Amazon Web Services to go above and beyond on our security.
In terms of the technical stuff, we also hold the Cyber Essentials and Cyber Essentials Plus publicly accredited certifications.
All of our data handling processes are compliant with the highest data protection regulations of the UK and EU. As such, we’re subject to the world-leading legislation GDPR and also accountable to the Information Commissioner’s Office (ICO).
Our Chief Technical Officer, Tony, has written a blog about security at Rightly laying everything out in more detail.
No, we’ve specifically made Rightly so that none of our team can see any of the personal data that’s sent back to you. Who sees your personal data should be up to you.
It’s important to us that you know exactly how we handle your data, so we’ve tried to be as transparent and as clear as possible below.
- Your data is used to create your account, and to send requests to businesses.
- The data you receive from companies is never, ever shared or sold to third parties. It’s central to what we do that you know exactly how your data is being used, and can decide what happens to it.
- We store all data securely, explained in this blog.
You can read more about how we handle your data here.
Your data is stored in a secure cloud location in the United Kingdom. To read about our security, check out this blog.
At the moment, your data will be automatically deleted 90 days after you receive it. If you’d like to change this, you can easily adjust your storage settings inside your Rightly account.
Don’t worry about missing the company’s response. We know how busy life gets, so we’ll send you a couple of reminder emails to let you know that you’ve got your data back.
No. We’ll never sell your data - that would go against everything we believe in. That’s why there are no hidden costs or adverts either.
We’re grateful for the trust people put in us, and meet this with a strict ethical framework that governs what we do.
GDPR stands for General Data Protection Regulation. It’s a huge step forward for consumers.
Basically, it’s legislation that limits what companies can do with personal data, and gives individuals much greater control over their own.
To find out why GDPR was needed, what the law actually says, and what it means for you, check out our GDPR blog.
Yes! If companies are operating within the EU and are storing information on EU and UK citizens, GDPR rules apply. This also applies to companies within the UK that are operating in the EU.
Technically speaking, a ‘SAR’ or Subject Access Request is a written request for your personal data that you send to a company or organisation. The company has to respond to you within 30 days under GDPR law.
In short, a SAR allows you to find out whether a company has your personal data, and to get it back.
You can send multiple SARs through Rightly, and then manage them all from one place.
You can find out more in our blog.