Our mission is to make data fairer for all involved. That means working with businesses who share our values.
Commit to best data practices, and be ahead of the curve.
By working with us you will:
Build trust with your customers
Let customers know their rights are important to you.
Save time and money
Cut time spent processing requests in half.
Rest easy using our system, built using TrustID and multi-factor authentication.
Our standardised and customisable approach enables forward-thinking businesses to better serve their customers, and equips them for future requests.
We'd love to hear from you. Give us a call or drop us a line to find out more.
We act as a conduit between individuals and businesses, giving users a safer and easier way to access their data. See how it works here.
We are unable to see any data that is exchanged between the individual and the company.
We also work closely with our cloud provider, Amazon Web Services, and web security firms to ensure that we exceed expectations for data security.
We hold the following publicly accredited certifications:
CyberEssential - Certificate
CyberEssentials Plus - Certificate
& we are working towards ISO27001.
Security Features of our System:
Cross site scripting (XSS) protection, Cross site request forgery (CSRF) protection, SQL injection protection, Clickjacking protection, SSL/HTTPS Encryption, Host header validation, Cookie-based session security.
Below are some questions businesses tend to ask before responding to requests through our platform. If you have any others, please feel free to email us at: firstname.lastname@example.org
I’ve just received a request from your platform, what should I do?
You have received a request directly from the data subject. If you are satisfied that the data subject has met your criteria for identification and verification then respond correctly, either using the built in webform or replying directly to the email.
Can Rightly see the data that is sent back?
No - our systems are set up such that we cannot see the contents of any data sent back to a user. We do not want to be able to see this data.
Is Rightly a ‘third party’? Why isn’t there proof to act on behalf?
Just as gmail or outlook is not considered a third party when communicating with customers, Rightly is the tool that users have used to communicate with you. Rightly cannot and will not read the data inside the user account.
How are you sure that your users are who they say they are?
We use validate all email address used to set up an account and encourage users to verify their phone numbers. Look for the green ticks on the data request to see validated personal data.
All IDs uploaded sent through our system authenticated using third party expertise, TrustID.
We use the expertise of third party ID service to authenticate the passport or drivers license that our users provide us.
More information on our collaboration with TrustID can be found on their website, https://www.trustid.co.uk/case-studies/
How do I know that communications really come from Rightly?
All communications from rightly come from a fixed root domain:
Do not respond to anything else.
Your website says you are in beta - are the requests I receive genuine?
Yes, we invite you to test the system, please sign on and request your data from a company of your choice. Please remember to give us feedback on your experience.
How long does Rightly hold user data?
Account information is held for as long as users hold the account. Users data will be deleted after one year as default.
Do you charge for your services?
The platform is free for both consumers and businesses. We are building additional features that consumers and businesses may want to pay for - the main platform will always be free.
How do you prevent misuse of the platform?
We have a zero tolerance policy for abuse of personal data laws on our platform. If you believe a user is being misused, please let us know and we will investigate immediately. email@example.com