Skip to main content
PrivacyLaunch trust

Privacy for customer access and support.

RightCyber keeps the service deliberately small: payment is handled through secure checkout, sign-in uses your checkout email, and Builder work is stored locally by you.

Controller

RightCyber is the controller for customer access, support, and operational records created by this service. Privacy requests can be sent to info@rightcyber.co.uk; include the checkout email only where it helps support find the relevant customer record.

What we collect

We process the email address used for checkout and sign-in, licence status, subscription status, current access period, checkout references, support messages you send, and basic operational logs needed to keep access working.

Operational logs may include checkout attempts, magic-link attempts, webhook processing records, access changes, session clearing events, and internal support lookups.

The hosted customer area stores account-level mission completion metadata, such as mission id, completion status, and completion time, so you can see where you are in the guided route.

Lawful basis

Customer access records are processed to perform the contract created at checkout. Operational logs, abuse controls, and support records are processed for legitimate interests in keeping the paid service reliable, secure, and supportable.

Processors

The service currently relies on a checkout provider for checkout and tax, Neon for database hosting, Vercel for hosting, Resend for magic-link email, and optional Sentry monitoring when configured.

Payments

The checkout provider acts as Merchant of Record for checkout, tax, receipts, and payment processing. RightCyber does not receive or store card numbers.

Evidence Builder data

The desktop Builder saves your local Builder workspace, answers, evidence notes, action log, copied evidence files, pasted screenshots, Evidence Pack exports, and Workspace Backup ZIPs locally on your computer. RightCyber does not receive those answers or evidence files through the hosted customer area.

Do not send full evidence packs, raw screenshots with secrets, passwords, keys, customer/client data, or unredacted internal records to support. Use redacted screenshots and safe descriptions when support context is needed.

Because Builder data is local-first, RightCyber cannot recover lost local Builder data, overwritten local saves, missing local evidence files, or Evidence Pack ZIPs you delete.

AI Safe Use Pack and Prompt Shield

RightCyber AI Safe Use Pack guidance may link to the Prompt Shield browser extension. Prompt Shield stores its settings, redaction terms, and metadata-only audit exports locally in the browser. The hosted RightCyber website does not receive prompt text, redacted prompt text, AI audit log rows, or custom redaction dictionaries.

Retention

Customer access records are kept while access is active, then minimised or deleted when there is no continuing tax, refund, dispute, fraud-prevention, or support need. Rate-limit events are pruned by the operational cron using RATE_LIMIT_RETENTION_HOURS, which defaults to 24 hours.

Access and deletion

For access, correction, or deletion questions, email info@rightcyber.co.uk. Include the checkout email so the customer record can be found. Deleting the RightCyber customer record does not delete checkout records held as Merchant of Record.