How Rightsly Works

Manage UGC rights and track revenue per asset for your Shopify store

Current Status: Shopify integration, rights ledger, and revenue tracking are live. Instagram auto-discovery is tested and ready, pending Meta app approval.See full roadmap

Platform Overview

Rightsly is a UGC rights management and revenue tracking platform built for Shopify brands. Track consent scope and expiry dates, measure revenue per UGC asset with refund-adjusted attribution, and automate expiry alerts to keep your campaigns compliant.

Social media UGC discovery (Instagram, TikTok, and more) is coming soon—pending platform approvals.

Step-by-Step Process

1
Connect Shopify StoreLIVE

One-click OAuth integration to connect your Shopify store:

  • Webhook integration: Real-time order tracking (orders/create, refunds/create)
  • Revenue attribution: Track sales via coupon codes, UTM parameters, and short links
  • Refund-adjusted: Net revenue calculations automatically subtract refunds
  • Product sync: Import your product catalog for UGC tagging

Technical: Idempotent webhook processing with HMAC validation. All data stored securely with AES-256 encryption.

2
Upload & Manage UGC RightsLIVE

Add your UGC assets manually and manage rights in the consent ledger:

  • Upload content: Manually add UGC from any source (Instagram, TikTok, email submissions)
  • Consent scope: Track where content can be used (organic, ads, email, PDP)
  • Expiry tracking: Set approval date and expiry period (6mo, 1yr, perpetual)
  • Proof links: Store DM screenshots, contracts, or email confirmations
  • Creator info: Track creator username, follower count, engagement metrics

Compliance: Single source of truth for legal audits. Know exactly what you can use and where.

3
Track Expiry & AlertsLIVE

Automated expiry tracking keeps your campaigns compliant:

  • Dashboard shows countdown to expiry for each asset
  • Email alerts: 30 days, 7 days, and 1 day before expiry
  • Visual indicators (red/yellow/green) for at-risk content
  • CSV export of expiring assets for ad platform pause lists

Important: Running ads with expired UGC rights can result in DMCA takedowns or legal action. Our alerts help you stay compliant.

4
Measure Revenue per UGCLIVE

Multi-tier attribution system with transparent conflict resolution:

  • Coupon codes: Assign unique codes per creator (Priority 1 - most explicit intent)
  • UTM parameters: Track organic social traffic (Priority 2 - click-level tracking)
  • Short links: rghts.ly/xyz for Instagram bios where UTMs don't work (Priority 3 - coming December 2025)
  • Transparent conflict resolver: When multiple methods fire on one order, see all signals with clear priority hierarchy. Override if needed.
  • Refund-adjusted: Real-time net revenue (gross - refunds) calculated automatically

How Attribution Conflicts Work:

When an order comes in with a creator's discount code, UTM parameters, AND a short link referrer, we show you all three signals and apply discount code attribution (most explicit). You can override based on your partnership agreements. Full transparency—because you know your creator relationships best.

Designed to Complement Creator Systems:

Short links work alongside existing creator affiliate links and discount codes—not instead of them. Perfect for performance-based partnerships where both brand and creator need tracking visibility. Optional shared dashboards show creators their impact.

Technical: Shopify webhooks (orders/create, refunds/create) with idempotent processing. 7-day attribution window for all methods. HMAC validation for security.

5
Social Discovery (Instagram)PENDING META APPROVAL

Tested and ready, pending Meta app approval:

  • Instagram OAuth: Connect Business account via Meta OAuth
  • Hashtag monitoring: Automated polling every 10 minutes for tracked hashtags
  • Creator analytics: Auto-extract age, location, niche, influencer tier from bios
  • Engagement metrics: Track likes, comments, follower count, engagement rate
  • Future platforms: TikTok, YouTube Shorts, Twitter/X coming after Instagram approval
6
Automated Rights RequestsPENDING META APPROVAL

Will be available when Instagram Graph API (Business) is approved:

  • Auto-comment: Post rights request comments on discovered UGC (with your approval)
  • Response detection: Monitor comments every 5 minutes for approval keywords
  • Keyword matching: Approve: "yes", "ok", "sure" / Reject: "no", "remove"
  • Auto-approve: Update status to approved/rejected automatically

Currently: Manual workflow. You reach out to creators via DM/comment and update status manually in the dashboard.

Data Flow & Security

Data We Store

  • Instagram post URLs, media URLs, captions, engagement metrics
  • Creator usernames, follower counts, bio information (for demographics)
  • Rights request status, approval dates, expiry dates
  • Product tag positions, widget analytics, conversion events

Data We Don't Store

  • Instagram passwords or API tokens (only OAuth access tokens)
  • Private Instagram content (only public posts with your tracked hashtags)
  • Personal creator information beyond public profile data

Security Measures

  • All data encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Row-level security (RLS) policies ensure data isolation per brand
  • Regular security audits and penetration testing
  • SOC 2 Type II compliance (in progress)

Instagram API Scopes & Permissions

ScopePurpose
user_profileRead basic account info (username, profile picture) - Currently Active
user_mediaAccess user's media (photos and videos) - Currently Active
instagram_manage_commentsPost rights request comments and read responses - Coming Soon
Public Content AccessDiscover public posts via hashtag search - Coming Soon (requires Meta App Review)

Note: We only access publicly available content that users have voluntarily shared with hashtags. We comply with Instagram's Platform Terms and API rate limits.

Technical Architecture

Frontend
  • Next.js 15: React framework with App Router
  • TypeScript: Type-safe development
  • Tailwind CSS: Utility-first styling
  • Vercel: Hosting and CDN
Backend
  • Supabase: PostgreSQL database with RLS
  • Google Cloud Functions: Serverless API workers
  • Cloud Scheduler: Automated polling jobs
  • Stripe: Payment processing
Integrations
  • Instagram Graph API: Content discovery
  • Shopify Admin API: Product sync & orders
  • SendGrid: Transactional emails
  • Segment: Analytics and tracking
Security
  • OAuth 2.0: Secure third-party auth
  • Row-Level Security: Data isolation
  • TLS 1.3: Encrypted connections
  • Regular Audits: Security reviews

What's Coming Next?

See our full product roadmap with upcoming features, timelines, and what's currently in development.

Ready to get started?

Start your 30-day pilot at $79/mo