Privacy Policy

Last updated: October 12, 2025

1. Information We Collect

Rightsly collects publicly available Instagram content (posts, images, captions, engagement metrics) that users have chosen to tag with specific hashtags. We use the Instagram Graph API with Public Content Access permission to discover this content.

2. How We Use Instagram Data

We use Instagram APIs to:

  • Discover publicly shared Instagram posts tagged with brand-specific hashtags
  • Extract creator usernames from post permalinks (via oEmbed API)
  • Display proper attribution for user-generated content
  • Enable brands to request usage rights from creators
  • Analyze content engagement (likes, comments) to help brands identify high-performing content

3. Data Storage and Security

We store: post URLs, permalinks, captions, media URLs, thumbnails, engagement metrics (like counts, comment counts), posting timestamps, and creator usernames. All data is publicly available information that creators have voluntarily chosen to share on Instagram. Data is stored securely in encrypted databases with access controls.

4. Data Retention

We retain Instagram content data as long as it is relevant for brand campaigns and rights management. Content may be removed from our system if:

  • The original Instagram post is deleted by the creator
  • A brand removes the associated hashtag from tracking
  • A creator requests deletion (see section 5)

5. Data Deletion Requests

Content creators can request deletion of their content from our platform at any time. To request deletion:

  • Email us at: legal@rightsly.ai
  • Include the Instagram post URL(s) you want removed
  • We will remove the content within 30 days of receiving your request

6. Third-Party Services

Rightsly uses the following third-party services:

  • Instagram/Meta Platform: For content discovery via Instagram Graph API with Public Content Access permission
  • Supabase: For secure database storage
  • Google Cloud Platform: For serverless function execution
  • Vercel: For web application hosting

7. Compliance with Instagram Platform Terms

Rightsly complies with Instagram's Platform Terms and API Terms of Use. We:

  • Only access publicly available content
  • Provide proper attribution to content creators
  • Respect content creators' rights and allow deletion requests
  • Do not store or use Instagram data for purposes outside our stated use case

8. GDPR Compliance (European Union Users)

If you are located in the European Union, the General Data Protection Regulation (GDPR) grants you specific rights regarding your personal data:

Your GDPR Rights

  • Right to Access: You can request a copy of all personal data we hold about you
  • Right to Rectification: You can request correction of inaccurate or incomplete data
  • Right to Erasure (Right to be Forgotten): You can request deletion of your personal data
  • Right to Restrict Processing: You can request that we limit how we use your data
  • Right to Data Portability: You can request your data in a structured, machine-readable format
  • Right to Object: You can object to certain types of processing, including direct marketing
  • Right to Withdraw Consent: You can withdraw consent at any time where processing is based on consent
  • Right to Lodge a Complaint: You can file a complaint with your local data protection authority

Legal Basis for Processing

We process your personal data under the following legal bases:

  • Contractual Necessity: To provide our service to you
  • Legitimate Interest: To improve our service and prevent fraud
  • Consent: For marketing communications and optional features
  • Legal Obligation: To comply with applicable laws and regulations

Data Protection Officer

For GDPR-related inquiries, you can contact our Data Protection Officer at:

  • Email: dpo@rightsly.ai
  • Subject Line: GDPR Request - [Your Request Type]

Response Time

We will respond to all GDPR requests within 30 days. In complex cases, we may extend this period by an additional 60 days with notification.

EU Representative

If required under GDPR Article 27, our EU representative information will be provided here.

To Exercise Your Rights

To exercise any of your GDPR rights, please contact us at dpo@rightsly.ai with:

  • Your full name and email address
  • A description of the right you wish to exercise
  • Proof of identity (to prevent unauthorized access)
  • Any additional information relevant to your request

9. CCPA/CPRA Compliance (California & US Residents)

If you are a California resident or US resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) grant you specific rights regarding your personal information:

Your CCPA/CPRA Rights

  • Right to Know: You can request to know what personal information we collect, use, disclose, and sell
  • Right to Delete: You can request deletion of your personal information (subject to certain exceptions)
  • Right to Correct: You can request correction of inaccurate personal information
  • Right to Opt-Out of Sale/Sharing: You can opt-out of the sale or sharing of your personal information
  • Right to Limit Use of Sensitive Personal Information: You can limit use of sensitive personal information
  • Right to Non-Discrimination: You will not receive discriminatory treatment for exercising your privacy rights

Information We Collect

We collect the following categories of personal information:

  • Identifiers: Email addresses, usernames, IP addresses
  • Commercial Information: Subscription history, payment information
  • Internet Activity: Browsing history, interactions with our service
  • Professional Information: Brand name, business information

Do We Sell or Share Personal Information?

No. Rightsly does not sell your personal information to third parties. We do not share your personal information for cross-context behavioral advertising. We only share data with service providers necessary to operate our platform (such as payment processors and hosting services).

Opt-Out Preference Signals

We recognize and honor opt-out preference signals such as Global Privacy Control (GPC) where technically feasible.

To Exercise Your Rights

To exercise any of your CCPA/CPRA rights, please contact us at privacy@rightsly.ai with:

  • Your full name and email address
  • A description of the right you wish to exercise
  • Sufficient information to verify your identity

We will respond to verifiable consumer requests within 45 days. If we need more time (up to 90 days total), we will notify you of the extension and the reason.

Authorized Agents

You may designate an authorized agent to make requests on your behalf. The agent must provide proof of authorization and you may be required to verify your identity directly with us.

10. Changes to This Policy

We may update this privacy policy from time to time. We will notify users of any material changes by posting the new policy on this page and updating the "Last updated" date.

11. Contact Information

For privacy concerns, questions, or data deletion requests, contact us at:

  • Email: legal@rightsly.ai
  • Support: support@rightsly.ai