Privacy Policy

This Privacy Policy explains how ByRightHQ LLC (“ByRightHQ,” “we,” “us,” or “our”) collects, uses, and protects information when you use our platform at byrighthq.com. By using ByRightHQ, you agree to the practices described here.

1. Information We Collect

Account information: When you register, we collect your email address, name, and (if you use Google Sign-In) your Google account ID and profile picture.

Payment information: Billing and payment data is processed directly by Stripe. We do not store full credit card numbers. We retain only the last 4 digits, card type, and billing status provided by Stripe.

Usage data: We log zone lookups, search queries, and export activity associated with your account to enforce fair-use limits and improve the platform.

Technical data: We collect standard server logs including IP address, browser type, referring URL, and page views. We use this data for security, debugging, and aggregate analytics.

2. How We Use Your Information

• To create and manage your account and authenticate your identity
• To process subscription payments and manage billing via Stripe
• To send transactional emails (account verification, password reset, billing receipts)
• To enforce rate limits and fair-use policies
• To improve the platform, fix bugs, and develop new features
• To detect and prevent fraud, abuse, or unauthorized access
• To comply with legal obligations

We do not sell your personal information to third parties.

3. Cookies & Authentication

We use a single authentication cookie (byrighthq_token) to keep you signed in. This cookie is HttpOnly, Secure, and SameSite=Lax. It does not track you across other websites. We do not use third-party advertising or tracking cookies.

4. Third-Party Services

We share limited data with the following third parties to operate the platform:

• Stripe — payment processing. Subject to Stripe's Privacy Policy.
• Google OAuth — optional sign-in via Google. Subject to Google's Privacy Policy. We only request your name, email, and profile picture.
• Amazon Web Services (SES) — transactional email delivery. Emails are not used for advertising.

5. Data Retention

We retain your account data for as long as your account is active or as needed to provide services. If you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required by law (e.g., billing records may be retained for up to 7 years for tax purposes).

6. Data Security

We use industry-standard security practices including TLS encryption in transit, bcrypt password hashing, and SHA-256 hashed session tokens stored in our database. We do not store plaintext passwords. Despite these measures, no system is 100% secure — we cannot guarantee absolute security of your data.

7. Your Rights

You may request access to, correction of, or deletion of your personal data at any time by emailing [email protected]. We will respond within 30 days. If you are located in the EU/EEA, you may also have rights under GDPR, including the right to data portability and the right to lodge a complaint with a supervisory authority.

8. Children's Privacy

ByRightHQ is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected such information, we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email to active subscribers at least 14 days before they take effect. The “Effective Date” at the top of this page indicates when the policy was last revised.

10. Contact

Questions about this Privacy Policy: [email protected]  ·  ByRightHQ LLC

See also: Terms of Service