Privacy Policy
Last updated: March 27, 2026
1. Introduction
RightMyWork Inc. ("RightMyWork," "we," "us," or "our") operates the website www.rightmywork.com and associated services (collectively, the "Service"). This Privacy Policy explains what data we collect, why we collect it, how we use and protect it, who we share it with, and what rights you have regarding your data.
By using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our data practices as described herein, you must not use the Service.
The Service is intended for use by residents of the United States, Canada, and Australia. The Service is not available to users located in the European Union, the United Kingdom, or any other jurisdiction where RightMyWork has not been made available. This Privacy Policy applies to all users of the Service, with jurisdiction-specific rights described in the applicable sections below.
2. Who We Are
RightMyWork Inc. is responsible for your personal data as described in this Privacy Policy. For questions about this policy or to exercise your data rights, contact us at privacy@rightmywork.com.
3. Documents You Upload
How Documents Are Processed
When you upload a DOCX file, it is transmitted over HTTPS to our servers and temporarily stored in private storage. The file is then downloaded by our processing engine, and the original uploaded file is permanently deleted from storage immediately after processing begins. Your document text is transmitted to third-party AI model providers via their APIs for the sole purpose of generating editing suggestions. The edited output is stored in private storage for a limited download window.
Retention and Deletion
The original uploaded file is deleted immediately after processing begins. The edited output file is available for download for 24 hours (free-tier users) or 7 days (paid-tier users). After the applicable download window expires, the output file is permanently deleted via an automated daily cleanup process. Temporary working files on processing servers are deleted immediately after each job, including on failure. We do not retain copies of your documents beyond these periods.
What We Do Not Do With Your Documents
We do not read, review, or manually access your document content. We do not use your documents to train, fine-tune, or improve any AI models. We do not share your document content with any third party except the AI model provider for the sole purpose of processing your editing job. We do not mine, analyse, or extract information from your document content for any purpose other than providing the editing Service.
Third-Party AI Providers
Your document text is sent to third-party AI model providers via their APIs for processing. As of the date of this policy, the AI providers we use state that data submitted through their APIs is not used to train their models. However, we do not control these providers' policies and cannot guarantee their future data practices. We recommend reviewing the current privacy and data usage policies of our AI providers directly if you have concerns about how your document text may be handled by them.
4. Personal Information We Collect
Account Information
When you create an account, we collect your email address (required), and optionally your full name. If you authenticate via Google OAuth, we receive your email address and display name from Google. We also store your account plan type (e.g., free, starter, scholar, value) and role (user or admin).
Payment Information
Payments are processed entirely by third-party payment providers. We do not receive, process, or store your credit card number, bank account details, or other payment instrument data. We receive only: a transaction confirmation, the amount paid, the tier purchased, and a provider-assigned transaction identifier. Payment intent records (amount, tier, status, timestamps) are stored in our database.
Credit and Usage Data
We maintain a record of your word credit balance (words remaining and cumulative words used). We store metadata about each editing job you submit, including: job ID, status, original filename, estimated word count, words billed, editing options selected (style guide, English variant, serial comma preference, cross-reference flag), timestamps (created, started, completed), and a download token. We do not store the content of your documents.
Anonymous Session Data
If you use the Service without an account, we generate a random session token stored in a browser cookie. We store only a cryptographic hash of this token on our servers — never the token itself. We track words used and a word limit per anonymous session. Anonymous session data expires and is deleted after 30 days.
Audit Log Data
We maintain an immutable audit log of significant events (job creation, job cancellation, payment intents, payment completions, email sends). Each audit entry records the event type, associated entity, a JSON metadata object, a cryptographic hash of your IP address (never the raw IP), and a timestamp. This log cannot be modified or deleted and is accessible only to our server-side systems.
Automatically Collected Data
When you access the Service, our servers may automatically receive: your IP address (which is cryptographically hashed before storage — we never store raw IP addresses), browser type and version, operating system, referring URL, pages visited, and access timestamps. We use this data solely for security, rate limiting, and abuse prevention.
5. How We Use Your Information
We use the data we collect for the following purposes and no others: (a) to provide and operate the Service, including processing your documents and delivering editing results; (b) to manage your account, credit balance, and job history; (c) to process payments and issue receipts; (d) to send service-related communications (job completion notifications, payment receipts, download reminders, low-balance warnings); (e) to send product-related communications (feature highlights, upgrade suggestions) — you may opt out of these; (f) to enforce rate limits and prevent abuse; (g) to maintain audit logs for security and fraud detection; (h) to comply with applicable legal obligations; and (i) to investigate and resolve disputes or enforce our Terms of Service.
We do not use your data for advertising, behavioural profiling, or sale to third parties. We do not use your document content for any purpose other than editing it as requested.
6. Data Sharing and Disclosure
Third-Party Service Providers
We share data with the following categories of service providers, solely to the extent necessary for them to perform their functions: (a) Authentication and database providers — process your email, profile data, job metadata, and document files to operate the Service; (b) AI language model providers — receive your document text for the sole purpose of generating editing suggestions (they do not receive your email, name, or other personal information); (c) Email delivery providers — receive your email address and email content for transactional and product emails; (d) Cloud infrastructure providers — host our servers and manage encryption keys; and (e) Payment providers — process payment transactions (they receive payment instrument data directly from your browser; we do not intermediate). A current list of our sub-processors is available upon request by emailing privacy@rightmywork.com.
Legal Requirements
We may disclose your information if required to do so by law, court order, subpoena, or government request, or if we believe in good faith that disclosure is reasonably necessary to: (a) comply with a legal obligation; (b) protect the rights, property, or safety of RightMyWork, our users, or the public; (c) detect, prevent, or address fraud, security, or technical issues; or (d) enforce our Terms of Service.
Business Transfers
In the event of a merger, acquisition, reorganisation, bankruptcy, or sale of all or a portion of our assets, your data may be transferred as part of that transaction. We will notify you of any such transfer and any changes to the applicable privacy practices.
What We Never Do
We do not sell your personal information to any third party. We do not share your data with advertisers. We do not share your document content with anyone other than the AI model provider for processing. We do not disclose your data to other users of the Service.
7. Data Security
We implement industry-standard security measures to protect your data: (a) all data is transmitted over HTTPS (TLS 1.2 or higher); (b) uploaded documents and edited outputs are stored in private storage with no public access; (c) download links use unique, randomly generated tokens that expire after the applicable retention period; (d) secrets and credentials are managed through dedicated secret management infrastructure — never stored in source code; (e) database access is restricted so that each authenticated user can only query their own data; (f) IP addresses are cryptographically hashed before storage — we never store raw IP addresses; (g) audit logs are immutable and cannot be modified or deleted; (h) rate limiting is applied to all public endpoints to prevent abuse; and (i) financial operations use database-level safeguards to prevent race conditions.
No method of electronic transmission or storage is 100% secure. While we use commercially reasonable measures to protect your data, we cannot guarantee absolute security. You use the Service at your own risk.
8. Cookies and Tracking
We use essential cookies only. Specifically: (a) authentication cookies — required for maintaining your logged-in session (HttpOnly, Secure, SameSite attributes); and (b) an anonymous session cookie — used for tracking free word usage for non-authenticated users (hashed on the server). We do not use advertising cookies, analytics cookies, social media cookies, or any third-party tracking technologies.
9. Data Retention
Document Data
Original uploaded files: deleted immediately after processing begins. Edited output files: deleted after 24 hours (free tier) or 7 days (paid tier). Temporary processing files: deleted immediately after job completion or failure.
Account and Profile Data
Retained for as long as your account is active. Upon account deletion, your profile, credit balance, and associated data are deleted within 30 days.
Job Metadata
Job records (filename, word count, status, timestamps — not document content) are soft-deleted 7 days after completion. Expired job records remain in the database with a deleted_at timestamp and are excluded from user-facing queries.
Payment Records
Payment intent records are retained for as long as required by applicable tax and accounting laws (typically 7 years).
Audit Logs
Audit log entries are retained indefinitely for security and fraud detection purposes. Audit logs contain only event types, entity identifiers, IP hashes, and metadata — never document content or raw personal information.
Anonymous Sessions
Anonymous session records are automatically deleted 30 days after creation.
10. Data Processing Location
Your data is processed and stored in the United States. Our service providers may operate infrastructure in various locations. By using the Service, you acknowledge and consent to the transfer and processing of your data in the United States, which may have different privacy laws than your country of residence. We take contractual steps to protect your information when transferred across borders.
11. Your Rights
All Users
Regardless of your location, you may: (a) access your data via your dashboard at any time; (b) download your edited documents during the applicable download window; (c) request account deletion by emailing privacy@rightmywork.com (we will delete your account, profile, credit balance, job metadata, and all associated data within 30 days); and (d) opt out of promotional emails by using the unsubscribe link in those emails.
California Users (CCPA/CPRA)
If you are a California resident, you have the right to: (a) know what personal information we collect, use, and disclose; (b) request deletion of your personal information; (c) opt out of the "sale" or "sharing" of personal information — we do not sell or share personal information as defined by the CCPA/CPRA; and (d) non-discrimination — we will not discriminate against you for exercising your privacy rights. To exercise these rights, email privacy@rightmywork.com.
Global Privacy Control (US Users)
RightMyWork recognises and honours Global Privacy Control (GPC) opt-out signals. If your browser transmits a GPC signal when you visit our website, we treat this as a request to opt out of the sale or sharing of your personal information. RightMyWork does not sell personal information. We do not use personal information for cross-context behavioural advertising.
Canadian Users (PIPEDA)
If you are located in Canada, the following additional provisions apply to you under the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation. We collect your email address for account management, service delivery, and transactional communications. We do not collect more information than is necessary for these purposes. Your uploaded documents are processed to deliver the editing service and permanently deleted from our servers immediately after your edited document is returned to you. By creating an account and using RightMyWork, you consent to the collection, use, and disclosure of your personal information as described in this Privacy Policy. You may withdraw consent at any time by deleting your account, which will result in the deletion of your email address from our records. Withdrawal of consent may limit your ability to use the Service. You have the right to access the personal information we hold about you, to correct any inaccuracies, and to request that we provide you with an account of how your information has been used. To exercise these rights, contact us at privacy@rightmywork.com. We will respond within 30 days. In the event of a data breach that creates a real risk of significant harm to you, we will notify you and the Office of the Privacy Commissioner of Canada as soon as reasonably feasible. Your personal information is stored on servers located in the United States and processed using third-party service providers who may be located in the United States. By using RightMyWork, you acknowledge that your personal information may be transferred to and processed in the United States, which has different privacy laws than Canada. We take contractual steps to protect your information when transferred. If you are unsatisfied with our response to a privacy inquiry, you may contact the Office of the Privacy Commissioner of Canada at www.priv.gc.ca.
Australian Users (Privacy Act / Australian Privacy Principles)
If you are located in Australia, the following additional provisions apply to you under the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). We collect your email address, a cryptographic hash of your IP address for security logging, and any personal information contained in documents you upload for editing. Uploaded documents are permanently deleted immediately after your edited document is returned to you. We do not retain document content. We use your email address to deliver the Service, send transactional communications, and for account security. We do not use your personal information for direct marketing without your separate, express consent. We do not disclose your personal information to third parties except to our service providers who are contractually bound to handle it in accordance with the Australian Privacy Principles. RightMyWork uses AI systems to edit your documents. The editing output is generated automatically by AI. As required under amendments to the Australian Privacy Act effective December 10, 2026, we disclose that automated AI processing is used in the delivery of the editing Service. No automated system makes decisions about your account status, eligibility, or access — those decisions involve human review. Your personal information is stored and processed in the United States. We take reasonable steps to ensure overseas recipients handle your information in a way consistent with the Australian Privacy Principles. You have the right to access the personal information we hold about you and to request corrections. Contact privacy@rightmywork.com. We will respond within 30 days. If we decline to provide access or make a correction, we will provide reasons in writing. If you have a privacy complaint, contact privacy@rightmywork.com. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner at www.oaic.gov.au.
12. Children's Privacy
The Service is not directed at individuals under 18 years of age. We do not knowingly collect personal information from anyone under 18. If we become aware that we have collected personal data from a person under 18, we will delete that data promptly. If you believe that a minor has provided us with personal data, please contact us at privacy@rightmywork.com.
13. Email Communications
We send the following types of email: (a) Service-related (required): account confirmation, job completion notifications with download links, payment receipts, low-balance warnings. These cannot be opted out of while your account is active because they are necessary to deliver the Service. (b) Product-related (optional): feature highlights (sent approximately 3 days after signup), upgrade suggestions (sent approximately 7 days after signup to free-tier users). You may opt out of these at any time.
Your email address is shared with our email delivery provider solely for the purpose of delivering these emails. Our email delivery provider processes this data according to their own privacy policy.
14. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and may notify registered users by email. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy. We encourage you to review this policy periodically.
15. Contact
For privacy questions, data requests, or complaints, contact us at privacy@rightmywork.com.