Legal

Privacy Policy

Last updated: April 29, 2026

1. Who We Are

RightMyWork is operated by Edutora Labs Private Limited, a company registered in Nepal. Our registered address is Kathmandu, Nepal. Privacy contact: privacy@rightmywork.com.

2. What We Collect

Account information

Your email address, and optionally your name, when you register. If you sign in via Google, we receive your email and display name from Google.

Payment information

We do not receive or store your card details. Our payment provider handles card data directly. We receive only a transaction confirmation, amount paid, and tier purchased.

Usage data

Your credit balance, job history (filename, word count, status, timestamps), and editing options you select. We do not store the content of your documents.

Technical data

A cryptographic hash of your IP address (never the raw IP), browser type, and access timestamps, used for security and rate limiting only.

Anonymous sessions

If you use the Service without an account, we store a hash of a session token to track your free word usage. This data is deleted after 30 days.

3. How We Use Your Data

We use the data we collect to: provide and operate the Service, including processing your documents; manage your account and credit balance; process payments and send receipts; send service emails (job completion notifications, payment receipts, download reminders); send product emails such as feature updates, which you can opt out of at any time; prevent abuse and maintain security; and comply with legal obligations.

We do not sell your data. We do not use your data for advertising or behavioural profiling.

4. Your Documents

How documents are handled

Your uploaded file is transmitted securely and processed by our AI engine. The original file is permanently deleted immediately after processing begins. The edited output is stored for 24 hours (free accounts) or 7 days (paid accounts), then automatically deleted.

What we do not do

We do not manually read or access your document content. We do not use your documents to train AI models. Your document text is sent to our AI model provider solely to generate editing suggestions. As of the date of this policy, our AI providers do not use API inputs to train their models.

5. Google User Data (Google Sign-In)

What Google user data we access

If you sign in with Google, we request only the OpenID Connect scopes openid, email, and profile. From these scopes we receive your Google account email address, your basic profile information (name and profile picture URL), and a stable Google account identifier. We do not request access to Gmail, Google Drive, Google Calendar, Google Contacts, or any other Google service.

How we use Google user data

Google user data is used solely to create and authenticate your RightMyWork account, to populate your account profile (display name and avatar), and to send you transactional service emails. We do not use Google user data for any other purpose.

How we share Google user data

We share your Google account email address with our authentication provider, our email delivery provider, and our error and observability providers strictly for the operation of the Service. A current list of subprocessors is available at privacy@rightmywork.com on request. We do not sell, transfer, or disclose Google user data to data brokers, advertisers, or any other third party.

How we protect Google user data

Google account information is transmitted securely, stored in encrypted-at-rest databases on EU-based infrastructure, and access-controlled by row-level security policies so that only the authenticated user (and our automated systems acting on their behalf) can read it.

Retention and deletion of Google user data

Your Google account email and profile data are retained for as long as your RightMyWork account is active. When you request account deletion at privacy@rightmywork.com, all Google user data associated with your account is deleted within 30 days. We do not retain Google user data after account closure beyond that window.

What we do not do with Google user data

We do not use Google account information to train artificial intelligence or machine learning models. We do not use it for advertising, retargeting, or behavioural profiling. We do not transfer it to data brokers. Our use of information received through Google sign-in adheres to the Google API Services User Data Policy, including its Limited Use requirements.

6. Data Sharing

We share data only with service providers who need it to operate the Service: authentication and database providers (your account data); AI model providers (your document text, for editing only); email delivery providers (your email address, for transactional and product emails); cloud infrastructure providers (hosting); and payment providers (who handle card transactions directly from your browser).

We may disclose data if required by law, court order, or to protect the safety of our users or the public. If the business is sold or acquired, your data may transfer as part of that transaction.

We do not sell your personal information to any third party.

7. Your Rights

Regardless of where you are located, you may: access your account data via your dashboard at any time; request correction or deletion of your personal data by emailing privacy@rightmywork.com; opt out of product emails using the unsubscribe link in any such email; and request account deletion—we will delete your account and associated data within 30 days.

We will respond to all privacy requests within 30 days.

8. Cookies

We use essential cookies only: an authentication cookie to maintain your logged-in session, and an anonymous session cookie for non-authenticated users. We do not use advertising, analytics, or third-party tracking cookies.

9. Data Retention

Documents

Original uploaded files are deleted immediately after processing begins. Edited outputs are deleted after 24 hours (free accounts) or 7 days (paid accounts).

Account data

Retained while your account is active and deleted within 30 days of account closure.

Payment records

Retained for 7 years as required by applicable law.

Security logs

Retained for 7 years, then anonymised.

Anonymous sessions

Automatically deleted 30 days after creation.

Anti-abuse fingerprint

When you delete your account, we permanently erase your personal data including your email address, name, uploaded documents, and edit history. To prevent abuse of our free-tier credits (for example, deleting and recreating an account to claim free credits repeatedly), we retain only a one-way cryptographic hash of your email address. This fingerprint cannot be reversed to recover your email. It allows us to detect if the same address re-registers, in which case we may decline to grant free-tier credits, though you can still use the Service with purchased credits. The fingerprint is pseudonymised and retained under our legitimate interest in preventing fraud, as permitted by Article 6(1)(f) of the GDPR.

10. Security

All data is transmitted securely. Documents and outputs are stored in private storage with no public access. Download links use unique expiring tokens. IP addresses are hashed before storage—we never store raw IP addresses. Database access is restricted so each authenticated user can only access their own data.

11. Data Location

Your data is stored and processed on servers located in Europe. When you use the Service, your document text is transmitted to AI model providers located in the United States solely to generate editorial output. By using the Service, you acknowledge this transfer. Our AI model providers process this data under data processing agreements that include Standard Contractual Clauses for cross-border transfers; OpenAI's data processing agreement is on file with us, and Anthropic's DPA with Standard Contractual Clauses is automatically incorporated into its commercial terms.

12. Children

The Service is not directed at anyone under 18. We do not knowingly collect data from children. If you believe a child has provided us with personal data, contact privacy@rightmywork.com and we will delete it promptly.

13. Email Communications

We send two types of email. Service emails (account confirmation, job completion, payment receipts, download reminders) are necessary to deliver the Service and cannot be opted out of while your account is active. Product emails (feature updates, upgrade suggestions) are optional—you can opt out at any time using the unsubscribe link.

Your email address is shared with our email delivery provider solely for delivering these emails. We will not send you marketing email without your prior consent.

Our mailing address for CAN-SPAM and similar purposes: Edutora Labs Private Limited, Kathmandu, Nepal.

14. Changes to This Policy

We may update this policy from time to time. When we make material changes, we will update the date above and may notify registered users by email. Continued use of the Service after changes take effect means you accept the updated policy.

15. Contact

For privacy questions, data requests, or complaints, contact us at privacy@rightmywork.com.

Edutora Labs Private Limited, Kathmandu, Nepal.