Privacy Policy

1. Introduction

Welcome to Rightful ("we," "our," or "us"). We respect your privacy and are committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application ("App").

By using Rightful, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our App.

2. Information We Collect

2.1 Personal Information You Provide

When you use Rightful, we may collect the following information that you voluntarily provide:

• Account Information: Name, email address (via Apple Sign In or Google Sign In)
• Claim Form Data: First name, last name, email address, phone number, mailing address (street address, city, state, ZIP code), payment information (PayPal email, Venmo username, Zelle information), purchase details, and other information required for specific settlement claims
• Signature Data: Digital signature for claim submissions
• Uploaded Documents: Receipts, proof of purchase, and other supporting documents for claims
• Profile Information: Optional information you provide to enhance your experience

2.2 Automatically Collected Information

When you use the App, we automatically collect certain information:

• Device Information: Device type, operating system, unique device identifiers
• Usage Data: App features you use, settlements you view, claims you submit, time spent in the app
• Analytics Data: App performance, crash reports, and user interactions (collected via Mixpanel)
• Subscription Information: Subscription status, payment history, and renewal information (managed by RevenueCat)

2.3 Information From Third-Party Services

We use the following third-party services that may collect information:

• Supabase: Backend database and authentication services
• RevenueCat: Subscription management and purchase processing
• Mixpanel: Analytics and user behavior tracking
• Lob: Physical mail delivery services for claim letters
• Apple Sign In / Google Sign In: Authentication services

3. How We Use Your Information

We use the information we collect to:

• Provide Core Services: Process and submit class action settlement claims on your behalf
• Generate Documents: Create pre-filled PDF claim forms with your information
• Mail Physical Letters: Send signed claim forms via postal mail to settlement administrators
• Manage Subscriptions: Process payments and manage your subscription status
• Communicate With You: Send notifications about settlement deadlines, claim status updates, and app-related information
• Improve the App: Analyze usage patterns to enhance features and user experience
• Track Claims: Monitor the status of your submitted claims and delivery confirmations
• Provide Customer Support: Respond to your inquiries and resolve issues
• Comply With Legal Obligations: Meet regulatory requirements and respond to legal requests

4. How We Share Your Information

4.1 With Settlement Administrators

We share your claim information (name, address, email, phone, payment details, signatures, and supporting documents) directly with settlement administrators as required to process your claims.

4.2 With Service Providers

We share information with trusted third-party service providers:

• Supabase: Stores your account data, claim submissions, and documents
• RevenueCat: Processes subscription payments through Apple App Store
• Lob: Prints and mails physical claim letters on your behalf
• Mixpanel: Analyzes app usage and user behavior for improvements
• Apple/Google: Authentication and sign-in services

These service providers are bound by confidentiality agreements and may only use your information to perform services for us.

4.3 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, subpoenas, government agencies).

4.4 Business Transfers

If Rightful is involved in a merger, acquisition, or asset sale, your information may be transferred as part of that transaction.

5. Data Storage and Security

• Storage Location: Your data is stored on secure servers provided by Supabase (hosted on AWS in the United States)
• Local Storage: Some data (name, subscription status, app preferences) is stored locally on your device
• Security Measures: We use industry-standard encryption (SSL/TLS) to protect data in transit and at rest
• Access Controls: Only authorized personnel have access to your personal information
• PDF Storage: Signed claim PDFs are securely stored in Supabase Storage with access controls

While we strive to protect your personal information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention

• Active Accounts: We retain your information for as long as your account is active
• Claim Records: Claim submissions, signed PDFs, and related documents are retained for 7 years for legal and tax purposes
• Deleted Accounts: Upon account deletion, personal information is anonymized or deleted within 90 days, except where retention is required by law

7. Your Privacy Rights

Depending on your location, you may have the following rights:

7.1 All Users

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information
• Opt-Out: Unsubscribe from marketing communications
• Data Portability: Request your data in a portable format

7.2 California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected, used, shared, or sold
• Right to delete personal information
• Right to opt-out of the sale of personal information (Note: We do NOT sell your personal information)
• Right to non-discrimination for exercising your CCPA rights

7.3 European Users (GDPR)

If you are located in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

• Right of access, rectification, erasure, and restriction of processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent at any time
• Right to lodge a complaint with a supervisory authority

Legal Basis for Processing: We process your personal information based on:

• Contract Performance: To provide our services and process claims
• Legitimate Interests: To improve our app and prevent fraud
• Consent: For analytics and marketing (where required)
• Legal Obligation: To comply with applicable laws

To exercise your privacy rights, contact us at: privacy@rightfulapp.com

8. Children's Privacy

Rightful is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children under 18. If we discover that a child under 18 has provided us with personal information, we will delete it immediately. If you believe we have collected information from a child, please contact us.

9. Third-Party Links

Our App may contain links to third-party websites (e.g., settlement administrator websites). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the new Privacy Policy in the App
• Sending you an email notification (if applicable)
• Displaying an in-app notification

Your continued use of the App after changes become effective constitutes acceptance of the revised Privacy Policy.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have different data protection laws. By using Rightful, you consent to such transfers.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: