Privacy Policy

Last updated: August 2025

1. Privacy Notice – Who we are

rightvybe Ltd (“rightvybe”, “we”, “us”) respects your privacy and is committed to protecting your personal data. This notice explains how we process personal data on our website/app when you are a customer, supplier, or website visitor. It also tells you about your rights under the UK Data Protection Act 2018, UK GDPR and EU GDPR.

2. Controller for personal data

rightvybe is the data controller unless stated otherwise. Company number: 15830298. Registered office: 4th Floor, Silverstream House, 45 Fitzroy Street, Fitzrovia, London, W1T 6EB.

3. Scope

• Customers: services/products for individuals aged 18+ (accounts identified under 18 will be deleted).
• Suppliers: provision of products and services to us.
• Website visitors: anyone visiting our site.

4. Types of personal data

“Personal data” means any information about an individual from which that person can be identified. Anonymised data is not included.

Customer data

• Registration data: name, mobile number, email, device ID, OS & version, app version, login history, referral tracking.
• Biometric data: Face ID/fingerprint processed on your device only; not accessed or stored by rightvybe.
• Transaction data: merchant/company, amount, points/vybes earned, payment method, purchase time, incentives/rewards/bonuses, purchase ID, refunds, gift card access.
• Payment data (Open Banking): user ID, full name, email, order details shared with a regulated Open Banking payment provider.
• Identification verification data: photo of ID or a video with your ID.
• Cash Out Request data: bank details (account name, sort code, account number) shared with our bank to complete transfers.
• General communications data: name, email, phone.
• Marketing data: name, email, marketing preferences.
• Surveys data: opinions and feedback.
• Referrals data: name and email.
• Technical data: IP address, login data, browser type/version, time zone and location, plug-ins, OS, platform, device tech.

Supplier data

• Identity: first name, last name, username or similar identifier, title.
• Contact: billing/delivery address, email, phone.
• Financial: bank account details.
• Transaction: details of payments and other transaction details for services.

Website visitor data

• Identity: first name, last name, username or similar identifier, title.
• Contact: email, phone.
• Technical: IP address, login data, browser type/version, time zone and location, plug-ins, OS, platform, device tech.
• Profile: username, password, searches, ratings/comments, preferences, feedback, survey responses.
• Usage: how you use our website/services.
• Marketing & Communications: preferences for receiving marketing and other communications.

5. Lawful bases: How we use your personal data

• Performance of a contract (e.g., when you sign up).
• Legal obligation (e.g., accounting or legal requirements).
• Legitimate interests (balanced against your rights).
• Consent (where relied on; you can withdraw at any time).
• Vital interests (emergencies).
• Public obligation (e.g., public health/interests).

6. How we collect your personal data

Directly from you via your interactions with us, and from third parties (where others send data to enable our services to you, or you tell a third party to share it with us).

7. Processing Information (table-free)

Below, each processing activity is shown as a “card” with the categories of data and the lawful basis.

Customer

Supplier

Website visitor

8. Use of Artificial Intelligence

We use AI only to support and streamline processes; it does not make decisions about you. All decisions related to your interactions are made by our team.

9. Cookies and similar technologies

We use tools such as Firebase Analytics, Crashlytics and Google Analytics that may collect device and usage information (e.g., app version, device model, OS version, anonymised usage stats) for stability, diagnostics and understanding interactions, under our legitimate interests. See our cookies notice for details.

10. Providing personal data

If we must collect personal data by law or contract and you do not provide it, we may be unable to provide services and will inform you if that is the case.

11. Marketing Communications

We may send marketing messages (separate from transactional/service emails). You can opt out at signup (where we offer a bonus on your first purchase) or in any message. Marketing is via email and push per your settings. To stop these, email privacy@rightvybe.com, or adjust device settings for push.

We may use “soft opt-in” to market to existing or potential customers who provided details during a purchase, did not opt out, and were given a clear opt-out in every message.

12. How we share your data & our processors

• Internally: employees/contractors on a need-to-know basis.
• Within our Group: to deliver services.
• Business administration suppliers: IT/communications, outsourced support.
• Fraud prevention / KYC provider: device fingerprinting & identity verification.
• Communication sending provider: email, SMS, push.
• Professional advisers: lawyers, bankers, auditors, insurers.
• Payment service intermediaries: facilitate payments.
• Authorities: law enforcement/regulators where required.
• Advertising & analytics providers and Social Media for customer service/engagement.
• Third parties in business changes: acquisition/transfer/reorganisation.

13. International data transfers

Some external providers are outside the UK/EU. We use safeguards such as adequacy decisions and UK/EU-approved contracts (e.g., SCCs) to ensure comparable protection. For details, contact privacy@rightvybe.com.

14. Third-party URLs

Our app/website may link to third-party sites/apps that we do not control. We are not responsible for their content or privacy practices.

15. Data security

We use appropriate security measures to prevent accidental loss, unauthorised access/use, alteration or disclosure, and restrict access to those with a business need under confidentiality obligations.

16. Data retention

We keep personal data only as long as necessary for the purposes collected and to satisfy legal/regulatory/tax/accounting/reporting requirements, and longer where needed for complaints or potential litigation. We consider data amount/nature/sensitivity, risk, purposes and legal requirements when setting retention.

Deleting your account via the app

Log in, tap the user icon, and in Settings select “Delete Account.” This removes your personal data from our system, though transaction records may be retained for compliance. For further erasure, email privacy@rightvybe.com.

17. Your rights

• Access – confirmation and a copy of your data.
• Be informed – this notice explains how we use your data.
• Rectification – correct incomplete/inaccurate data.
• Erasure – request deletion where data is no longer needed.
• Restrict/object – limit or object to processing (e.g., marketing).
• Data portability – machine-readable copy or transfer to another controller (where processing is based on consent/contract and automated).
• Withdraw consent – where relied on; this won’t affect prior lawful processing, but may impact services if consent is required.
• Automated decision-making – we do not make decisions with legal/similarly significant effects solely by automated means.

Exercising your rights

No fee is required unless requests are unfounded, repetitive or excessive. We may ask for information to confirm identity. We aim to respond within one month (complex/multiple requests may take longer; we will keep you updated).

18. Keeping information accurate

Please keep your personal data accurate and current; contact us to update details.

19. Concerns and complaints

Please contact us first (see below). You may also complain to your data protection authority (e.g., UK ICO).

20. Changes to this notice

We may update this notice in response to legal, technical or business developments. We will take appropriate steps to inform you and obtain consent where required.

21. Contact us

For more information, contact: privacy@rightvybe.com