Privacy Policy

Effective date: April 1, 2026 · Last revised: April 4, 2026

1. Introduction & Scope

RightAIChoice (“we,” “us,” or “our”) operates the website located at rightaichoice.com (the “Platform”). This Privacy Policy describes the categories of personal information we collect, the purposes for which we process it, the legal bases we rely upon, and the rights available to you under applicable data protection legislation, including the European Union General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the California Privacy Rights Act (CPRA).

By accessing or using the Platform, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with any provision herein, you must discontinue use of the Platform immediately.

2. Data Controller

For the purposes of applicable data protection law, RightAIChoice is the data controller responsible for the processing of your personal information. All inquiries regarding data processing may be directed to: privacy@rightaichoice.com.

3. Categories of Personal Information Collected

We collect the following categories of information:

3.1 Account & Identity Data

When you register an account, we collect your email address, display name, and, where applicable, profile photograph. If you authenticate via Google OAuth, we receive your Google profile name, email address, and profile image URL as authorized by your Google account permissions.

3.2 User-Generated Content

Content you voluntarily submit, including reviews, ratings, questions, answers, discussion posts, and workflow contributions. This content is publicly visible and associated with your display name.

3.3 Behavioral & Usage Data

We collect anonymized and aggregated usage data including pages viewed, search queries entered, tools clicked, filters applied, time spent on pages, and navigation paths. This data is processed through Mixpanel, our product analytics platform, and is used exclusively to improve the Platform experience.

3.4 Technical & Device Data

We automatically collect your IP address, browser type and version, operating system, device identifiers, referring URLs, and access timestamps. This data is necessary for security, performance monitoring, and abuse prevention.

3.5 Error & Diagnostic Data

We use Sentry for application error monitoring. When errors occur, Sentry may capture stack traces, request metadata, and anonymized contextual information to facilitate debugging. No personally identifiable information is intentionally transmitted to Sentry.

4. Purposes & Legal Bases for Processing

  • Contract performance — To create and maintain your account, authenticate sessions, and provide the services you requested.
  • Legitimate interest — To improve Platform functionality, generate AI-powered recommendations, detect fraud, enforce community guidelines, and conduct aggregated analytics.
  • Consent — Where required by law, for optional features such as personalized email digests or marketing communications. You may withdraw consent at any time.
  • Legal obligation — To comply with applicable laws, regulations, or enforceable governmental requests.

5. Third-Party Data Processors

We engage the following third-party processors, each operating under contractual data processing agreements or equivalent safeguards:

  • Supabase, Inc. — Database hosting, authentication, and row-level access control. Data resides in AWS infrastructure (US regions).
  • Vercel, Inc. — Application hosting, edge functions, and content delivery. Processes request-level data.
  • Anthropic, PBC — AI model inference for tool recommendations, chat, and content generation. Queries are not retained for model training.
  • Mixpanel, Inc. — Product analytics. Data is processed in accordance with Mixpanel's privacy standards.
  • Functional Software (Sentry) — Application error monitoring and diagnostics.

We do not sell, rent, lease, or otherwise disclose personal information to third parties for their own marketing purposes.

6. Cookies & Similar Technologies

We employ the following categories of cookies:

  • Strictly necessary — Authentication session cookies managed by Supabase Auth. These cannot be disabled without impairing core functionality.
  • Analytics — Mixpanel tracking cookies used to measure engagement and improve the Platform. These may be declined where required by your jurisdiction.

We do not deploy advertising cookies, retargeting pixels, social media tracking widgets, or any third-party cookies beyond those enumerated above.

7. International Data Transfers

Your data may be transferred to, stored in, and processed in the United States and other jurisdictions where our processors maintain infrastructure. Where such transfers involve personal data originating from the European Economic Area (EEA), United Kingdom, or Switzerland, we ensure adequate safeguards through Standard Contractual Clauses (SCCs), adequacy decisions, or equivalent mechanisms recognized under applicable law.

8. Data Retention

  • Account data — Retained for the duration of your active account. Upon account deletion, personal data is purged within 30 calendar days.
  • User-generated content — Public contributions (reviews, Q&A, discussions) may be anonymized and retained to preserve the integrity of community knowledge, unless you specifically request full deletion.
  • Usage & analytics data — Aggregated data is retained indefinitely. Identifiable usage data is automatically purged after 90 days.
  • Error logs — Retained for 30 days, then automatically deleted by Sentry.

9. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Right of access — Request confirmation of whether we process your personal data and obtain a copy thereof.
  • Right to rectification — Request correction of inaccurate or incomplete personal data via your account dashboard.
  • Right to erasure — Request deletion of your personal data, subject to applicable legal retention obligations.
  • Right to data portability — Request a machine-readable export of your personal data.
  • Right to restrict processing — Request temporary restriction of processing while a dispute or verification is pending.
  • Right to object — Object to processing based on legitimate interest grounds.
  • Right to withdraw consent — Where processing is based on consent, withdraw at any time without affecting the lawfulness of prior processing.
  • Right to non-discrimination (CCPA/CPRA) — We will not discriminate against you for exercising any of your privacy rights.

To exercise any of these rights, contact us at privacy@rightaichoice.com. We will respond within 30 days or as otherwise required by applicable law.

10. Children's Privacy

The Platform is not directed at individuals under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal data, we will take steps to delete such information promptly. If you believe a child has submitted personal data to us, please contact us immediately.

11. Security Measures

We implement industry-standard technical and organizational measures to protect your data, including: TLS 1.3 encryption for all data in transit, row-level security (RLS) policies on all database tables, secure httpOnly session cookies, Content Security Policy (CSP) headers, and regular dependency audits. While we strive to protect your personal data, no method of electronic transmission or storage is completely secure. If you discover a security vulnerability, please report it responsibly to security@rightaichoice.com.

12. Changes to This Policy

We reserve the right to modify this Privacy Policy at any time. Material changes will be communicated through a prominent notice on the Platform or via email to registered users. Your continued use of the Platform following such notice constitutes acceptance of the revised policy.

13. Contact & Supervisory Authority

For questions, requests, or complaints regarding this Privacy Policy or our data practices:

  • Email: privacy@rightaichoice.com
  • Response time: Within 48 business hours

If you are located in the European Economic Area and believe our processing of your personal data violates applicable law, you have the right to lodge a complaint with your local data protection supervisory authority.