RightOnQ is a trading name of Continuity AI Ltd (Companies House No. 17119848), registered in England and Wales. This Privacy Policy explains how we collect, use, and protect personal data in accordance with UK GDPR and the Data Protection Act 2018.
1. Who We Are
Continuity AI Ltd trades as RightOnQ. We are the data controller for personal data collected through our website and messaging services.
Registered address: Clay Bank Farmhouse, Hook Norton, BANBURY, OX15 5PA
Contact: adam@rightonq.co.uk
2. What Data We Collect
Website visitors
- Name, company name, email address, and message content submitted via our contact form
- Basic usage data (pages visited, browser type, referring URL) via standard server logs
Business clients (operators)
- Company name, contact name, email address, and billing information
- Account login credentials (email and hashed password)
- Usage data — message volumes, delivery rates, dashboard activity
End recipients (staff, residents, or clients of our business customers)
- Mobile phone number — provided by the business operator on behalf of the recipient
- Name — used to personalise messages
- Message response data — whether a message was delivered, read, or confirmed
- Timestamp data — when messages were sent and responded to
We do not collect sensitive personal data (health records, financial details, identity documents) as part of our standard service.
3. How We Use Your Data
To deliver our messaging service
We use mobile phone numbers and names to send scheduled reminder and confirmation messages via SMS and WhatsApp on behalf of our business clients.
Legal basis
- Business clients: Contract — necessary to deliver the service you have engaged us for
- End recipients: Legitimate interests — messages are sent on behalf of the recipient's employer, care provider, or service operator, who has obtained appropriate consent before registering recipients on our platform
- Website enquiries: Legitimate interests — responding to your enquiry
We do not
- Sell personal data to third parties
- Use personal data for advertising or marketing to end recipients
- Use automated decision-making that produces legal or similarly significant effects
4. WhatsApp and SMS Messaging
Our service uses WhatsApp Business API and SMS to deliver messages. When messages are sent via WhatsApp, delivery and read receipt data is processed by Meta Platforms Ireland Limited under their own terms and privacy policy.
SMS messages are delivered via third-party telecommunications providers. Delivery confirmation data is processed by those providers.
Recipients can opt out at any time by replying STOP to any message. Opt-out requests are processed immediately and the relevant business operator is notified.
5. Who We Share Data With
We share data only as necessary to deliver our service:
- Messaging infrastructure providers — third-party SMS and WhatsApp delivery providers (phone numbers and message content only)
- Cloud hosting providers — for secure data storage and application hosting
- Payment processors — Stripe and GoCardless for billing (business clients only)
- HMRC and regulatory bodies — where required by law
All third-party processors are bound by data processing agreements and operate in compliance with UK GDPR.
6. Data Retention
- Message logs — retained for 12 months from the date of sending, then permanently deleted
- Business client account data — retained for the duration of the contract plus 6 years (HMRC requirements)
- End recipient records — retained until the business operator removes them from the platform, or until the operator's contract ends
- Website enquiries — retained for 12 months from receipt
7. Your Rights
Under UK GDPR you have the right to:
- Access — request a copy of the personal data we hold about you
- Rectification — request correction of inaccurate data
- Erasure — request deletion of your data, subject to legal retention obligations
- Restriction — request we limit processing of your data
- Portability — receive your data in a structured, machine-readable format
- Object — object to processing based on legitimate interests
- Opt out of messages — reply STOP to any message at any time
To exercise any right, contact us at adam@rightonq.co.uk. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
8. Data Security
We implement appropriate technical and organisational measures to protect personal data, including HTTPS encryption for all data in transit, encrypted data storage, access controls, and regular security reviews.
In the event of a data breach that is likely to result in a risk to individuals' rights and freedoms, we will notify the ICO within 72 hours and affected individuals without undue delay.
9. Cookies
Our website uses only essential cookies necessary for the site to function. We do not use tracking, advertising, or analytics cookies that require consent.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated to business clients by email. The current version is always available at www.rightonq.co.uk/privacy.
11. Contact
Continuity AI Ltd (trading as RightOnQ)
Clay Bank Farmhouse, Hook Norton, BANBURY, OX15 5PA
adam@rightonq.co.uk