Updated: 2026-06-12
DoneRight (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how personal information is collected, used, and disclosed when you use our website, applications, and related services (collectively, the “Service”). The Service currently includes DoneRight Proof (a reputation management and marketing workflow application) and DoneRight BeReady (an evidence-management workspace for certification readiness preparation).
By accessing or using the Service, you agree to the collection and use of information in accordance with this Privacy Policy.
Not legal or professional advice. This policy describes our data practices. It is not a substitute for legal, compliance, or professional advice. DoneRight is not a certification body and does not guarantee certification, readiness, compliance, or scoring outcomes.
Company refers to DoneRight Technologies Inc.
Personal Data means any information that identifies or can reasonably be used to identify an individual.
Service refers to the DoneRight website, applications (Proof and BeReady), and related services.
Customer or Account Holder means a business or individual that registers to use the Service.
End User means a person whose information may be processed through a Customer’s use of the Service (for example, a customer of a Proof subscriber, or a workspace member in BeReady).
Workspace means a tenant-isolated environment within BeReady associated with a subscribing organization.
You means the individual or entity using the Service.
The specific data we collect depends on which product(s) you or your organization uses.
Account and Identity Data (all products)
Organization and Workspace Data (all products)
Job, Proof, and Media Content (Proof)
Business Artifact and Evidence Data (BeReady)
Integration and Technical Data (all products)
We do not store full credit card numbers. Payment processing is handled by Stripe.
We do not sell, rent, or trade personal information to third parties.
AI features: Where AI-assisted suggestion features are enabled within BeReady, AI suggestions are non-authoritative review aids. AI output does not automatically create evidence items, accept or reject candidates, satisfy certification criteria, or determine readiness or compliance. Partner and customer data is not approved for use with external AI providers unless a specific opt-in, privacy review, and enablement process has been completed for your workspace.
Service Providers: We share information with trusted third-party providers who assist in operating the Service, including infrastructure hosting, authentication, email delivery, billing, social platform integrations, mailbox sync, and SMS delivery. Current providers include or may include Convex (backend data and functions), Stripe (billing), Resend (email delivery), Google (Business Profile, Gmail), Microsoft (Outlook), Meta/Facebook, Instagram, SMS providers (Bandwidth, Twilio), and PostgreSQL-compatible database infrastructure.
Public Surfaces (Proof): When a business user publishes proof content to a public showcase or sends a customer review link, selected proof images, job context, and business branding may be visible to third parties. Business users control what is published. Token-based review links are time-limited; the Service stores token hashes, not raw tokens.
Business Transfers: Information may be transferred in connection with a merger, acquisition, or asset sale, subject to confidentiality obligations.
Legal Requirements: We disclose personal information only where required by law and in accordance with our Public Authority Data Request Policy.
No Sale of Data: We do not sell, rent, or trade personal information.
We retain personal information and workspace content only as long as necessary to provide the Service, honour contractual obligations, and comply with applicable legal requirements. Operational backend logs are subject to automated retention and pruning processes. Uploaded documents and evidence artifacts are retained within your workspace until deleted or your account is terminated. Specific retention periods depend on the deployed environment and applicable law.
We implement reasonable technical and organizational safeguards to protect personal information, including credential hashing, session management, workspace-scoped access controls, token-based public link management, encrypted secret storage for integrations, and audit logging. However, no method of transmission or storage is 100% secure. We encourage you to use strong credentials and to report suspected security concerns to legal@doneright.cloud.
Your information may be processed in countries other than your own, including Canada and the United States, depending on the infrastructure and service providers we use. Where required by applicable law, we apply appropriate safeguards to cross-border data transfers.
Depending on your jurisdiction, you may have rights to access, correct, delete, or port your personal information, or to object to or restrict certain processing. To exercise these rights, contact us at legal@doneright.cloud. We will respond in accordance with applicable law.
Where the Service processes personal information on behalf of a Customer (for example, end-user data entered by a Proof subscriber), the Customer is typically the data controller responsible for that information. Please contact the relevant business if you have questions about how your information was submitted to the Service.
We use cookies and session tokens to authenticate users, maintain secure sessions, and operate the Service. We do not use third-party advertising cookies. You may disable cookies in your browser settings, but doing so may affect your ability to log in or use the Service.
The Service includes scheduled background processes that operate without a manual trigger at the moment of execution. These include review request delivery, social post scheduling, SMS reminder delivery, mailbox sync for issue replies, and operational log pruning. These automated processes act on configurations and schedules set by you or your account administrator.
Our Service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13.
We may update this policy from time to time to reflect changes in the Service, applicable law, or our practices. Material changes will be communicated through the Service. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.
For privacy-related inquiries, data requests, or concerns:
legal@doneright.cloud
DoneRight Technologies Inc., 777 Fort St., Victoria, BC, V8W 1G9, Canada
We believe technology should empower people and business should support life. We treat personal information with great seriousness and respect, and we are committed to building products that protect the data of the businesses and individuals who trust us.