Legal›Data protection

Your data, your rights.

Effective: 13 May 2026

Under the laws of every market we operate in, you have the right to see what we hold on you, get a copy, fix what's wrong, and ask us to delete it. Here's how to do that.

The five rights you have

Access

See a copy of everything we hold on you.

Portability

Get a machine-readable JSON export you can take elsewhere.

Correction

Fix anything we have wrong about you.

Deletion

Remove your account and tied data, subject to legal retention requirements.

Objection

Object to specific processing of your data.

How to make a request

Email privacy@getratedby.com from the email address tied to your RatedBy account. Tell us which of the five rights you're exercising and any specifics. We may ask you to verify your identity before responding — typically a one-time code sent to your account email or phone.

Submit a request

One email, one team. We'll confirm receipt within one business day and start the clock against your jurisdiction's SLA.

privacy@getratedby.com

How long we take to respond

SLAs vary by jurisdiction. We measure from the date we verify your identity, not from your initial email.

MarketLawRegulatorSLA

NigeriaNDPA 2023NDPC30 days

GhanaDPA 2012DPC21 days

KenyaDPA 2019ODPC21 days

South AfricaPOPIAInfo. Reg.30 days

EgyptPDPL 2020PDPL Authority30 days

BrazilLGPDANPD15 days

What a portability export looks like

You get a JSON file with everything tied to your account. Lookups, complaints, watchlist, transaction confirmations. Here's the shape:

{
  "export_generated_at": "2026-05-07T10:00:00Z",
  "data_controller": "QuickBill Digital Innovations Ltd, trading as RatedBy",
  "subject_type": "buyer",
  "account_created": "2025-01-15",
  "lookups": [
    {
      "vendor_handle": "@tunde_kicks",
      "platform": "instagram",
      "grade_returned": "A",
      "checked_at": "2026-05-01T14:22:00Z"
    }
  ],
  "complaints_filed": [],
  "watchlist": [],
  "confirmations": []
}

What deletion means in practice

If you're a buyer: We delete your lookup history, complaint submissions, watchlist, and transaction confirmations within 14 days. Any complaints you filed are anonymised — the report itself stays in the system so the seller's record is preserved, but your identity is removed from it. Some payment-trail records are retained for 7 years as required by financial regulators.

If you're a vendor: We delete your claimed profile data within 30 days. The unclaimed profile — the record computed from public signals — may continue to exist under legitimate interest. The computed Trust Index is RatedBy's analytical output, not personal data, and is not subject to deletion under our current legal position. We disclose this at claim time.

Infrastructure connections: Hashed signals — phone, bank account, device fingerprint — are retained after vendor profile deletion because they carry no personal data in the clear. This is what lets the record follow a seller across handle changes.

What's excluded from a request

We can't share third-party data (other people's complaints about a seller, even if you're that seller), reviewer notes, model prompts, or fraud-ring internals. We also can't disclose anything that would compromise our ability to detect future fraud.

If we miss the SLA

Escalate to your local data protection regulator. We list each market's regulator above. We'd rather you didn't need to — if your deadline is approaching and we haven't responded, email privacy@getratedby.com again with "SLA reminder" in the subject and we'll prioritise.