Your Data Rights
Under GDPR and the UK Data Protection Act 2018
Your Rights at a Glance
As a user of inAmber, you have specific rights regarding your personal data under the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018. Capitalizt Ltd (Company No. 16890768), registered at 128 City Road, London, EC1V 2NX, is the data controller. We take these rights seriously and will respond to any request within 30 days.
Right of Access
You have the right to request a copy of all personal data we hold about you. This includes your account information, message metadata (but not encrypted message content, which only you can decrypt), guardian assignments, and payment history. We will provide this in a commonly used electronic format.
Right to Rectification
If any of the personal data we hold about you is inaccurate or incomplete, you have the right to have it corrected. You can update most information directly in your account settings, or contact us for changes that require manual processing.
Right to Erasure
You have the right to request that we delete your personal data. When you request erasure, we will delete your account data, payment records (subject to legal retention requirements), and all encrypted messages stored in your vault. Please note that once deleted, encrypted messages cannot be recovered by anyone, including us.
Right to Restrict Processing
You can request that we limit how we process your data. For example, if you contest the accuracy of your data, we will restrict processing while we verify it. During restriction, we will store your data but not actively process it beyond what is necessary.
Right to Data Portability
You have the right to receive your personal data in a structured, commonly used, machine-readable format. You can also request that we transfer your data directly to another service provider where technically feasible. This includes your account data and message metadata.
Right to Object
You have the right to object to the processing of your personal data where we rely on legitimate interests as our legal basis. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.
Our Legal Basis for Processing
We process your data under the following legal bases: contract performance (to provide the inAmber service you signed up for), legitimate interests (to improve and secure the service), legal obligation (to comply with financial and regulatory requirements), and consent (for optional communications, which you can withdraw at any time).
International Transfers
Your data is stored within the European Economic Area (EEA) via Supabase infrastructure backed by AWS. If any data is transferred outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.
How to Exercise Your Rights
To exercise any of these rights, email us at hello@inamber.ai with the subject line “Data Rights Request”. We will verify your identity and respond within 30 days. If we need additional time (up to 60 days for complex requests), we will let you know within the initial 30-day period.
Right to Complain
If you believe we have not handled your data correctly, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection. You can contact the ICO at ico.org.uk or by calling 0303 123 1113.