Privacy Policy

Last updated: April 8, 2026

1. Information We Collect

We collect the following types of information:

  • Account Information: Email address, username, display name, and profile photo when you create an account
  • Content: Product listings, referral links, descriptions, and other content you add to your page
  • Analytics Data: When visitors interact with your Refral page, we collect IP-derived country information, device type, operating system, referring app/browser, and a hashed visitor identifier for analytics purposes
  • Usage Data: Page views, click events, and feature usage patterns

2. How We Use Your Information

We use collected information to:

  • Provide and maintain the Service
  • Generate analytics dashboards for page owners
  • Process referral rewards and subscriptions
  • Improve the Service and develop new features
  • Prevent fraud and abuse
  • Communicate with you about your account and the Service

3. Analytics and Tracking

When someone visits a Refral page, we collect anonymized analytics data including:

  • Geographic location: Country-level only, derived from IP address via Vercel's edge network headers. We do not store raw IP addresses.
  • Device information: Device type (mobile/tablet/desktop), operating system, and source application (e.g., Instagram, TikTok), derived from User-Agent strings
  • Visitor hash: A one-way hash of IP + User-Agent used for deduplication, not for tracking individuals across sites

Raw analytics events are automatically deleted after 90 days. Aggregated daily statistics are retained indefinitely.

4. Data Sharing

We do not sell your personal information. We may share data with:

  • Service providers: Supabase (database and authentication), Vercel (hosting), and payment processors
  • Legal requirements: When required by law or to protect our rights

5. Data Retention

Account data is retained as long as your account is active. Raw click and page view events are automatically pruned after 90 days. Aggregated analytics data is retained indefinitely. When you delete your account, all associated data is permanently removed.

6. Your Rights

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your account and associated data
  • Export your data
  • Object to processing of your data

For EU/EEA residents: You have additional rights under GDPR, including the right to data portability and the right to lodge a complaint with a supervisory authority.

7. Cookies

We use essential cookies for authentication and session management. We do not use third-party tracking cookies or advertising cookies.

8. Security

We implement industry-standard security measures including encrypted data transmission (TLS), secure authentication via Supabase Auth, and Row Level Security (RLS) policies to protect your data. However, no method of transmission over the Internet is 100% secure.

9. Children's Privacy

The Service is not intended for children under 13. We do not knowingly collect personal information from children under 13.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification.

11. Contact

For privacy-related questions or requests, contact us at privacy@refral.com.