Create Next App

—Introduction

This Privacy Policy for Virely LLC, doing business as Dealsby ("Company," "we," "us," or "our") describes how and why we collect, store, use, and share your information when you use our Virely LLC service ("Services"). This Policy applies when you:

Visit our website at virely.co, or any website of ours that links to this Privacy Policy
Use the Virely LLC web application
Engage with us in other related ways, including sales, marketing, or events

Questions or concerns? If you do not agree with our policies and practices, please do not use our Services. Contact us at [email protected].

—Summary of Key Points

ℹ️

This summary provides key points from our Privacy Policy. Click any item for full details below.

What personal information do we process?
We collect information you provide when using our Services and information automatically collected when you visit our platform.

Do we process sensitive personal information?
We do not process sensitive personal information beyond account login credentials required to operate the Services.

Do we receive information from third parties?
We receive limited operational data from third-party service providers (such as payment status from Stripe and message delivery status from Twilio) to operate the Services.

How do we process your information?
To provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law.

With whom do we share personal information?
Specific third-party service providers including Supabase, Stripe, Twilio, SendGrid, and Vercel.

How do we keep your information safe?
Organizational and technical measures including Supabase RLS, RBAC, HTTPS/TLS encryption, and Stripe PCI-DSS compliance.

What are your rights?
Access, correction, deletion, portability, restriction, and the right to lodge a complaint with a supervisory authority (where applicable).

How do I exercise your rights?
Contact us at [email protected]. We respond within 45 days.

1. Information We Collect

Personal Information You Provide

We collect personal information you voluntarily provide when you register, participate in activities on the Services, or contact us. This may include:

Names (business owner or authorized representative)
Business email addresses and phone numbers
Company name, business address, and industry vertical
Usernames and passwords for the Virely Portal (stored in hashed form)
Billing addresses and Growth Suite subscription plan information
Contact preferences and communication opt-in/opt-out status
Inquiry and contact form submissions
Website usage and analytics data

Sensitive Information. We do not process sensitive personal information beyond account login credentials required to operate the Services.

Payment Data. All payment data is stored by Stripe, Inc. (stripe.com/privacy). We do not store credit card numbers on our servers.

Information Automatically Collected

We automatically collect certain information when you visit, use, or navigate the Services:

Log and Usage Data. IP address, browser type, device identifiers, pages viewed, actions taken, and error logs.
Device Data. Information about your computer, phone, tablet, or other device, including operating system and browser.
Location Data. General location derived from your IP address. We do not collect precise GPS location without explicit permission.

localStorage Data

Our platform uses browser localStorage to persist application state locally on your device. The following data categories may be stored:

Session authentication tokens
User interface preferences and settings
Platform configuration data (business setup, plan tier)
SMS and email usage counters for the current billing period

⚠️

Important: Unlike cookies, localStorage data persists on your device indefinitely until you manually clear your browser's site data. You can clear localStorage through your browser settings → Clear Site Data or Clear Browsing Data.

2. How We Process Your Information

We process your information for the following purposes:

To respond to inquiries, demo requests, and contact form submissions from prospective customers
To facilitate account creation and authentication for the Virely Portal, which provides access to multi-platform Growth Suite subscriptions
To manage multi-platform bundle subscriptions, including billing, plan changes, and add-on management through Stripe
To send transactional communications related to your Growth Suite subscription, including billing confirmations, renewal notices, and account updates
To send marketing communications about Virely products and the Dealsby platform suite, where you have provided consent
To fulfill and manage Growth Suite subscription payments and plan changes
To protect our Services including fraud monitoring and prevention
To identify website usage trends so we can improve our marketing and product messaging

3. Legal Bases for Processing

We only process your personal information when we have a valid legal reason to do so under applicable United States law. These reasons include:

Consent. Where you have given specific permission. You may withdraw consent at any time.
Performance of a Contract. To fulfill our contractual obligations, including providing the Services.
Legitimate Interests. For our legitimate business interests where they do not outweigh your rights, including operating the Services and preventing fraud.
Legal Obligations. For compliance with applicable federal and state law.

4. When and With Whom Do We Share Information?

We have contracts with our third-party service providers designed to safeguard your personal information. We share information with:

Supabase Inc. (supabase.com/privacy) — Primary database and backend infrastructure. User data is stored and processed in Supabase's managed PostgreSQL environment.
Supabase Authentication — Authentication and supplementary cloud services.
Stripe, Inc. (stripe.com/privacy) — All payment processing. We receive payment status webhooks from Stripe to update your subscription record.
Twilio Inc. (twilio.com/legal/privacy) — SMS messaging. We receive delivery status and opt-out data from Twilio.
SendGrid (Twilio) — Email delivery. We receive delivery and open status from SendGrid.
Vercel Inc. — Web application deployment and hosting.
Cloudflare R2 — Encrypted backup storage for platform data.

We may also share your information in these situations:

Business Transfers. In connection with any merger, sale of company assets, financing, or acquisition. We will notify you before your information is transferred and becomes subject to a different privacy policy.
Legal Requirements. When required to comply with applicable law, enforce our Terms of Service, or protect the rights and safety of our users and the public.

5. Third-Party Services

The Services may link to third-party websites or integrate with third-party services not affiliated with us. Any data collected by third parties is not covered by this Privacy Policy. We are not responsible for the privacy and security practices of any third parties. Please review the privacy policies of any third-party services you use in connection with our platform.

6. Cookies & localStorage

We use cookies and similar tracking technologies. Please review our Cookie Policy at virely.co/cookie-policy for full details.

In summary, we use the following categories of tracking:

Strictly Necessary Cookies. Required for the platform to function. Cannot be disabled.
Functional Cookies. Remember your preferences and settings to personalize your experience.
Analytics Cookies. Help us understand how users interact with our Services in aggregate form.
localStorage. See Section 1 for full disclosure. localStorage persists until manually cleared — unlike cookies which can have expiration dates.

7. Data Location

Our servers and all data infrastructure are located in the United States. The Services are available exclusively to users within the United States, and all personal information is stored and processed domestically. We do not transfer personal information outside the United States.

8. Data Retention

We retain your personal information only as long as necessary for the purposes described in this Privacy Policy, unless a longer retention period is required by law.

Data Category	Retention Period	Basis
Account & profile data	90 days post-cancellation	Contractual obligation and account recovery
Payment records & invoices	7 years from transaction date	Tax compliance and accounting law
Communication logs (SMS/email)	1 year from send date	Operational records and compliance
Activity & usage logs	2 years from creation date	Security, fraud prevention, and analytics
Backup copies	90 days from backup date	Business continuity and disaster recovery
Legal hold data	Duration of legal proceeding + 1 year	Legal obligation

Upon account cancellation, your data remains accessible for 90 days to allow for reactivation or data export. After the retention window closes, data is permanently deleted or anonymized. You may request early deletion by contacting us at [email protected].

9. Data Security

We have implemented appropriate organizational and technical security measures to protect your personal information:

Supabase Row-Level Security (RLS) policies ensuring each user can only access their own data
Supabase Authentication with secure session token management
Stripe PCI-DSS compliant payment processing — we never store raw card numbers
HTTPS/TLS encryption for all data in transit
Role-based access control (RBAC) limiting access to data on a need-to-know basis
Secrets management via Bitwarden — API keys are never stored in code or shared in plain text
Encrypted backups stored in Cloudflare R2

No electronic transmission or information storage technology can be guaranteed to be 100% secure. Transmission of personal information is at your own risk. Access the Services only within a secure environment.

10. Data Breach Notification

In the event of a data security incident compromising the security, confidentiality, or integrity of your personal information, we will:

Investigate the incident promptly upon discovery
Notify affected users in the most expedient time possible and without unreasonable delay, as required by Georgia law (O.C.G.A. § 10-1-910 et seq.) and other applicable state breach notification laws
Provide notification via email to your registered email address, in-app notice, or prominent website posting, depending on the nature of the breach
Include in our notice: a description of the incident, the categories of information involved, steps we have taken to address the incident, and steps you can take to protect yourself
Report the incident to applicable regulatory authorities where required by law

To report a suspected security incident, contact us immediately at [email protected] with the subject line "Security Incident Report."

11. Information from Minors

We do not knowingly solicit data from or market to children under 18 years of age. By using the Services, you represent that you are at least 18 years old. If we learn that personal information from users under age 18 has been collected, we will deactivate the account and promptly delete such data.

12. Your Privacy Rights

Rights Available to All Users

Right to be informed about what personal information we collect and how we use it
Right to access a copy of the personal information we hold about you
Right to correct inaccuracies in your personal information
Right to request deletion of your personal information
Right to withdraw consent at any time where processing is based on consent

Response Timeframe

⏱️

We will respond to all verified data subject requests within 45 days of receipt. If additional time is required, we will notify you within the initial 45-day window and provide an expected completion date.

Account Information

To review, update, or terminate your account, log in to your account settings or contact us at [email protected].

Upon account termination, we will deactivate or delete your account within the timeframes described in Section 8. We may retain some information to prevent fraud, troubleshoot problems, enforce our legal terms, or comply with legal requirements.

13. Automated Decision-Making

Our Services use automated systems to perform certain functions that may affect your account:

Fraud detection and prevention. Automated analysis of usage patterns to identify fake accounts, fraudulent activity, and abuse of our platform. Accounts flagged by automated systems may be suspended pending human review.
Communication delivery optimization. Automated systems determine timing and retry logic for SMS and email notifications.

If you believe an automated decision has incorrectly affected your account, you have the right to request human review by contacting us at [email protected]. We will review and respond within 15 business days.

14. Do-Not-Track Features

Most web browsers include a Do-Not-Track ("DNT") feature or setting. No uniform technology standard for DNT signals has been finalized. As such, we do not currently respond to DNT browser signals. If a standard for online tracking is adopted that we must follow in the future, we will inform you in a revised version of this Privacy Policy.

15. California Residents

California Civil Code Section 1798.83 ("Shine The Light") permits California residents to request information about personal information disclosed to third parties for direct marketing purposes once per year, free of charge.

CCPA Privacy Notice — Information Collected in Past 12 Months

Category	Examples	Collected
A. Identifiers	Real name, business email, phone number, account name, IP address	✓ Yes
B. CA Customer Records	Name, business contact information, financial information	✓ Yes
C. Protected classifications	Date of birth or other protected characteristics	No
D. Commercial information	Transaction info, Growth Suite subscription history	✓ Yes
E. Biometric information	Fingerprints and voiceprints	No
F. Internet/network activity	Website browsing history, page visits, marketing engagement	✓ Yes
G. Geolocation data	General location from IP address	✓ Yes
H. Audio, electronic, visual	Images, audio, video recordings	No
I. Professional/employment	Business contact details, job title, company size	✓ Yes
J. Education information	Student records	No
K. Inferences	Profiles based on industry vertical and product interest	Limited
L. Sensitive personal info	Virely Portal account login credentials only	✓ Yes

Virely LLC has not sold or shared any personal information to third parties for a business or commercial purpose in the preceding twelve (12) months.

Your Rights as a California Resident

Right to request disclosure of personal information collected, used, disclosed, or sold
Right to request deletion of your personal information
Right to be informed whether we collect and use your personal information
Right to non-discrimination for exercising your privacy rights
Right to limit use and disclosure of sensitive personal information

To exercise your rights, contact us at [email protected], by phone at (888) 487-1873, or by mail at 3715 Northside Pkwy NW, Bldg 100, Ste 500, Atlanta, GA 30327.

16. Virginia Residents

Under the Virginia Consumer Data Protection Act (CDPA), you have the following rights:

Right to be informed whether or not we are processing your personal data
Right to access your personal data
Right to correct inaccuracies in your personal data
Right to request deletion of your personal data
Right to obtain a copy of your data in a portable format
Right to opt out of targeted advertising, sale of personal data, or profiling

Virely LLC has not sold any personal data to third parties. If we decline your request, we will inform you of our decision and reasoning.

To appeal a declined request, email us at [email protected]. Within sixty (60) days, we will inform you in writing of any action taken. If your appeal is denied, you may contact the Virginia Attorney General.

17. Updates to This Policy

We may update this Privacy Policy from time to time. The updated version will be indicated by an updated "Last Updated" date and will be effective as soon as it is accessible. If we make material changes, we will notify you either by prominently posting a notice or by directly sending you a notification via email. We encourage you to review this Privacy Policy regularly.

18. Accessibility

Virely LLC is committed to ensuring our Services are accessible to all users, including those with disabilities. We strive to meet WCAG 2.1 Level AA guidelines. If you experience difficulty accessing any part of our Services or need accommodations, please contact us at [email protected].

—Growth Suite Multi-Platform Subscriptions

When you subscribe to the Virely Growth Suite through virely.co:

Your customer record is created in Virely's Stripe account and linked to subscriptions across the applicable Dealsby platforms
Each Dealsby platform you subscribe to is governed by its own Privacy Policy and Terms of Service in addition to this policy
Your billing is consolidated through the Virely Growth Suite, with bundle discounts applied automatically via Stripe
Access to each platform is granted through a secure magic-link via the Virely Portal — no shared credentials are distributed across platforms

For platform-specific privacy disclosures, please review the Privacy Policy for each Dealsby platform you use: dealsbyreferrals.com/privacy-policy, dealsbyappointments.com/privacy-policy, dealsbyreservations.com/privacy-policy.

—Contact Us

If you have questions or comments about this Privacy Policy, please contact us:

🏢

Virely LLC (dba Dealsby)
3715 Northside Pkwy NW, Bldg 100, Ste 500
Atlanta, GA 30327, United States

Email: [email protected]
Phone: (888) 487-1873
Web: virely.co