Privacy Policy
This Privacy Policy explains how Vyelix collects, uses, discloses, secures, retains, and deletes personal information for the website, app, checkout, AI features, affiliate flows, connected email workflows, and connected social tools.
Who We Are And How To Contact Us
Vyelix provides creator business software for deals, contracts, deliverables, social performance, reports, AI assistance, and subscriptions. For privacy requests, questions, or support, please Contact Us.
Notice At Collection
We collect the categories below. We do not collect every example from every user; collection depends on which features you use.
| Category | Examples | Sources | Purposes | Retention |
|---|---|---|---|---|
| Identifiers | Name, email address, account ID, affiliate code, visitor ID, Stripe customer ID, Zernio profile/account IDs. | You, Supabase, Stripe, Zernio, affiliate links. | Account access, checkout, security, support, subscription management, affiliate attribution. | Account life plus legal, billing, security, backup, and dispute periods. |
| Commercial information | Plans, billing interval, subscription status, coupon use, invoices, payments, affiliate conversions. | You, Stripe, Supabase. | Provide paid services, detect fraud, honor promotions, maintain accounting records. | Active account plus required tax, accounting, and dispute retention. |
| Creator business content | Deals, rates, contracts, deliverables, invoices, tasks, campaign reports, notes, uploaded or pasted contract text. | You and connected services you authorize. | Operate the product, generate requested AI output, organize business workflows. | Until deletion, account closure, or cleanup under applicable retention rules. |
| Social account and performance data | Connected account handles, social profile URLs, scheduled posts, comments, DMs, metrics, public post URLs, campaign analytics. | Zernio and social platforms you connect. | Social Studio publishing, inbox sync, analytics, brand lead detection, reporting. | While connected or until deletion, subject to platform and provider constraints. |
| Connected email data | Gmail or Outlook account email address, encrypted OAuth tokens, selected recent creator-business email headers, senders, subjects, snippets, message bodies, attachments metadata, AI summaries, draft replies, sent reply records, and sync logs. | Google/Gmail, Microsoft Graph/Outlook, and inboxes you explicitly connect. | Detect brand offers, contracts, invoices, follow-ups, create reviewed drafts, send approved replies, create deals, and sync the Connected Brand Inbox. | While connected or until deletion/disconnect, subject to account, legal, security, backup, and provider constraints. |
| Internet and device information | IP-derived request metadata, user agent hash for affiliate clicks, referrer domain/path, security headers, rate-limit counters. | Your browser, hosting and security providers. | Security, abuse prevention, rate limiting, attribution if consented, diagnostics. | Short operational periods; rate-limit counters are short-lived and affiliate clicks are targeted for cleanup. |
| Sensitive personal information | Payment details handled by Stripe; account credentials handled by Supabase. Vyelix does not store raw card numbers or plaintext passwords. | Stripe, Supabase. | Checkout, authentication, fraud prevention, legal compliance. | Handled by providers under their own security and retention controls. |
| AI inputs and outputs | Prompts, contract excerpts, deal details, generated summaries, messages, recommendations, reports. | You, app data you authorize, OpenAI. | Provide AI features you request and improve product reliability/security. | AI logs are targeted for periodic cleanup; saved app outputs remain until deleted or account closure. |
GDPR Legal Bases
Where the GDPR, UK GDPR, or similar law applies, we rely on the following legal bases.
| Processing | Legal basis | Data involved |
|---|---|---|
| Provide the app and subscriptions | Contract; legitimate interests. | Account, creator workflow data, subscription and checkout records. |
| AI features requested by you | Contract; legitimate interests; consent where required for optional connected sources. | Prompts, selected app records, AI outputs. |
| Security, fraud prevention, rate limiting, webhooks | Legitimate interests; legal obligation where applicable. | Request metadata, event IDs, signatures, abuse-prevention records. |
| Marketing emails and newsletters | Consent or legitimate interests where allowed; you can opt out. | Email, subscription preferences, discount source. |
| Affiliate attribution and optional analytics | Consent where required; legitimate interests only where allowed. | Affiliate ref, visitor ID, landing path, analytics events if configured. |
| Accounting, tax, disputes, compliance | Legal obligation; legitimate interests. | Billing, subscription, support, and audit records. |
Service Providers And Disclosures
We disclose personal information to service providers only as needed to operate, secure, bill, troubleshoot, and improve Vyelix. We do not sell personal information.
| Provider | Purpose |
|---|---|
| Supabase | Authentication, database, storage, session management. |
| Stripe | Payments, subscriptions, invoices, fraud checks, hosted payment fields. |
| OpenAI | AI analysis and generation features requested by users. |
| Zernio | Connected social accounts, publishing, inbox sync, comments, analytics. |
| Google APIs | Optional Gmail connection for creator-business email detection, summaries, Gmail draft creation, approved reply sending, and email sync where enabled. |
| Microsoft Graph | Optional Outlook/Microsoft 365 connection for creator-business email detection, summaries, draft replies, approved reply sending, and email sync. |
| Beehiiv | Newsletter and launch discount subscription management when configured. |
| Cloudflare Turnstile | Bot detection and public form abuse prevention. |
| Upstash Redis | Short-lived distributed rate-limit counters. |
| Vercel | Application hosting, logs, network delivery, deployment infrastructure. |
International Transfers
Vyelix and its providers may process information in the United States and other countries. Where transfer rules apply, transfers should be supported by appropriate safeguards such as provider data processing terms, Standard Contractual Clauses, or other lawful mechanisms.
Your Privacy Rights And Choices
- Access/know the personal information we process about you.
- Receive a portable copy of account data through Settings where technically feasible.
- Correct inaccurate account or profile information.
- Delete personal information, subject to legal, security, billing, tax, backup, dispute, and fraud-prevention exceptions.
- Restrict or object to certain processing where GDPR or similar laws apply.
- Withdraw consent for optional storage, newsletter, marketing, or affiliate attribution where consent is the basis.
- Opt out of sale or sharing. Vyelix does not sell personal information and does not share it for cross-context behavioral advertising.
- Limit use of sensitive personal information. Vyelix uses sensitive information only to provide requested services, security, payment, or legal compliance.
- Avoid discrimination for exercising privacy rights.
Signed-in users can export account data and submit deletion requests from Settings. You may also Contact Us. We may need to verify your identity before completing a request. GDPR requests are answered without undue delay and generally within one month where required. CCPA requests are handled within the applicable statutory response periods.
California CCPA/CPRA Disclosures
This section applies to California residents where the CCPA applies. We collect the categories listed in the Notice At Collection. We disclose them to service providers for business purposes. Vyelix does not sell personal information and does not share it for cross-context behavioral advertising. If your browser sends a Global Privacy Control signal, Vyelix disables optional affiliate attribution storage. We use sensitive personal information only for permitted purposes such as authentication, payment, security, fraud prevention, support, and service delivery.
Promotions And Financial Incentives
Vyelix may offer discounts, launch codes, affiliate codes, or newsletter offers when you provide an email address or use an affiliate link. Participation is optional. The value of the offer is reasonably related to the promotional value of acquiring or retaining a customer and the cost of providing the discount. You can avoid optional affiliate attribution storage by choosing necessary-only privacy settings or using browser privacy signals. Some promotions may not be available if you ask us to delete the information needed to verify eligibility.
AI, Profiling, And Automated Processing
Vyelix uses AI to generate deal analysis, contract summaries, messages, campaign reports, email thread summaries, draft replies, and brand lead signals when you request those features or connect Social Studio. AI output is informational and can be wrong. Vyelix does not use AI output to make solely automated legal or similarly significant decisions about users. You should review AI output before using it. Vyelix does not use connected Gmail or Outlook data to train AI models and does not sell email data.
Connected Gmail And Outlook
If you connect Gmail or Outlook, Vyelix uses OAuth access you approve to scan selected recent emails for creator-business workflows such as brand offers, UGC inquiries, contracts, invoices, payment threads, follow-ups, and campaign reporting. When you choose email actions, Vyelix may create reviewed drafts in Gmail or send replies you approve. Vyelix is not intended for browsing personal email. You can disconnect an inbox from Social Studio at any time. Disconnecting stops future sync and removes stored OAuth tokens; historical thread data may remain until you delete it or request deletion.
Cookies, Local Storage, And Preference Signals
Required storage supports authentication, security, checkout, requested discounts, and app functionality. Optional affiliate attribution and analytics storage are controlled through the privacy banner and Settings. See the Cookie Policy for more detail.
Retention
We keep personal information only as long as needed for the purposes described in this policy, unless law, security, disputes, accounting, backups, or platform obligations require longer retention.
| Data | Retention approach |
|---|---|
| Account and profile data | For the life of the account, then deleted or anonymized subject to backup, legal, billing, and dispute needs. |
| Creator business records | Until you delete them, close your account, or request deletion, subject to legal and backup exceptions. |
| Connected email accounts and tokens | Until you disconnect the inbox, request deletion, close the account, or the provider/re-authentication expires; OAuth tokens are stored encrypted server-side. |
| Stripe and accounting records | As long as needed for tax, accounting, fraud prevention, disputes, chargebacks, and legal obligations. |
| Webhook replay ledger | Target cleanup after 30 days using the database retention job. |
| AI logs | Target cleanup after 90 days using the database retention job. |
| Affiliate click records | Target cleanup after 180 days using the database retention job. |
| Rate-limit counters | Short-lived windows used only for abuse prevention. |
Security
Vyelix uses authentication, Supabase row-level security, least-privilege database selections, request validation, rate limiting, Turnstile verification, webhook signatures, body-size limits, content security policy, HTTPS in production, and operational retention cleanup. No internet service can guarantee perfect security.
Accessibility
Vyelix aims to provide an accessible experience aligned with WCAG 2.2 Level AA where practical. See the Accessibility Statement or Contact Us for accessibility requests.
Children
Vyelix is not directed to children under 16, and we do not knowingly collect personal information from children. If you believe a child provided personal information, please Contact Us.
Changes To This Policy
We may update this policy when the product, providers, laws, or security practices change. Material changes will be reflected by updating the date above and, where appropriate, additional notice in the app or by email.
