Privacy Policy

ReferLyst LLC ("we," "us") operates ReferLyst. This Privacy Policy explains how we collect, use, disclose, and protect personal information when you use https://referlyst.com and related services.

We collect information in the following categories:

• Account information — name, email address, password (stored securely via our authentication provider), and plan type.
• Profile and list content — list names, vendor details, photos, links, public page themes, payment instructions you choose to display, and messages you send through forms.
• Vendor application data — information submitted by vendors on join pages, including contact details and acceptance of list-specific terms.
• Usage and device data — IP address, browser type, pages viewed, referring URLs, and similar analytics needed to secure and improve the Service.
• Payment data — when you subscribe to a paid plan, payment card details are processed by our payment processor (e.g., Stripe). We receive limited billing metadata, not full card numbers.
• Communications — support requests and emails you send to us.

We use personal information to:

• Provide, maintain, and secure the Service
• Authenticate users and manage accounts
• Process subscriptions and send billing-related communications
• Display public lists and vendor profiles you publish
• Send transactional emails (verification, password reset, intro requests, signup alerts)
• Detect fraud, abuse, and security incidents
• Comply with legal obligations
• Improve features and analyze aggregated usage trends

Where GDPR or UK GDPR applies, we rely on contract performance, legitimate interests (security, improvement, fraud prevention), consent (where required), and legal obligation as appropriate.

We do not sell your personal information. We share information only as follows:

• Service providers — cloud hosting (e.g., AWS Amplify), authentication (Amazon Cognito), databases (Amazon DynamoDB), file storage (Amazon S3), email (Amazon SES), and payments (Stripe), under contracts requiring appropriate safeguards.
• Public content — information you publish on public lists, vendor profiles, or join pages is visible to visitors.
• List owners — vendor application data is shared with the list owner who receives the submission.
• Legal and safety — when required by law or to protect rights, safety, and integrity of the Service.
• Business transfers — in connection with a merger, acquisition, or asset sale, subject to continued protections.

We retain personal information while your account is active and as needed to provide the Service, resolve disputes, enforce agreements, and comply with law. You may request deletion of your account subject to legal and operational requirements.

Depending on your location, you may have rights to access, correct, delete, restrict, or port your personal information, and to object to certain processing. California residents may have additional rights under the CCPA/CPRA. Contact hello@referlyst.com to exercise these rights.

You can update account details in your dashboard. Marketing emails, if any, will include an unsubscribe link.

We use administrative, technical, and organizational measures appropriate to the nature of the data, including encryption in transit, access controls, and secure session handling. No method of transmission or storage is 100% secure.

The Service is not directed to children under 13 (or 16 in the EEA/UK). We do not knowingly collect personal information from children. Contact us if you believe a child has provided information.

We are based in the United States. If you access the Service from other regions, your information may be processed in the U.S. and other countries where we or our providers operate, with appropriate safeguards where required.

We may update this Privacy Policy. We will post changes at https://referlyst.com/privacy and update the date below. Material changes may be communicated by email or notice in the Service.

Privacy questions or requests: hello@referlyst.com.