Privacy Policy

1. Introduction

Verlyn ("we," "us," or "our") operates the Verlyn mobile application (the "App"), the vrly.app link-shortening domain, and the verlyn.app website (collectively, the "Service"). This Privacy Policy explains what information we collect, how we use and protect it, and your rights and choices regarding your data.

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our practices, do not use the Service.

2. Information We Collect

2.1 Information You Provide

• Account information: When you create an account via Sign in with Apple or another supported authentication method, we receive and store your email address (or a relay email address if you choose to hide your email) and a unique user identifier.
• Links and content: The URLs you submit for shortening, custom short codes, link titles, descriptions, Open Graph preview images, passwords for protected links, and any other metadata you provide when creating or editing links.
• Preferences and settings: Your notification preferences, filter configurations, display settings, and subscription plan selections.
• Support communications: If you contact us for support, we collect the information you provide in your correspondence, including your email address and message content.

2.2 Information Collected Automatically

• Link analytics data: When someone opens a short link you created, we collect information about that visit, including: approximate geographic location (derived from IP address at country/region level), device type and operating system, browser type, referrer URL, timestamp of the visit, and whether the visit is unique or repeated. IP addresses of link visitors are not stored in a personally identifiable form.
• Device information: We may collect information about the device you use to access the App, including device model, operating system version, unique device identifiers, and mobile network information.
• Push notification tokens: If you enable push notifications, we collect and store your device's push notification token to deliver notifications about link activity, smart alerts, and activity recaps.
• Usage data: We collect information about how you interact with the Service, including features used, actions taken, and the date and time of your activity.

2.3 Information from Third Parties

• Authentication providers: When you sign in with Apple or another provider, we receive the information authorized by that provider (typically an email address and unique identifier).
• Apple App Store: When you purchase a subscription, Apple processes the payment and provides us with transaction identifiers and subscription status information. We do not receive or store your payment card details.

3. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Service, including creating and managing short links.
• Generate and display link analytics and activity reports.
• Process and manage your subscription and verify your entitlement to Pro features.
• Send push notifications about link activity, smart alerts, and daily or weekly activity recaps when you have opted in.
• Authenticate your identity and secure your account.
• Respond to your support requests and communications.
• Detect, prevent, and address fraud, abuse, security issues, and technical problems.
• Enforce our Terms of Service and other policies.
• Analyze usage patterns to improve, personalize, and develop new features for the Service.
• Comply with legal obligations.

4. Legal Bases for Processing (EEA/UK Users)

If you are located in the European Economic Area (EEA) or the United Kingdom, our legal bases for processing your personal data include:

• Performance of a contract: Processing necessary to provide you with the Service as described in our Terms of Service.
• Legitimate interests: Processing for our legitimate interests, such as improving the Service, ensuring security, and preventing fraud, provided these interests are not overridden by your data protection rights.
• Consent: Processing based on your consent, such as sending push notifications. You can withdraw consent at any time.
• Legal obligation: Processing necessary to comply with applicable laws and regulations.

5. How We Share Your Information

We do not sell your personal data. We may share your information only in the following circumstances:

• Service providers: We use trusted third-party services to help us operate the Service. These include cloud hosting and database providers, authentication services (Apple Sign In), and push notification delivery services (Apple Push Notification service). These providers only access your data as necessary to perform services on our behalf and are contractually obligated to protect it.
• Legal requirements: We may disclose your information if required to do so by law or in response to valid legal process, including subpoenas, court orders, or government requests.
• Protection of rights: We may disclose information where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, potential threats to safety, violations of our Terms of Service, or as evidence in litigation.
• Business transfers: If Verlyn is involved in a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have.
• With your consent: We may share information with third parties when you explicitly consent to such sharing.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide you with the Service. Specifically:

• Account data: Retained until you delete your account.
• Links and associated analytics: Retained until you delete the link, delete your account, or the link expires.
• Subscription records: Retained for as long as necessary for billing reconciliation and legal compliance purposes.
• Support communications: Retained for a reasonable period to resolve your inquiry and for quality assurance.

After account deletion, we may retain certain information in anonymized or aggregated form, or as required by law (e.g., for tax, legal, or audit purposes). We will delete or anonymize your personal data when it is no longer needed for the purposes for which it was collected.

7. Data Security

We take the security of your data seriously and implement appropriate technical and organizational measures to protect it, including:

• Encryption of data in transit using TLS/SSL.
• Encryption of data at rest.
• Row-level security policies at the database level to ensure users can only access their own data.
• Secure authentication via Sign in with Apple with industry-standard token handling.
• Server-side validation of subscription receipts through Apple's App Store Server API.
• Regular security reviews and updates.

While we strive to use commercially acceptable means to protect your personal data, no method of transmission over the internet or method of electronic storage is 100% secure. We cannot guarantee absolute security.

8. Your Rights and Choices

8.1 All Users

• Access and portability: You can access your links, analytics data, and account information through the App at any time.
• Correction: You can update your link information and preferences directly in the App.
• Deletion: You can delete individual links and their associated analytics, or request deletion of your entire account by contacting support@verlyn.app.
• Push notifications: You can enable or disable push notifications at any time through the App settings or your device settings.
• Subscription management: You can manage or cancel your subscription through your Apple ID Account Settings.

8.2 EEA and UK Users (GDPR)

If you are in the European Economic Area or the United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR), including:

• The right to access your personal data and receive a copy in a portable format.
• The right to rectify inaccurate or incomplete personal data.
• The right to erasure ("right to be forgotten") under certain circumstances.
• The right to restrict processing of your personal data.
• The right to object to processing based on legitimate interests.
• The right to withdraw consent at any time where processing is based on consent.
• The right to lodge a complaint with your local data protection authority.

To exercise any of these rights, contact us at privacy@verlyn.app. We will respond to your request within 30 days.

8.3 California Residents (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to know: You can request that we disclose the categories and specific pieces of personal information we have collected about you, the sources from which it was collected, the business purpose for collecting it, and the categories of third parties with whom we share it.
• Right to delete: You can request that we delete personal information we have collected from you, subject to certain exceptions.
• Right to correct: You can request that we correct inaccurate personal information.
• Right to opt out of sale/sharing: We do not sell or share your personal information for cross-context behavioral advertising.
• Right to non-discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

To exercise your rights, contact us at privacy@verlyn.app. We will verify your identity before processing your request and respond within 45 days.

9. International Data Transfers

Your information may be transferred to and processed in countries other than the country in which you reside, including the United States. These countries may have data protection laws that differ from the laws of your country.

When we transfer personal data outside the EEA or UK, we ensure that appropriate safeguards are in place, such as standard contractual clauses approved by the European Commission or other legally recognized transfer mechanisms.

10. Children's Privacy

The Service is not directed to children under the age of 13 (or the applicable minimum age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@verlyn.app, and we will take steps to delete such information promptly.

11. Cookies and Tracking Technologies

The verlyn.app website may use essential cookies and similar technologies to ensure the website functions correctly. We do not use advertising cookies or third-party tracking cookies.

The App itself does not use cookies. Link analytics are collected server-side when a short link is accessed and do not involve placing cookies on the link visitor's device.

12. Third-Party Services

The Service integrates with or relies on the following third-party services, each of which has its own privacy policy:

• Apple (Sign in with Apple, App Store, APNs): apple.com/privacy
• Cloud infrastructure providers: We use trusted third-party cloud hosting and database services to store and process your data securely.

We encourage you to review the privacy policies of these services. We are not responsible for the privacy practices of third-party services.

13. Do Not Track Signals

Some web browsers transmit "Do Not Track" (DNT) signals. As there is no common industry standard for DNT, we do not currently respond to DNT signals. We will continue to review new technologies and may adopt a standard once one is established.

14. Data Breach Notification

In the event of a data breach that compromises the security, confidentiality, or integrity of your personal data, we will notify affected users and applicable regulatory authorities as required by law. We will provide timely information about the nature of the breach, the data affected, and the steps we are taking to address it.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Effective date" at the top of this page and, where appropriate, notify you via in-app notification or email. Your continued use of the Service after any changes constitutes your acceptance of the updated Privacy Policy.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

We will make every effort to respond to your inquiry within 30 days.