We collect the information you give us and data from services you connect. We use it to run Vestly for you. We do not sell your data. We share it only with the infrastructure providers that power the product. You can request deletion of your data at any time.
Who We Are
Vestly ("we," "us," or "our") is a financial dashboard service operated by Brennan [Last Name], a sole proprietor doing business as Vestly, based in Ohio, United States. We can be reached at hello@getvestly.com.
This Privacy Policy explains how we collect, use, store, and share information when you use our website at getvestly.com and our associated dashboard application (collectively, "the Service").
By using the Service, you agree to the collection and use of information in accordance with this Policy.
Information We Collect
We collect several categories of information to provide and improve the Service:
| Category | What It Includes | How We Get It |
|---|---|---|
| Account Information | Name, email address, password (hashed), account preferences | You provide it at sign-up |
| Financial Data | Income figures, platform names, transaction data, fee amounts you enter or sync | You enter it or connect via integrations (e.g. Stripe) |
| Billing Information | Subscription tier, billing history, payment method type (not full card numbers) | Processed by Lemon Squeezy on our behalf |
| Usage Data | Pages visited, features used, session duration, browser type, IP address | Collected automatically via Vercel and our application |
| Communications | Emails or messages you send us | You provide it when contacting us |
We do not collect Social Security numbers, full payment card numbers, bank account numbers, or government-issued ID numbers. We do not collect data from children under 18.
How We Use Your Information
We use the information we collect for the following purposes:
- To provide the Service — powering your dashboard, displaying your income data, generating estimates and AI insights
- To manage your account — authentication, subscription management, and account settings
- To process payments — billing, subscription upgrades, and renewal processing via Lemon Squeezy
- To send transactional emails — account confirmations, password resets, billing receipts, and service notifications via Resend and Google Workspace
- To generate AI insights — your financial data is sent to Anthropic's Claude API to produce summaries and recommendations within your dashboard
- To improve the Service — analyzing usage patterns to fix bugs, improve performance, and develop new features
- To communicate with you — responding to support requests, sending product updates (you may opt out of non-transactional emails at any time)
- To comply with legal obligations — retaining records as required by applicable law
We do not use your data for advertising, behavioral tracking, or sale to third parties.
How We Share Your Information
We do not sell, rent, or trade your personal information to any third party for their marketing or commercial purposes. Ever.
We share your information only in these limited circumstances:
- With infrastructure providers — Supabase, Vercel, Lemon Squeezy, Anthropic, Resend, and Stripe receive your data only as necessary to provide the Service (see Section 5 for details)
- For legal compliance — if required by law, court order, or governmental authority, we may disclose your information to the extent required
- To protect rights — if we believe disclosure is necessary to protect the rights, property, or safety of Vestly, our users, or the public
- In a business transfer — if Vestly is acquired or merged, your information may be transferred as part of that transaction; we will notify you before your data is subject to a different privacy policy
- With your consent — for any other purpose, only with your explicit prior consent
Third-Party Services
Vestly is built on the following third-party infrastructure. Each provider processes your data under their own privacy policies, which we encourage you to review:
| Provider | Role | Data Involved |
|---|---|---|
| Supabase | Database & authentication | Account info, financial data, session tokens |
| Vercel | Application hosting | Usage data, IP addresses, page requests |
| Lemon Squeezy | Subscription billing | Email, billing history, payment method type |
| Anthropic (Claude API) | AI insights generation | Financial data you submit for AI analysis |
| Resend | Transactional email | Email address, email content |
| Google Workspace | Business email (hello@getvestly.com) | Emails you send us directly |
| Stripe | Income data integration (Connect) | Stripe transaction data you choose to connect |
These providers are contractually obligated to use your data only for the purposes of providing their services to us and are not permitted to use it for their own commercial purposes.
Data Retention
We retain your personal information for as long as your account is active or as needed to provide the Service. Specifically:
- Account data — retained for the duration of your account, plus up to 90 days after deletion to allow for account recovery
- Financial data — retained for the duration of your account; deleted within 90 days of account deletion
- Billing records — retained for up to 7 years as required by U.S. tax and financial regulations
- Usage logs — retained for up to 12 months for security and performance analysis
- Support communications — retained for up to 3 years
After the applicable retention period, data is permanently deleted or anonymized.
Data Security
We take reasonable technical and organizational measures to protect your information against unauthorized access, disclosure, alteration, or destruction. These measures include:
- Encrypted data storage via Supabase with row-level security (RLS) policies
- HTTPS encryption for all data transmitted between your browser and our servers
- Hashed passwords — we never store your password in plain text
- Access controls limiting which systems and personnel can access user data
- Secure token-based authentication
However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. In the event of a data breach that affects your personal information, we will notify you as required by applicable law.
Your Rights & Choices
You have the following rights regarding your personal information. To exercise any of these rights, contact us at hello@getvestly.com:
- Access — request a copy of the personal information we hold about you
- Correction — request correction of inaccurate or incomplete information
- Deletion — request deletion of your personal information; we will comply subject to legal retention requirements
- Portability — request your data in a commonly used, machine-readable format
- Opt-out of marketing emails — unsubscribe at any time via the link in any marketing email; note that transactional emails (receipts, security alerts) cannot be opted out of while your account is active
- Account deletion — cancel your subscription and email us to request full account deletion
We will respond to all valid requests within 30 days. We may need to verify your identity before fulfilling a request.
Cookies & Tracking
Vestly uses a limited number of cookies and similar technologies to operate the Service:
- Session cookies — required to keep you logged in; these expire when you close your browser or log out
- Authentication tokens — stored securely to maintain your login session across visits
- Preference cookies — used to remember settings like your selected dashboard view
We do not use third-party advertising cookies, cross-site tracking cookies, or analytics platforms that share your data with advertisers (such as Google Analytics linked to ad networks).
You may disable cookies in your browser settings, but doing so may prevent certain features of the Service from functioning correctly.
Children's Privacy
The Service is intended solely for users who are 18 years of age or older. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us with personal information, please contact us immediately at hello@getvestly.com and we will delete that information promptly.
Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will:
- Update the "Last Updated" date at the top of this page
- Send an email notification to your registered address at least 14 days before the changes take effect
- Display a notice in the Service dashboard
Your continued use of the Service after the effective date of any updated Policy constitutes your acceptance of those changes. If you do not agree to the updated Policy, you must stop using the Service and request account deletion.
Contact
If you have questions, concerns, or requests relating to this Privacy Policy or your personal data, please contact us:
- Email: hello@getvestly.com
- Website: getvestly.com
- Business: Vestly, a sole proprietorship, Ohio, United States
We aim to respond to all privacy-related inquiries within 30 days.