Privacy Policy
Last updated: April 2026 · Effective immediately for new users; existing users on prior policy until next billing cycle.
Introduction
This Privacy Policy explains how Privly Ventures Pty Ltd (“Privly”, “we”, “us”) collects, uses, discloses, and safeguards your information when you use our website at useprivly.com, the application at app.useprivly.com, our free tools (including the DMCA Generator), and related services (collectively, the “Service”).
We’re a small bootstrapped business and we treat your data the way we’d want ours treated. We don’t sell it, we minimise what we collect, and we tell you what we do with it. If anything in this policy is unclear, email us at hello@useprivly.com.
Information We Collect
Account information
When you create a Privly account, we collect your email address, password (stored hashed, never plain-text), display name, platform usernames you wish to monitor, and onboarding details such as content type and platform.
Content fingerprints + monitored URLs
To detect leaks, we generate perceptual hashes (dHash + aHash) of reference content you upload, and we store the URLs you specify or that our scans surface. We do not retain copies of leaked content beyond what’s necessary to verify and document a takedown.
Free tool submissions (DMCA Generator)
If you use our free DMCA Generator at /tools/dmca-generator, we store your name, email, the platform name you specified, the URL of your original work, and the URLs of the infringing content you listed. We email you a copy of your generated notice and may store the submission to follow up. You can request deletion of this data at any time by emailing hello@useprivly.com.
Payment information
Stripe processes all payment details on our behalf. We do not store your full payment-card information — Stripe holds that under PCI-DSS compliance. We retain transaction history (subscription status, billing periods, plan tier) necessary to manage your subscription.
Usage and device data
We collect log data, IP addresses, device and browser information, pages visited, and interaction events through Google Analytics (configured for IP anonymisation where applicable).
Support communications
If you contact us via email or our chat widget (Crisp), we receive and store the contents of those messages so we can respond. Crisp also stores chat history under their privacy terms.
How We Use Your Information
We use the information we collect to:
- →Provide, maintain, and operate the Service
- →Detect and monitor leaks of your content across the web
- →Generate, file, and follow up on DMCA takedown notices on your behalf
- →Process payments and manage your subscription via Stripe
- →Send transactional emails (account confirmations, takedown notifications, billing receipts) via Resend
- →Reply to your support enquiries via email and Crisp chat
- →Improve and optimise the Service via aggregate analytics (Google Analytics)
- →Comply with our legal obligations and enforce our Terms of Service
We do not sell your personal information. We do not use your data to train AI models. We do not share your data with advertisers.
Subprocessors
We use the following third-party services to operate the Service. Each is named here for transparency. Each runs under their own privacy policy, which we link to.
| Service | Purpose | Data location |
|---|---|---|
| Stripe | Payment processing | United States / Ireland · policy |
| Supabase | Database, authentication, file storage | AWS (us-east-1 primary) · policy |
| Vercel | Application hosting + edge network | Global edge / United States primary · policy |
| Cloudflare | CDN + DDoS protection (mini-PC worker) | Global edge · policy |
| Resend | Transactional email delivery | United States · policy |
| Crisp | Customer support chat widget | European Union · policy |
| Google Analytics 4 | Website usage analytics | United States · policy |
| SerpAPI | Search-engine query infrastructure for leak scanning | United States · policy |
We’ll update this list when we add or remove subprocessors. If you require advance notice of subprocessor changes for compliance reasons, email hello@useprivly.com to be added to our notification list.
Data Security
Data is encrypted in transit using TLS 1.2+ and at rest using AES-256 (provided by Supabase and Vercel). Passwords are hashed using bcrypt. Access to creator data is restricted to authorised personnel and logged. We use industry-standard administrative, technical, and physical measures, but no method of internet transmission or electronic storage is 100% secure, and we cannot guarantee absolute security.
Data Retention
We keep your information only for as long as we need it to provide the Service or as required by law. Specifically:
- →Account data: retained while your account is active. After account deletion, removed within 30 days, except where required for legal or fraud-prevention purposes.
- →Content fingerprints: retained for the life of your account; removed within 30 days of account deletion.
- →DMCA notice records: retained for 7 years for legal-evidentiary purposes (this is the standard retention period for DMCA-related records under US Copyright Office guidelines).
- →Billing records: retained for 7 years to comply with tax and audit requirements (Australian Tax Office, IRS).
- →Free DMCA Generator submissions: retained for 12 months for follow-up purposes; automatically purged after that. Email us to request earlier deletion.
- →Support communications: retained for 3 years.
- →Analytics data: Google Analytics is configured with the maximum 14-month retention period.
Cookies and Tracking
We use cookies and similar technologies to operate the Service and understand usage. The cookies we set include:
- →Authentication / session — necessary for keeping you signed in to your dashboard. Set by Supabase Auth.
- →Stripe Checkout — necessary for processing payments and protecting against fraud.
- →Crisp chat — stores your chat session so support conversations persist across visits.
- →Google Analytics 4 — _ga and related cookies for aggregate usage analytics. Configured for IP anonymisation.
You can control cookies through your browser preferences. Blocking session cookies will prevent you from signing in to the dashboard. We honour the Global Privacy Control (GPC) signal where supported.
Automated Decision-Making
Privly uses automated processes to detect potential leaks of your content, calculate match-confidence scores, and route candidates for DMCA filing. These are operational decisions, not legal ones — every DMCA notice that goes out from your account is reviewed by you (or a Privly enforcement agent on your behalf) before submission. You can opt out of automated leak detection by disabling scanning in your account settings, in which case the Service becomes a manual takedown tool only.
Children’s Privacy
Privly is not intended for use by anyone under 18 years of age. We do not knowingly collect personal information from anyone under 18. If you believe we have collected information from a minor, contact us at hello@useprivly.com and we will delete it.
Your Privacy Rights
Depending on where you live, you may have additional rights regarding your personal information. We extend these rights to all our users regardless of location:
→Access: Request a copy of the personal information we hold about you.
→Correction: Update or correct inaccurate information.
→Deletion: Request deletion of your data. We honour deletion requests within 30 days unless legal-retention periods (above) apply.
→Portability: Receive your data in a structured, machine-readable format.
→Objection: Object to specific uses of your data (e.g., direct marketing).
→Withdrawal of consent: Where processing relies on consent, you can withdraw it at any time.
To exercise any of these rights, email hello@useprivly.com. We respond within 30 days. Verification of identity may be required to prevent unauthorised account access.
Australian Privacy Principles (APPs)
As an Australian-incorporated business, Privly handles personal information in accordance with the 13 Australian Privacy Principles set out in the Privacy Act 1988 (Cth). If you have a complaint about how we have handled your personal information that we have been unable to resolve, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.
European Users (GDPR)
If you are located in the European Economic Area (EEA) or the United Kingdom, you have rights under the General Data Protection Regulation (GDPR) and UK GDPR. We process your data only when we have a legal basis to do so — typically your consent (signing up for the Service), the performance of our contract with you (delivering the Service), our legitimate interests (improving the Service), or compliance with a legal obligation.
Some of our subprocessors are located outside the EEA. Where we transfer your data outside the EEA, we rely on Standard Contractual Clauses or other lawful transfer mechanisms. You have the right to lodge a complaint with your local data protection authority.
California Residents (CCPA / CPRA)
If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including: the right to know what personal information we collect, the right to delete your personal information, the right to correct inaccurate personal information, the right to opt out of the sale or sharing of personal information, and the right to non-discrimination for exercising these rights.
We do not sell or share your personal information as those terms are defined in the CCPA. To exercise your rights, email hello@useprivly.com.
When We Share Your Information
We do not sell your personal information. We share information with third parties only in these circumstances:
- →Subprocessors listed above, who help us operate the Service under our instructions.
- →Recipients of DMCA notices. When you authorise us to file a DMCA on your behalf, your name and contact information appear in the notice (this is a statutory requirement of the DMCA and cannot be anonymised).
- →Legal compliance. Where required by law, court order, or regulator request. We’ll notify you first where legally permitted.
- →Business transfers. In the event of a merger, acquisition, or sale of assets, your data may transfer to the acquirer subject to this Privacy Policy.
Changes to This Policy
We may update this Privacy Policy from time to time. The “Last updated” date at the top reflects the most recent change. Material changes will be communicated by email to your account email address before they take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.
Contact Us
For privacy questions, requests to exercise your rights, or any concerns about how we handle your data, please contact us:
Privly Ventures Pty Ltd
Email: hello@useprivly.com
We respond to privacy enquiries within 30 days. Identity verification may be required.
See also our Terms of Service.