StarlyStarly

Privacy Policy

Last updated: April 2026

1. Introduction

Starly (trystarly.com) helps local businesses collect Google reviews using QR codes. It is built and operated by an independent solo developer.

This policy is effective as of April 2026. It applies to two groups: business owners who create an account and use the dashboard, and customers who scan a business's QR code and open the public review page (no account required).

2. Information we collect

From business owners (signed-up users)

  • Account: Name and Email when you sign up, handled through Supabase Auth.
  • Business profile: Business name and the Google Maps review URL you provide so we can send customers to the right place.
  • Billing: Paid plans are processed by Paddle. Starly does not receive or store full payment card numbers; Paddle handles payment details according to its own policies.
  • Product analytics: When you use the dashboard, we use PostHog to understand how the product is used, including page views, clicks, and (where enabled) session recordings.

From customers (QR code scanners — no account required)

  • You do not need an account or profile to use the review page. No name or email is required to scan and tap through to Google.
  • Scan metadata: we log that a scan happened, along with device type, operating system, browser, an approximate country when available (from hosting request headers), and a timestamp.
  • IP address: we derive a one-way hash (SHA-256) from the IP for rate limiting and abuse protection. The raw IP is not stored in our database.

3. How we use your information

  • To run, secure, and improve Starly.
  • To send transactional email (via Resend), such as welcome messages, reminders, and trial-related notices.
  • To show analytics to the business owner in their dashboard (scans, review taps, trends).
  • To process subscriptions and payments through Paddle.
  • We do not sell your personal information to third parties.
  • We do not use this data to run third-party advertising for you.

4. Third-party services

We rely on trusted providers. Each has its own privacy policy, which we encourage you to read:

  • Supabase — database and authentication.
  • Paddle — payment processing.
  • Resend — transactional email.
  • PostHog — product analytics and session recording.
  • Vercel — hosting and edge network.

5. Session recordings

Starly uses PostHog, which may record sessions on the dashboard for signed-in business owners and are used only to understand and improve the product. They are not sold or shared for advertising.

6. Data retention

  • Account data kept while your account is active and for up to 30 days after a deletion request, unless we must keep certain records longer for legal or security reasons.
  • Scan and related analytics data retained for 12 months unless a shorter period is needed for operations or law.
  • Payment records retention follows Paddle's requirements and applicable financial rules.

7. Your rights

  • You may ask for a copy of or information about the personal data we hold about you.
  • You may ask us to delete your account and associated data, subject to legal exceptions.
  • Reach us at trystarly.com@gmail.com.

8. Cookies

We use cookies (and similar technologies) needed to keep you signed in to the dashboard.

PostHog may set cookies or use local storage as part of analytics.

We do not use advertising or cross-site tracking cookies for ad networks.

9. Children

Starly is meant for adults running businesses. It is not directed at anyone under 18.

We do not knowingly collect personal information from minors.

10. Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top will change when we do.

Continuing to use Starly after an update means you accept the revised policy.

11. Contact

You can contact us at trystarly.com@gmail.com. You can also review our Terms of Service.