Legal

Privacy Policy

Last updated March 7, 2026Version 2026.03.07Hash 225c256788

This Privacy Policy explains how Dearly Inc. collects, uses, discloses, retains, and otherwise processes information about users, visitors, gift recipients, contributors, address-request respondents, correspondents, and others whose information we handle in connection with the platform.

This Policy is intended to describe the platform as it currently exists or is near-term operationally supported. It is written to cover account activity, physical and digital gifting, tree gifts, checkout, contact syncing, relationship data, bearer-link pages, support, and certain media or limited-release workflows. It does not promise that every feature described here is available to every user in every geography at all times.

SOME PLATFORM EXPERIENCES USE TOKENIZED OR BEARER-STYLE LINKS. ANY PERSON WHO OBTAINS ONE OF THOSE LINKS MAY BE ABLE TO ACCESS THE RELATED PAGE, MESSAGE, GIFT, OR MEDIA EXPERIENCE. PLEASE FORWARD LINKS CAREFULLY.

1. Scope and Roles

This Privacy Policy applies when you visit our website, use our mobile apps, create an account, place or receive a gift, submit an address, upload or view media, contact support, or otherwise interact with the platform. It also applies to certain information about people who do not have Dearly accounts but whose information is provided in connection with a gift, invitation, contact import, address request, or support interaction.

In some contexts, Dearly acts directly as the business or controller deciding how information is used. In other contexts, we act as the service provider or processor carrying out a user's request, such as when a user asks us to send a gift, request an address, route a message, or host a linked experience for an intended recipient.

This Policy does not apply to third-party sites, payment methods, identity providers, carrier portals, or other services that we do not control, even if our platform links to them.

2. Information We Collect

CategoryExamplesTypical Source
IdentifiersName, display name, email address, phone number, account IDs, linked social or auth-provider identifiers, gift tokens, and Stripe customer references.You, your device, other users, service providers
Profile and preference dataProfile photo, signature name, sender defaults, notification preferences, timezone, household and contact preferences, and discoverability settings.You, account settings, app usage
Transaction and fulfillment dataOrders, recipient names, return addresses, mailing addresses, schedule choices, order status history, credits, gift-card activity, and fulfillment metadata.You, recipients, payment and shipping flows
Content and media dataMessages, signatures, uploaded artwork, photos, videos, voice recordings, transcriptions, playback identifiers, thumbnails, and media-related support records.You, contributors, recipients, media services
Relationship and contact dataSynced contacts, imported names and numbers, friend or recipient records, household data, graph relationships, and interaction history between senders and recipients.You, your device contacts, other users
Device, network, and usage dataIP address, user agent, cookies, local storage values, device identifiers, screen size, session activity, page views, event logs, and anti-abuse fingerprints.Your browser, device, platform logs, analytics tools
Communications and support dataEmails, support messages, attachments, message headers, transcripts, call notes, case metadata, and support outcomes.You, recipients, contributors, support systems
Financial and payment dataBilling name, payment status, payment-intent references, refunds, disputes, and credit balances. We do not store full card numbers or CVVs.Payment processors and checkout flows
Safety, compliance, and audit dataModeration signals, fraud indicators, delivery confirmation, admin audit events, dispute records, and legal-hold metadata.Dearly systems, service providers, legal process

3. Sources of Information

We collect information:

  • directly from you when you create an account, submit a form, send a gift, upload content, save addresses, or contact support;
  • automatically from your browser, device, or app when you access the platform;
  • from other users who identify you as a recipient, contributor, contact, household member, or support participant;
  • from service providers and partners such as payment processors, address-verification providers, tree-planting partners, email and messaging providers, analytics vendors, error-monitoring tools, and identity providers; and
  • from public or bearer-style interactions, such as a person opening a gift link, visiting a watch page, scanning a QR code, or responding to an address request.

4. How We Use Information

We use information to:

  • create and manage accounts, authenticate users, maintain sessions, and secure access;
  • process orders, print and ship Dearly Art, deliver Dearly Tree experiences, request or verify addresses, route support, and send receipts or status updates;
  • provide linked gift pages, bearer-link experiences, watch pages, media playback, and contributor flows;
  • store, transcribe, host, encode, render, moderate, and otherwise process voice, photo, video, and written content you submit;
  • power relationship features such as contact discovery, synced contacts, friend matching, household organization, and address book functions;
  • prevent fraud, detect abuse, enforce our terms, investigate suspicious activity, and protect the platform, users, and third parties;
  • analyze product performance, troubleshoot problems, improve the experience, and understand how users navigate the platform;
  • comply with legal obligations, resolve disputes, exercise legal rights, maintain books and records, and support audits or enforcement; and
  • communicate with you about your account, gifts, safety, support issues, or features you request.

5. How We Disclose Information

We may disclose information in the following circumstances:

  • Service providers and infrastructure. We disclose information to vendors that help us host, authenticate, process payments, send email or SMS, provide analytics, monitor errors, verify addresses, host media, or otherwise operate the platform.
  • User-directed sharing. We disclose information to recipients, contributors, senders, or other parties when that is necessary to deliver a gift, request an address, provide a linked experience, process a contribution, or otherwise carry out the action requested by a user.
  • Corporate transactions. We may disclose information in connection with financing, diligence, merger, acquisition, bankruptcy, or sale of assets, subject to applicable confidentiality and legal constraints.
  • Legal and safety disclosures. We may disclose information if required by law or if we believe disclosure is appropriate to protect rights, property, safety, prevent fraud, enforce our terms, or respond to legal process.
  • Professional advisors. We may disclose information to lawyers, auditors, insurers, accountants, payment partners, or similar advisors under appropriate confidentiality expectations.

We do not sell personal information for money. We also do not currently run third-party behavioral advertising on the public product experience. If that changes, we will update this Policy and, where required, offer any legally required rights or controls.

6. Vendor and Partner Categories

Categories of providers and partners we use may include:

  • hosting, database, storage, and authentication providers such as Supabase and cloud hosting platforms;
  • payment and billing providers such as Stripe;
  • messaging and email providers such as Resend and Twilio or similar transactional messaging tools;
  • analytics and product-performance providers such as PostHog;
  • error-monitoring and security-monitoring providers such as Sentry;
  • address-verification and mailing-support providers such as Smarty and postal or carrier partners;
  • media-hosting, encoding, and playback providers such as Mux;
  • AI and automation providers used for transcription, drafting, moderation, or internal operations support, including Google or Gemini-based tooling where enabled; and
  • gifting or environmental partners such as Tree Nation and similar tree-planting services.

Vendor rosters change over time. The categories above describe the kinds of third parties that may process personal information on our behalf.

7. Product-Specific and Link-Based Data Flows

7.1 Dearly Art

Dearly Art processing may involve sender information, recipient names, mailing addresses, return addresses, messages, signature names, schedule choices, QR-triggered events, delivery-confirmation metadata, and, if applicable, companion digital gift information.

7.2 Dearly Tree

Dearly Tree processing may involve sender and recipient data, gift tokens, tree-link views, voice messages, gift-redemption status, planted-tree fulfillment, contributor-free-gift mechanics, and related credits or support actions.

7.3 Address Requests and Bearer Links

Address-request links, gift pages, watch pages, upload links, and similar tokenized experiences may be accessible to anyone who obtains the relevant link. We log views, submissions, and certain device or network information to operate these flows and reduce abuse. If a recipient provides an address, we may store that address for one-time or ongoing use depending on the sender's workflow and the options presented to the recipient.

7.4 Video Emails, Watch Pages, and Media Links

We may send or host rich-media experiences related to gifts, support, or order updates, including video emails and watch pages. These experiences may rely on media-hosting providers and may include playback identifiers, thumbnails, limited engagement analytics, and the network information generated when a recipient opens or streams the media.

7.5 Public Campaign Pages

If you submit a message through a public campaign page, we process the information you provide, may store moderation and abuse-prevention metadata, and may disclose or publish the submission as described on that campaign page.

8. Non-User Data, Contact Sync, and Discoverability

Some of our most important product flows involve people who have not created Dearly accounts. For example, a user may send a gift to a recipient, request a recipient's address, sync a contact list, invite a contributor, or create relationship records that reference another person. We process that Non-User Data to carry out the requested service, support fraud prevention, and maintain the relationship integrity of the platform.

If a user syncs contacts from a device or provider, we may process names, phone numbers, email addresses, and relationship metadata to help that user identify people they know and to maintain the user's own contact records. We do not treat synced contact lists as open marketing lists for independent mass marketing.

Our current platform behavior may make some accounts or identifiers discoverable for contact matching by default unless the relevant user turns discoverability off in settings. Because that default is part of the current product implementation, your use of account, contact, or discovery features may cause your information to appear in matching or suggestion flows for other users who lawfully upload your information or whose existing relationship data already references you.

If you are a Non-User and would like to ask about deletion, correction, or suppression of your information, contact us at [email protected]. We will review the request in light of applicable law, the nature of the relationship, and our legitimate business and legal obligations.

9. Media, AI, and Biometric-Adjacent Information

The platform may process voice recordings, photos, videos, transcriptions, thumbnails, and related metadata. Depending on your jurisdiction, some of that data could be considered sensitive or biometric-adjacent because voices, faces, or likenesses may be present in the media.

Dearly does not use voice recordings, images, or video to identify individuals through voiceprints or facial-recognition templates for identity-verification purposes. We use such media to provide the requested service, such as storage, playback, transcription, moderation, support, rendering, delivery, or troubleshooting.

If you upload or submit media involving another person, you are responsible for obtaining all permissions and releases required by law. You should not upload deepfakes, synthetic impersonations, or media for which you lack permission. We may use automated or assisted tools to transcribe, analyze, moderate, classify, or support media submissions, and those tools may be provided by third parties.

10. Cookies, Local Storage, Analytics, and Similar Technologies

We use cookies, local storage, SDKs, and similar technologies to keep you signed in, remember checkout and redirect context, apply gift-credit or session state, store device identifiers for anti-abuse, maintain preferences, and understand how the platform is used.

We currently use analytics and event-measurement tools, including first-party or service-provider analytics such as PostHog, to measure navigation, page performance, interaction patterns, and operational behavior. We also use error and performance monitoring tools such as Sentry to identify crashes and production issues.

At this time, unless we expressly state otherwise in a future update, we require direct requests through the methods described in this Policy to exercise opt-out or privacy rights; we do not promise that every browser-level preference signal or universal opt-out mechanism will be automatically recognized in every context.

11. Legal Bases and International Transfers

If you are in the EEA, UK, or Switzerland, we generally process personal information on one or more of the following bases: performance of a contract with you, your consent, our legitimate interests in operating and securing the platform, and compliance with legal obligations.

Dearly is based in the United States, and many of our service providers operate in the United States or other countries. By using the platform, you understand that your information may be processed in jurisdictions that may not offer the same level of legal protection as your home jurisdiction. Where required, we use appropriate safeguards for cross-border transfers.

12. Retention

We retain information for as long as reasonably necessary for the purposes described in this Policy, including to provide the platform, comply with law, resolve disputes, enforce our terms, prevent fraud, and maintain appropriate records.

Data classTypical retention approach
Account and profile dataRetained while the account is active and for a limited period after deletion requests, plus longer where required for security, audit, or legal reasons.
Order, payment, and tax recordsRetained for accounting, tax, dispute, and compliance periods, which may extend for several years after the transaction.
Contacts, relationship, and Non-User dataRetained for as long as reasonably necessary to support user workflows, relationship integrity, suppression needs, prevention of duplicate or abusive activity, and legal compliance.
Media and voice filesRetained while needed for the relevant experience, support, troubleshooting, or legal needs, and may be removed sooner or later depending on product design, deletion, or vendor behavior.
Support and safety logsRetained as needed to resolve issues, document decisions, comply with legal duties, and prevent repeat abuse.

13. Security

We use a combination of technical, administrative, and organizational measures intended to protect information against unauthorized access, loss, misuse, and alteration. That said, no system is perfectly secure, and we cannot guarantee absolute security, uninterrupted confidentiality, or that unauthorized third parties will never defeat our safeguards or those of our vendors.

You are responsible for protecting your accounts, devices, email, phone numbers, verification codes, and any tokenized or bearer-style links you control. If you suspect misuse or a security incident, contact us immediately at [email protected].

Any dispute related to security incidents, privacy claims, or data breaches is subject to the limitations of liability and dispute resolution provisions in our Terms of Service to the maximum extent permitted by law.

14. Your Choices and Controls

You may have the ability to:

  • access, update, or delete account-profile information;
  • change sender defaults, notification settings, and passwords;
  • turn discoverability settings on or off where that control is made available in the product;
  • manage mobile-device permissions, including contacts, notifications, camera, microphone, or photo-library permissions;
  • stop certain SMS communications by replying STOP where supported; and
  • contact us to request account deletion, data export, correction, or other privacy-related review.

Some information may remain in backups, logs, linked records, transaction systems, suppression systems, or legal/compliance files after you update or delete active-profile information.

15. U.S. State Privacy Rights

Depending on where you live, you may have rights to request access to, correction of, deletion of, or portability of certain personal information; to limit certain processing of sensitive information; or to opt out of activities that are classified as sales, targeted advertising, or profiling under applicable state law.

To submit a request, contact us at [email protected]. We may need to verify your identity or authority before acting on the request. You may also use an authorized agent where permitted by law, subject to verification requirements.

If we deny a request, you may appeal by replying to our decision or by writing to [email protected]with "Privacy Appeal" in the subject line. We will review the appeal as required by applicable law.

16. EEA, UK, Swiss, Canadian, and Other International Rights

Individuals in the EEA, UK, and Switzerland may have rights to request access, correction, deletion, restriction, objection, or portability, and to withdraw consent where processing is based on consent. Individuals in Canada, Australia, and other jurisdictions may have comparable rights under local law.

To exercise rights, contact us at [email protected]. You may also have the right to complain to a supervisory authority or privacy regulator in your jurisdiction.

17. Children's Privacy

The platform is not directed to children under 13, and we do not knowingly collect personal information directly from children under 13 in a manner that triggers parental-consent obligations, except as lawfully permitted and mediated through an adult or authorized institution. Any artwork or content created by a child that appears in our platform should be submitted only by a parent, guardian, or authorized institutional partner.

If you believe a child provided personal information to us directly without appropriate authorization, contact us at [email protected], and we will review the matter and take appropriate steps.

18. Changes to This Policy and Contact Information

We may update this Privacy Policy from time to time to reflect changes in the platform, our practices, our vendors, or legal requirements. When we make material changes, we will update the "last updated" date and may provide additional notice where required by law.

If you have questions about this Policy or our privacy practices, contact us at [email protected]. You may also write to Dearly Inc., Privacy Team, 2261 Market Street STE 87409, San Francisco, California 94114.