Privacy Policy
Last updated: May 30, 2026
1. Who We Are
VLYR ("we", "our", "us") is a reputation management and customer engagement platform built for restaurants and local businesses. We help business owners intercept negative feedback before it reaches Google, boost five-star reviews, and bring customers back with loyalty rewards. Our registered business contact is privacy@vlyr.app.
2. Information We Collect
We collect information in the following ways:
a) Information you provide directly
- Business name, contact name, email address, and phone number when you sign up
- Business address and Google Business Profile details
- Payment and billing information (processed securely by Stripe — we do not store card numbers)
- Any content you submit through support requests or feedback forms
b) Information collected automatically
- Usage data: pages visited, features used, time spent, device type and browser
- IP address and approximate location (city/country level only)
- QR code scan events at your business location (timestamp, device type — not personal identity)
- Analytics data collected via Vercel Analytics
c) Information from Google APIs
When you connect your Google Business Profile to VLYR, we access your Google My Business account data solely to facilitate review management on your behalf. This includes: reading your existing reviews, posting owner responses, and directing customers to your Google review page. We do not access your personal Gmail, Google Drive, or any Google services beyond the Google Business Profile API scopes you explicitly authorize.
3. How We Use Your Information
- To provide the service: connecting your QR codes to your Google Business Profile, routing customer feedback, sending loyalty reward notifications
- To improve the product: understanding which features are used most, diagnosing technical issues, improving reliability
- To communicate with you: sending transactional emails (account setup, alerts, reports), and product updates if you opt in
- For billing: processing subscription payments and sending receipts
- For legal compliance: maintaining records as required by applicable law
We do not sell your personal data. We do not use your data for advertising targeting. We do not share your data with third parties except as described in Section 5.
4. Google API Data — Limited Use Disclosure
VLYR's use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Specifically:
- We only request Google API scopes necessary to deliver the VLYR service to you
- We do not transfer Google user data to third parties for purposes unrelated to providing or improving VLYR's features
- We do not use Google user data for advertising or to train AI/ML models unrelated to the service
- We do not allow humans to read your Google API data unless you explicitly grant access for support purposes or we are required to do so by law
- You may revoke VLYR's access to your Google account at any time via your Google account permissions page
5. Data Sharing
We share data with the following categories of service providers, only to the extent necessary to operate the platform:
- Stripe — payment processing. Stripe's privacy policy governs payment data.
- Vercel — hosting and analytics infrastructure
- Google Cloud — API infrastructure for Google Business Profile integration
- Email delivery provider — for transactional emails only
All providers are contractually bound to protect your data and use it only for the purposes we direct.
6. Data Retention
We retain your account data for as long as your subscription is active. If you cancel, we retain your data for 30 days to allow for reactivation, then delete it from our systems unless we are required by law to retain it longer. QR scan event logs are retained for 12 months for analytics purposes, then permanently deleted.
7. Your Rights
Depending on your location, you may have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Request deletion of your data ("right to be forgotten")
- Export your data in a portable format
- Withdraw consent for data processing at any time
To exercise any of these rights, email us at privacy@vlyr.app. We will respond within 30 days.
8. Security
We use industry-standard security measures including HTTPS/TLS encryption in transit, encrypted storage at rest, and access controls limiting who can access production data. No system is 100% secure. If you discover a security vulnerability, please disclose it responsibly to security@vlyr.app.
9. Cookies
We use essential cookies required for the platform to function (session management, authentication). We use analytics cookies via Vercel Analytics to understand aggregate usage patterns — no personally identifiable information is included. We do not use advertising or tracking cookies. You may disable cookies in your browser settings; this may affect platform functionality.
10. Children's Privacy
VLYR is a business tool intended for use by adults operating commercial establishments. We do not knowingly collect personal data from individuals under 16 years of age.
11. Changes to This Policy
We may update this Privacy Policy as the product evolves. When we make material changes, we will notify you by email and update the "Last updated" date at the top of this page. Continued use of VLYR after changes take effect constitutes acceptance of the updated policy.
12. Contact Us
For any privacy-related questions or requests: