← Home
Legal

Privacy Policy

Last updated: May 2026

Plain-English summary: We collect your email + the orders + earnings tied to your code. We use Stripe for payments, Resend for email, Neon for the DB. We never sell your data. You can export or delete it anytime from your account.

What we collect

  • Account info: email, name, profile image (if provided), code
  • Order info: products purchased, prices, code used, billing/shipping address (only when needed for tax + shipping)
  • Stripe Connect data: for members receiving payouts — KYC info handled directly by Stripe; we only store the connected account ID
  • Browsing context: sticky dd_code cookie for code attribution; basic analytics (no personal profiling)

How we use it

  • Process purchases and deliver perks
  • Pay members
  • Send transactional emails (order confirmations, sale notifications)
  • Calculate tax via Stripe Tax
  • Detect fraud (self-referral voids, abuse patterns)
  • 1099 reporting for US members earning $600+/year

Who else handles your data

  • Stripe — payment processing + Connect payouts (subject to Stripe’s privacy policy)
  • Neon / Postgres — primary database (US-East region)
  • Resend — transactional email delivery
  • Vercel — application hosting + edge functions
  • Cloudflare — DNS + DDoS protection
  • Sentry — error monitoring (no personal data in error reports)

Cookies

  • dd_code — remembers a code you visited via /c/CODE
  • next-auth.session-token — keeps you signed in
  • dd_cart — your local cart (browser-only, not synced to server)

Your rights

You can export your data (orders, earnings, profile) or delete your account at any time from /account or by emailing [email protected].

We honor GDPR, CCPA, and similar requests. Deletions take effect within 30 days; some records (like financial transactions for legal/tax reasons) may be retained longer where required by law.

Security

HTTPS everywhere. Postgres credentials never leave the server. Audit log on every sensitive action. Sentry alerts on suspicious patterns.

Children

DealyDally is not directed to children under 13. We don’t knowingly collect data from children under 13.

Contact

Privacy questions: [email protected]