1. Introduction
DearlySent Inc. (“DearlySent,” “we,” “us,” or “our”) values your trust. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website (dearlysent.com), use our mobile application, receive a gift or communication initiated by a DearlySent user, or engage with our services in any way (collectively, the “Platform”).
This Policy applies to all users, visitors, gift recipients, contributors, and any person whose information we process in connection with our Services, whether or not they have created an account. By using the Platform, you agree to the collection and use of information in accordance with this Policy. If you do not agree, please do not use the Platform.
2. Information We Collect
We collect information in three ways: directly from you, automatically when you use the Platform, and from others.
2.1 Information You Provide
- Identity Data: Mobile phone number (our primary identifier), email address, full name, and date of birth.
- Profile Data: Display name, profile photo, bio, gift preferences, handwriting style selection, and signature closing preference.
- Transaction Data: Recipient names, delivery addresses, return addresses, delivery scheduling preferences, order history, and promotional codes used. We do not store full credit card numbers or CVVs; payment data is handled directly by Stripe. Your Stripe customer identifier is stored in your account metadata so we can manage saved payment methods on your behalf.
- User Content: The messages you write in Heirlooms, voice recordings you create for Sprouts, videos and photos you upload to Gather, and any artwork submitted for our design catalog.
- Communications: Records of your interactions with our Care Ambassadors via email, including sender address, subject lines, message content, attachments, and email headers.
- Account Preferences: Timezone, notification channel preferences (SMS or email), discoverability settings, default sender name, and multi-factor authentication enrollment status.
- Campaign Submissions: If you submit a message through a public campaign page (such as our Heroes page), we collect the name, email address, and message content you provide.
2.2 Information Collected Automatically
- Device Data: Device type, operating system, browser type, screen dimensions, and a device identifier we assign (stored as a cookie or generated per session) for security and anti-abuse purposes. On our mobile app, we collect your Expo push notification token, platform type (iOS/Android), and a device build identifier for push notification delivery.
- Usage Analytics: Pages visited, time spent, user interactions, and referral sources. We use PostHog for product analytics, including server-side event capture for key actions (account creation, order completion). PostHog’s analytics include autocapture of UI interactions (such as button clicks) and session replay with all input fields masked. We use these tools to understand how users interact with the Platform so we can improve the experience.
- IP Address: We collect your IP address from request headers for security, fraud prevention, rate limiting, and general location inference (city and state level). For Sprout and Heirloom orders, your IP address is stored alongside the order record as part of our anti-abuse system. We do not collect precise GPS coordinates unless you explicitly grant permission.
- Error Monitoring: We use Sentry to capture application errors and performance data. Sentry may receive technical context (URL, browser, stack traces, session data) when an error occurs. We sample performance traces at a reduced rate to minimize data collection.
2.3 Information from Others
- Contact Syncing: If you sync your phone contacts (mobile app) or import Google Contacts (web), we process the phone numbers and names from your address book to identify friends already on DearlySent and to populate your contact list. Phone numbers from synced contacts are stored in your contact records. You control your own discoverability via your account settings (the “Discoverable” toggle, enabled by default). We do not sell contact lists.
- Address Requests: If someone sends you an “Address Request” link, we collect the address information you input (name, street, city, state, postal code) and associate it with the sender’s order. You may choose whether to share your address with the sender permanently or for one-time use only. Your address is verified through our address verification service (Smarty), and verification metadata (such as USPS deliverability status) is stored internally.
- Gift Recipients and Contributors: If you receive a Sprout, Heirloom, or Gather invitation, the sender may provide your name, email address, or phone number to us. We use this information to deliver your gift and facilitate the experience.
- OAuth Providers: If you sign in with Google or Apple, we receive your name and email address from that provider.
- Payment Processors: When you complete a purchase, Stripe may share your billing name with us for identity verification and order processing purposes.
3. Non-User Data
Some of our features involve processing information about people who have not created a DearlySent account (“Non-Users”). This includes:
- Gift Recipients: When a user sends a Sprout or Heirloom, they provide the recipient’s name and contact information. We use this solely to deliver the gift.
- Address Request Respondents: Recipients of Address Request links who provide their mailing address for one-time or ongoing use.
- Synced Contacts: When a user syncs their phone contacts, the names and phone numbers of their contacts are stored in the user’s contact list. If a synced contact later creates a DearlySent account, the contact record is automatically linked to enable friend discovery.
- Gather Contributors: People invited to contribute video clips to a Gather project, whose name and email are collected to facilitate participation.
- Support Correspondents: If you email our support address, we process your email address and message content to respond to your inquiry, even if you do not have an account.
We maintain internal records that link interactions across the Platform (such as gifts sent, gifts received, and contact relationships) to provide a cohesive service experience. These records may include information about Non-Users derived from transactions initiated by our registered users.
If you are a Non-User and wish to have your data reviewed, corrected, or deleted, please contact us at care@dearlysent.com. We will process your request in accordance with applicable law.
4. How We Use Your Information
- Fulfillment: To print Heirlooms, generate QR codes, plant trees via Tree Nation (which receives the recipient’s first name to personalize the tree certificate), process Sprout digital gifts, compile Gather videos, and deliver orders via USPS.
- Identity and Security: To verify your identity via SMS (through Twilio, integrated via Supabase Auth), detect fraud through device fingerprinting and rate limiting, and prevent abuse of free gift features.
- Address Verification: To validate and standardize mailing addresses through Smarty (a USPS-certified address verification service) before fulfillment. Address components (street, city, state, ZIP) are sent to Smarty; recipient names are not shared with Smarty.
- Voice Transcription: To convert voice recordings into text for gift messages using Google’s Gemini AI. The audio file content is sent to Google’s API for processing. Google’s API terms prohibit using API inputs for model training. We do not send user identifiers, account information, or order IDs alongside the audio.
- Social Connection: To match you with friends already on the platform and display their birthdays and life events (when they have opted to share this information).
- Communication: To send order confirmations, shipping updates, delivery notifications, and address request links via SMS (through Twilio) or email (through Resend). SMS message identifiers from Twilio and email delivery identifiers from Resend are stored in our order records for delivery tracking.
- Support: To receive and respond to customer support inquiries. We sync our support inbox through the Google Gmail API to centralize support correspondence in our admin tools.
- Push Notifications: To deliver event reminders, order updates, and service notifications to your mobile device through the Expo Push Notification Service.
- Improvement: To analyze aggregated usage patterns (via PostHog) and improve the user experience. We do not use your private messages or voice recordings to train public-facing AI models.
- Audit and Compliance: To maintain audit logs of administrative actions (including staff IP addresses and user agents) for security monitoring and regulatory compliance.
- Marketing: To send relevant gift ideas or holiday reminders. You can opt out at any time.
5. Cookies and Local Storage
We use cookies and browser storage to operate the Platform. Here is exactly what we store:
5.1 Cookies
| Cookie | Purpose | Duration |
|---|---|---|
| Session token | Supabase authentication session (keeps you signed in) | Session |
| Device identifier | Anti-abuse protection for free Sprout gift redemptions | 1 year |
| Gift credit | Stores promotional credit from redeemed gift codes | 2 days |
| Guest order | Prefills your name and email if you create an account after a guest purchase | 24 hours |
| Auth redirect | Remembers where to send you after sign-in | 1 hour |
All cookies are HTTP-only and use secure attributes in production. We do not use advertising or third-party tracking cookies. PostHog may set its own first-party cookies for analytics session identification in accordance with its privacy policy.
5.2 Browser Local Storage
- Checkout draft: Saves your in-progress Heirloom order (design selection, message, address) so you don’t lose your work if you navigate away. Expires after 24 hours.
- Auth verification signal: A temporary flag used to coordinate sign-in across browser tabs. Expires after 5 minutes.
- Free tree redemption flag: Tracks whether you have redeemed a complimentary Sprout to prevent duplicate redemptions.
5.3 Mobile App Storage
Our mobile app uses on-device storage (MMKV/AsyncStorage) to persist your session, preferences, draft messages, friend address book, notification settings, and cached data for offline access. This data stays on your device and is not shared with third parties.
6. Sharing and Disclosure
We do not sell your personal data. We do not share or sell your mobile phone number to third parties for marketing purposes. We share your information only in the following limited circumstances:
6.1 Service Providers
We share data with trusted third parties who help us operate the Platform. They are bound by contractual obligations or their own privacy commitments to protect your data:
| Provider | Purpose | Data Shared |
|---|---|---|
| Stripe | Payment processing | Payment method details, billing name, email, transaction amounts |
| Supabase | Database, authentication, file storage | All account and order data (hosted infrastructure) |
| Twilio | SMS delivery for authentication and order notifications | Phone number, message content (OTP codes, order confirmations) |
| Vercel | Web hosting and edge delivery | Request metadata (IP address, URL, user agent) via standard web hosting |
| Resend | Transactional and support email delivery | Email address, name, message content for order confirmations and support |
| Sentry | Error monitoring and performance | Error context (URL, browser, stack traces); minimized PII |
| PostHog | Product analytics and session replay | User ID, email, page views, UI interactions, masked session recordings |
| Tree Nation | Real tree planting for Sprout gifts | Recipient’s first name (for tree certificate personalization) |
| Mux | Video processing and hosting for Gather and video emails | Video files, order ID as metadata |
| Smarty | USPS-certified address verification and autocomplete | Address components (street, city, state, ZIP); names are not sent |
| Google AI (Gemini) | Voice message transcription | Audio file content only; no user identifiers |
| Google (Gmail API) | Support inbox synchronization | Support email content processed through our support inbox |
| USPS | Physical mail delivery | Recipient and return addresses printed on envelopes |
| Cloudflare | CDN, DDoS protection, and DNS | Request metadata (IP address, URL) via transparent proxy |
| Expo | Mobile push notification delivery | Push token, notification content (title, body) |
6.2 Visible Features
- Heirlooms: Your message content is visible to the recipient and our fulfillment staff who physically handle the card.
- Public Profiles: If you create a public profile (dearlysent.com/u/username), the information you add is visible to anyone with the link.
- Gather Videos: Group videos are visible to all contributors and the recipient.
- Friend Discovery: If you have enabled discoverability, other users who have your phone number in their contacts may see your name and profile when they sync their contacts.
6.3 Legal Compliance and Protection
We may disclose your information if we believe in good faith that disclosure is required or permitted by law, regulation, valid subpoena, court order, or governmental request, or to: (a) protect the rights, property, or safety of DearlySent, our users, or the public; (b) detect, prevent, or address fraud, security, or technical issues; (c) enforce our Terms of Service; or (d) respond to an emergency involving danger of death or serious physical injury.
6.4 Business Transfers
If DearlySent is involved in a merger, acquisition, asset sale, bankruptcy, or other business transaction, your information may be transferred as part of that transaction. We will notify you via email or prominent notice on the Platform before your information becomes subject to a different privacy policy.
7. Anti-Abuse and Device Fingerprinting
To prevent fraud and abuse of our free gift features, we collect limited device-level information:
- A device identifier (a random UUID stored as a cookie) to detect repeat redemptions of free Sprout gifts.
- Your IP address, which is stored alongside Sprout and Heirloom order records for anti-abuse enforcement. Raw IP addresses are retained in order records for the lifetime of the order.
- Screen dimensions (width, height, and pixel ratio), which may be used as a fallback signal when no device cookie is available.
- A hashed fingerprint (SHA-256 hash of device identifier or session signals) stored alongside gift records. We store only irreversible hashes (except for the raw IP address noted above) used to detect duplicate redemptions.
This data is used solely for fraud prevention and anti-abuse enforcement. It is not used for advertising, behavioral tracking, or user profiling.
8. Your Rights and Choices
8.1 Account Information
You may update your name, phone number, email, and address at any time in your account settings.
8.2 Contact Discovery
You control whether other users can find you through contact syncing. Toggle the “Discoverable” setting in your account to opt out. Note that discoverability is enabled by default.
8.3 Marketing Communications
- Email: Click “Unsubscribe” at the bottom of any marketing email.
- SMS: Reply STOP to any marketing text message. Note that transactional messages (order confirmations, login codes) are not affected by this opt-out and will continue as necessary for the operation of the Services.
- Push Notifications: You can disable push notifications at any time through your device settings or the notification preferences screen in our mobile app.
8.4 Notification Preferences
You may choose whether to receive login codes and order confirmations via SMS or email in your account settings.
8.5 Data Access, Export, and Deletion
You have the right to request a copy of the data we hold about you or to request deletion of your account. You can initiate both from your account settings or by emailing care@dearlysent.com.
- Data Export: You may download a copy of your personal data (profile, settings, contacts, events, addresses, orders, and credit transactions) from your account settings.
- Account Deletion: Upon request, your account enters a 30-day grace period. You may reactivate by signing in during this window. After 30 days, personal data is permanently purged: your profile is anonymized, contacts and addresses are deleted, and your authentication account is removed.
- Retained Data: We retain anonymized transaction records (order history, payment references) for up to 7 years for tax and legal accounting purposes, even after account deletion. Anti-abuse records (fingerprint hashes, IP-derived data) may be retained to prevent re-abuse. Support correspondence may be retained for legal compliance.
8.6 Non-User Requests
If you do not have a DearlySent account but believe we hold your personal information (for example, because someone sent you a gift or synced their contacts), you may request review, correction, or deletion of your data by emailing care@dearlysent.com. We will verify your identity before processing your request.
9. California Privacy Rights (CCPA/CPRA)
If you are a California resident, the California Consumer Privacy Act (as amended by the California Privacy Rights Act) grants you specific rights regarding your personal information:
- Right to Know: Request the categories and specific pieces of personal information we collected about you, the sources of collection, the business purposes, and the categories of third parties with whom we share it.
- Right to Delete: Request deletion of your personal information, subject to legal exceptions (such as completing a transaction or complying with legal obligations).
- Right to Correct: Request correction of inaccurate personal information we maintain about you.
- Right to Opt-Out of Sale/Sharing: We do not sell your personal information. We use PostHog for product analytics, which may be considered “sharing” of personal information under California law for cross-context behavioral analytics purposes. You may opt out by enabling Global Privacy Control (GPC) in your browser; we honor GPC signals.
- Right to Limit Use of Sensitive Personal Information: We use sensitive personal information (phone number, precise geolocation if provided) only for purposes permitted under the CPRA, such as providing our Services and verifying your identity.
- Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights.
To exercise these rights, email care@dearlysent.com or use the controls in your account settings. We will verify your identity before processing any request. You may also designate an authorized agent to make a request on your behalf; we will require proof of authorization.
10. Other State Privacy Rights
Residents of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and other states with comprehensive privacy laws may have similar rights to those described in Section 9, including the right to access, correct, delete, and opt out of certain data processing. To exercise any state-specific privacy rights, please contact us at care@dearlysent.com. We will respond in accordance with applicable law.
11. Data Retention
- Account Data: Retained as long as your account is active, plus 30 days after a deletion request (grace period).
- Transaction Data: Retained for 7 years for tax and regulatory compliance, even after account deletion (in anonymized form).
- User Content: Heirloom messages and Sprout messages are retained to allow you to view your order history, unless you request deletion.
- Voice Recordings: Audio files stored in our systems are retained for the lifetime of the associated order to enable voice playback. They may be deleted upon account deletion or upon request.
- Support Communications: Retained for the duration of your account and may be retained after deletion for legal compliance purposes.
- Anti-Abuse Data: Device fingerprint hashes and IP addresses associated with order records are retained for the lifetime of the associated record. Anti-abuse records may survive account deletion to prevent re-abuse.
- Non-User Data: Information about Non-Users (gift recipients, synced contacts) is retained as long as the associated user account is active or as needed to fulfill orders. Non-Users may request deletion by contacting us.
- Audit Logs: Administrative audit logs (including staff IP addresses and user agents) are retained indefinitely for security and compliance monitoring.
12. Security
We use industry-standard security measures to protect your data:
- Encryption: Data is encrypted at rest (Supabase database, Supabase Storage) and in transit (TLS/SSL on all connections).
- Row-Level Security: Our database enforces row-level security (RLS) policies so users can only access their own data. Administrative access requires staff-level authentication and multi-factor authentication.
- Access Control: Access to personal data is restricted to authorized personnel who need it for their job duties.
- Audit Logging: Administrative actions are logged with actor identity, timestamp, IP address, and action details.
- Webhook Verification: All incoming webhooks (Stripe, Resend) are cryptographically verified before processing.
- Payment Security: We do not store credit card numbers, CVVs, or sensitive payment credentials. All payment data is processed by Stripe in compliance with PCI-DSS standards.
No method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security and are not liable for unauthorized access resulting from events beyond our reasonable control.
13. Children’s Privacy
Our Services are not directed to children under 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected such information without verifiable parental consent, we will delete it promptly.
If a parent or guardian submits artwork created by their child for use on our Platform, they affirm that no personally identifiable information of the child is attached to the public-facing product beyond a first name and age (e.g., “By Noah, Age 7”).
If you believe we have inadvertently collected information from a child under 13, please contact us immediately at care@dearlysent.com.
14. International Users
DearlySent is headquartered in the United States and our services are primarily designed for users within the United States. If you access the Platform from outside the United States, your personal information will be transferred to and processed in the United States, which may have different data protection laws than your country of residence. By using the Platform, you consent to this transfer and processing. We process data from international users on the basis of your consent and our legitimate interest in providing the Services.
15. Do Not Track
Some browsers transmit “Do Not Track” (DNT) signals. We do not currently respond to DNT signals because there is no industry standard for compliance. However, we do honor Global Privacy Control (GPC) signals as described in Section 9.
16. Changes to This Policy
We may update this Privacy Policy to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will update the “Last updated” date at the top of this page and may notify you by email or through a notice on the Platform. We encourage you to review this Policy periodically. Your continued use of the Platform after any changes constitutes your acceptance of the revised Policy.
17. Contact Us
Questions about this Privacy Policy? Contact us:
- Privacy Inquiries: care@dearlysent.com
- General Support: care@dearlysent.com
- Phone: (602) SEND-JOY
- Mail: DearlySent Inc., Privacy Officer, 2261 Market Street STE 87409, San Francisco, CA 94114, United States