Privacy Policy

Followly (“we”, “us”, or “our”) operates the followly.cc platform, an automated follow-up tool that helps photographers and service businesses send personalized follow-up reminder emails to their clients. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and your rights regarding that data.

By creating an account or using followly, you agree to the practices described in this policy.

We use the data we collect for the following purposes:

• Creating and managing your account
• Sending scheduled reminder emails to your clients on your behalf
• Processing your subscription and managing billing
• Displaying your client and reminder history within the app
• Detecting and handling bounced or failed emails
• Responding to support requests
• Improving the reliability and features of the service

We do not sell, rent, or share your data or your clients' data with third parties for marketing or advertising purposes.

You are the data controller for the client information you add to followly. We act as a data processor on your behalf. We do not contact your clients independently, use their data for our own purposes, or share their information with any third party beyond what is necessary to deliver the emails you schedule.

You are responsible for ensuring you have a lawful basis for storing your clients' personal data and sending them emails through followly (for example, a pre-existing business relationship or their consent), in compliance with applicable law including the Spam Act 2003 (Cth), CAN-SPAM, and GDPR.

followly's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, information received from Google APIs is used only to provide or improve user-facing features that are prominent in our application. It is not used for serving advertisements, for purposes unrelated to our service, or to determine creditworthiness or for lending purposes. We do not allow humans to read this data unless we have your affirmative agreement, doing so is necessary for security purposes, or we are required to do so by law.

followly relies on the following sub-processors to deliver the service. Each operates under its own privacy policy and data processing terms:

• Supabase — database hosting and authentication
• Stripe — payment processing and subscription management
• Resend — transactional email delivery
• Google OAuth / Google Calendar API — sign-in and one-time calendar import
• Cloudflare — application hosting and edge infrastructure
• PostHog — product analytics. We track anonymised in-app actions (e.g. client added, email sent) to understand how the product is used. No client names, emails, or message content are ever sent to PostHog.
• Sentry — error monitoring. Unhandled errors are reported to help us fix bugs. Error reports do not include client data or message content.

We retain your account data and client records for as long as your account is active. Reminder logs are retained for up to 2 years to support your activity history.

If you delete a client record, it is soft-deleted immediately (no longer visible or used in reminders) and permanently removed within 7 days.

You can delete your account at any time from the Settings page. All your profile data and client records will be permanently erased within 7 days. Your email address is retained in an internal list solely to prevent trial abuse (re-registration to obtain a new free trial) for up to 2 years, after which it is permanently deleted. The legal basis for this retention is our legitimate interest in preventing abuse of the free trial system. No other personal data is kept after deletion.

In the event we become aware of a personal data breach, we will notify affected users and relevant authorities as required by applicable law, including the Notifiable Data Breaches scheme under the Australian Privacy Act 1988 and, where applicable, GDPR. We will contact you using the email address associated with your account.

Depending on where you are located, you may have rights under applicable privacy law (including the Australian Privacy Act 1988, GDPR, and CCPA) to:

• Access the personal data we hold about you
• Correct inaccurate data
• Request deletion of your data
• Object to or restrict certain processing
• Receive a copy of your data in a portable format
• Withdraw consent where processing is based on consent

You can update your profile information and business details at any time from the Settings page. You can delete your account directly from Settings. To request a data export or exercise any other right, email us at the address below and we will respond within 30 days.

followly uses essential session cookies required for authentication. We also use localStorage (not cookies) for PostHog analytics to remember your anonymous session. No advertising cookies or cross-site tracking cookies are used.

followly is a business tool intended for adults. We do not knowingly collect personal data from children. If you believe a child has created an account, please contact us and we will delete the data promptly.

We may update this policy from time to time. If we make material changes, we will notify you by email or by displaying a notice in the app before the change takes effect. Continued use of followly after an update constitutes acceptance of the revised policy.

If you have any questions about this policy, want to exercise your rights, or need to report a privacy concern, please contact us at hello@followly.cc.