Privacy policy.

Account information. When you sign up we collect your email address and the password (or third-party login token) needed to authenticate you. Authentication is handled by our partner Clerk; we never see or store your raw password.

Profile content. Anything you enter into your dashboard — business name, bio, story, location, photos, links, packages, testimonials, videos, social handles, custom theme and domain — is stored so we can render your public bio page.

Payment information. If you upgrade to Focally Pro, Stripe collects and stores your card details on our behalf. We receive only a customer reference, the subscription status, and the renewal date — never your full card number or CVC.

Usage analytics. When a visitor loads your public bio we record the view (with an approximate country derived from IP, never a precise location) and any link clicks. These power the analytics dashboard. We do not use third-party advertising trackers.

Technical data. We collect basic request metadata (IP address, browser user-agent, timestamps) for security, fraud prevention, and to keep the service running.

We use your data to provide and improve the service: render your public bio, show you analytics about your audience, process subscriptions, send transactional emails (sign-up confirmation, password reset, payment receipts, inquiry forwarding), and respond when you contact support.

We do not sell your data. We do not share it with advertisers. We do not use it to train machine-learning models.

We rely on a small number of vetted service providers to operate Focally. Each one receives only the data they need to do their job:

Clerk — authentication and session management. Supabase — encrypted database and file storage for your profile data and photos. Stripe — payment processing and subscription billing. Vercel — application hosting and edge analytics. Resend — transactional email delivery. Neon — serverless Postgres infrastructure.

We may also disclose information if required by law, court order, or to investigate suspected fraud or security incidents.

Focally is not directed to children under the age of 13. We do not knowingly collect, store, or process personal information from anyone under 13. If you are under 13, please do not use Focally or provide any information about yourself to us.

If we learn that we have collected personal information from a child under 13, we will delete that information from our systems as quickly as possible. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@focally.me and we will take immediate action.

This commitment aligns with the U.S. Children's Online Privacy Protection Act (COPPA). For users in the European Economic Area, the United Kingdom, and similar jurisdictions, our minimum age may be higher where local law requires it (typically 16).

You can view, edit, or delete any profile content at any time from your dashboard. Deleting your account permanently removes your profile, photos, analytics, and any associated personal data, except where we are required by law to retain it (for example, financial records related to past payments).

Residents of California, the European Economic Area, the United Kingdom, and other regions with applicable data-protection laws have additional rights, including the right to access the personal data we hold about you, request correction or deletion, object to certain processing, and request that your data be exported in a portable format.

To exercise any of these rights, email us at privacy@focally.me. We will respond within 30 days. You also have the right to lodge a complaint with your local data-protection authority.

We keep your data for as long as your account is active. When you delete your account we remove your profile and analytics within 30 days. Backups are rotated out within 90 days. Payment records may be retained longer where tax and accounting law requires.

Data is transmitted over HTTPS and stored in encrypted databases. We follow standard industry practices for credential storage, access control, and auditing, but no system is perfectly secure. If you become aware of a vulnerability, please report it to privacy@focally.me so we can address it.

Our infrastructure providers operate globally and your data may be processed in the United States or other countries. Where required, we rely on appropriate transfer mechanisms such as the EU Standard Contractual Clauses to ensure your data receives an equivalent level of protection.

We use a small number of cookies for authentication, session management, and basic analytics. We do not use advertising cookies. See our cookie policy for the full list.

We may update this policy from time to time. Material changes will be announced by email or with a prominent notice in the dashboard at least 14 days before they take effect. The “last updated” date at the top of this page always reflects the current version.

Questions, requests, or concerns? Email us at privacy@focally.me and we'll respond promptly.