Legal
Last updated: May 31, 2025
Rately (“we”, “our”, or “us”) operates the Rately platform, accessible at rately.io. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.
By using Rately, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use our service.
When you create an account, we collect your email address, name (optional), and authentication credentials. Account authentication is handled by Clerk, Inc. We do not store passwords directly.
Restaurant owners provide: restaurant name, city, cuisine type, Google Maps URL, highlight options, signature dishes, ambiance tags, thank-you message, and discount codes. This information is used to power the customer review experience.
When customers use your restaurant's QR code, we collect: star rating (1–5), selected highlight tags, optional written feedback, and the AI-generated review text. For customers rating 4–5 stars, this data is used to generate a Google review suggestion. For customers rating 1–3 stars, feedback is stored privately in your dashboard.
We collect QR code scan counts, page views, and session timing to provide analytics. For fraud prevention and rate limiting, we collect a one-way hashed (SHA-256) version of visitor IP addresses — the raw IP is never stored.
Payment processing is handled entirely by Paddle (our Merchant of Record). We never see, store, or process your credit card details. We only store your Paddle subscription ID and current plan status.
We do not sell your data. We do not share your personal information with third parties for marketing purposes.
We use the following third-party services to operate Rately. Each has its own privacy policy:
| Service | Purpose | Data shared |
|---|---|---|
| Clerk | Authentication | Email, name, OAuth tokens |
| Supabase | Database hosting | All user & restaurant data |
| OpenAI | AI review generation | Rating, highlights, restaurant context |
| Paddle | Payment processing | Email, billing info |
| Resend | Transactional email | Email address |
| Vercel | Hosting & CDN | Request logs, IP addresses |
We retain your data for as long as your account is active. If you cancel your subscription:
Depending on your location, you may have the following rights:
To exercise any of these rights, email privacy@rately.io. We will respond within 30 days.
Rately uses strictly necessary cookies for authentication session management (via Clerk). We do not use advertising cookies or third-party tracking cookies. We do not use Google Analytics or similar tracking tools.
Rately is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, contact us at privacy@rately.io.
We implement industry-standard security measures including TLS encryption in transit, row-level security on our Supabase database, environment variable isolation, and hashed IP addresses. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security.
We may update this Privacy Policy from time to time. We will notify you of significant changes via email and/or a notice on our website. Your continued use of Rately after changes constitutes acceptance of the updated policy.
For privacy-related questions or requests: