Privacy Policy

Prflio collects only the data needed to run your account and your public profile cards.

• Account data: the email address and (optional) name you provide when you sign up. Authentication is handled by Neon Auth (Better Auth) on our behalf — they store the password hash and session tokens for us.
• Profile content: whatever you put on your card — name, title, organization, contact info, social links, custom buttons, bio, theme choice, headshot/cover images.
• Image uploads: stored on Cloudinary. Image URLs are public so visitors can render your card; the originals are not browsable beyond their URL.
• Subscription state: if you upgrade to Pro, we record the subscription status (active/cancelled/etc) and renewal date provided by our payment processor (Lemon Squeezy or Apple, depending on where you upgraded). We do not see or store card numbers — that data lives with the processor.
• Operational logs: we keep short-lived request logs for debugging and rate limiting. They contain timestamps, route paths, and your account ID where applicable. No request bodies are logged.

To keep Prflio reliable and to learn what to build next, we run a small set of measurement tools. You decide what's onvia the cookie banner shown on your first visit (re-openable from any page in the future).

• Sentry — error monitoring. When something crashes we get the stack trace, browser version, and the route you were on. No form contents, no card data, no PII. Defaults to ON under legitimate-interest grounds; you can turn it off.
• PostHog — product analytics. Pageviews, signup, which themes are popular, whether share flows complete. Tagged with your account ID once signed in (so we can tell new vs returning Pro users apart). Defaults to OFF until you accept.
• Google Analytics — pageview measurement on marketing pages. Defaults to OFF until you accept.

We do not sell, rent, or share data with advertisers — there's no ad business here. No location data, no contact list scraping, no device IDs. No card numbers, ever.

Anything you put on a card you've published is intentionally public at prflio.com/[your-slug], by NFC tap, QR scan, or link share. We don't put it there — you do. If you want a card hidden, set it to inactive in the editor or delete it entirely.

We use a small set of vendors to operate the service. Each has its own privacy policy and is contractually limited to processing data on our behalf:

• Vercel — hosts the web app and runs server-side code.
• Neon — hosts the Postgres database and runs the authentication service.
• Cloudinary — stores and serves your headshot/cover images.
• Lemon Squeezy — processes subscription payments for the web. Acts as merchant of record for tax purposes.
• Apple — processes subscription payments inside the iOS app, when applicable.
• Sentry — error monitoring. Receives crash stack traces; never form input. Toggleable in the cookie banner.
• PostHog — product analytics. Receives pageviews and event names you trigger (signup, profile_created, share_initiated). Toggleable in the cookie banner.
• Google — pageview measurement (Google Analytics) on the marketing site. Toggleable in the cookie banner.

You can export, edit, and delete your data at any time:

• Edit / delete a card: in the dashboard or the mobile app under that card.
• Delete your account: Account → Delete account. This permanently removes your account, every card you own, and any active subscription. We cannot recover deleted accounts.
• Export: reach out via the email below and we'll send you a JSON export of your account and cards within 30 days.

Prflio is not directed at children under 13. If you believe a minor has signed up without permission, contact us and we'll remove the account.

If we make a material change to how we handle data, we'll notify active users by email and update the date at the top of this page.

Questions, exports, deletions, or anything else: hello@profiles.app.