Privacy Policy

Last updated: April 13, 2026

1. Introduction

Communly (communly.io) is operated by Iterum. This Privacy Policy explains what personal data we collect, how we use it, and your rights regarding your data. We are committed to protecting your privacy and handling your data transparently.

2. Data We Collect

We collect the following information: your email address (required for account creation and communication), display name (optional, for identification within organizations), phone number (optional, for SMS notifications via Twilio), organization membership and role information, group buy participation and voting records, and payment information (processed by Stripe — we do not store full card details).

3. How We Use Your Data

We use your data to provide and maintain the Communly platform, to authenticate your identity and manage your account, to facilitate group buys and organizational governance, to send transactional emails (via Resend) such as magic link logins, invitations, and group buy updates, to send SMS notifications (via Twilio) when you opt in, to process payments (via Stripe), and to monitor and improve platform reliability through error tracking (via Sentry, using anonymized data).

4. Data Storage & Hosting

Your data is stored on Supabase (PostgreSQL database hosted on AWS). The web application is hosted on Vercel. All data is transmitted over encrypted connections (HTTPS/TLS). Database access is protected by row-level security policies that ensure you can only access data you are authorized to see.

5. Third-Party Services

We use the following third-party services to operate Communly: Supabase for database hosting and authentication, Vercel for application hosting, Stripe for payment processing, Resend for transactional email delivery, Twilio for SMS notifications, and Sentry for error monitoring (anonymized, no personal data is sent). Each service has its own privacy policy. We only share the minimum data necessary for each service to function.

6. Data Sharing

We do not sell your personal data to third parties. Your data is shared only with: other members of organizations you belong to (limited to what is necessary for the organization to function, such as your display name and role), third-party service providers listed above (solely for operating the platform), and law enforcement when required by applicable law.

7. Cookies

Communly uses essential cookies only. These include a session cookie for authentication and a locale preference cookie to remember your language choice. We do not use advertising or tracking cookies. No third-party analytics cookies are set.

8. Data Retention

We retain your account data for as long as your account is active. If you delete your account, your personal data is removed within 30 days. Anonymized, aggregated data (such as organization-level statistics) may be retained indefinitely. Organization records that you contributed to (such as votes and group buy commitments) may be retained by the organization after your departure, in anonymized form.

9. Your Rights

You have the right to access your personal data, to correct inaccurate data, to export your data in a portable format, to request deletion of your account and personal data, and to withdraw consent for optional data processing (such as SMS notifications). To exercise any of these rights, contact us at privacy@communly.io.

10. Children's Privacy

Communly is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or through a notice on the platform. The "Last updated" date at the top of this page indicates when the policy was most recently revised.

12. Contact

For privacy-related questions or to exercise your data rights, contact us at privacy@communly.io.