Legal

Privacy Policy.

Effective April 25, 2026. We collect only what we need to deliver one warm Tuesday email — and nothing we don't.

This Privacy Policy explains how Light in the Dark Analytics LLC, a limited liability company organized under the laws of the Commonwealth of Pennsylvania, USA (“Company”, “we”, “us”, “our”), which operates the Referral Reminders product, collects, uses, discloses, and safeguards information about you when you use the Referral Reminderswebsite, web application, and related services (collectively, the “Service”). It also describes your privacy rights and how to exercise them. If you do not agree with this Policy, do not use the Service. This Policy is incorporated into our Terms of Service.

1. Quick summary

  • What we collect: account info from our authentication provider (Clerk), the asks and connections you create, the email digest preferences you choose, payment metadata from Stripe (never your full card number), and basic technical data needed to operate the Service.
  • What we don’t collect:contact-list scraping, address-book imports, LinkedIn data, ad-tracking identifiers, behavioral profiles for advertising, and shadow profiles of people who haven’t signed up.
  • Do we sell your data?No. We do not sell or “share” (as defined under California law) personal information for cross-context behavioral advertising.
  • Your rights: you can access, correct, export, or delete your data at any time from your account or by emailing legal@referralreminders.com.

2. Who we are and how to contact us

The data controller for personal information processed under this Policy is Light in the Dark Analytics LLC. For privacy questions, requests, or complaints, contact us at legal@referralreminders.com. For general support, email support@referralreminders.com.

3. Information we collect

We collect personal information in the following ways:

3.1 Information you provide

  • Account information. When you sign up, our authentication provider Clerk, Inc. collects your name, email address, and (if applicable) profile picture and account identifiers from the third-party identity provider you choose (Google). Within our database we store only a minimal record linking your Clerk account ID to your Service activity. Profile fields such as name and email live in Clerk and are fetched on demand for display.
  • Asks and Connections. The short asks you author, the connections you accept, your digest delivery schedule and timezone, and any prioritization preferences you set.
  • Communications. Messages you send us (for example, support emails or feedback).
  • Payment information. If you upgrade to a paid plan, our payment processor Stripe, Inc. collects your billing details. We receive a Stripe customer ID, the plan you bought, billing-cycle metadata, and the last four digits and brand of your card. We never receive or store your full card number, CVV, or banking credentials.

3.2 Information we collect automatically

  • Device and usage data. When you access the Service, we receive your IP address, browser type and version, operating system, device type, referring URL, pages viewed, and timestamps. This data is used to operate, secure, and improve the Service.
  • Server logs. Application logs may include request paths, error traces, and abuse signals. Logs are retained for a limited period (see Section 8) and are accessible only to authorized personnel.
  • Cookies and similar technologies. See Section 10 for our use of cookies and local storage.

3.3 Information from third parties

  • Identity providers. If you sign in with Google, we receive (via Clerk) your email address, name, profile picture, and a stable identifier. We use this only to create and authenticate your account.
  • Payment processor. Stripe shares billing-cycle metadata and payment status so we can grant or revoke access to paid features.

4. How we use information

We use personal information for the following purposes:

  • Provide the Service: create and authenticate your account, deliver the weekly email digest, deliver asks to your connections at the times you choose, and operate core features.
  • Process payments: charge subscription fees, prevent fraud, and comply with tax and accounting obligations.
  • Communicate with you: send transactional emails (digests, account notices, billing receipts, security alerts) and, with your consent where required, optional product updates.
  • Support and troubleshoot: respond to help requests, investigate bugs, and provide service.
  • Security and abuse prevention: detect, investigate, and prevent fraud, abuse, spam, and unauthorized access; enforce our Terms and acceptable use policy.
  • Improve the Service: understand how features are used, fix issues, and develop improvements. Aggregated analytics never identify individual Users.
  • Legal and compliance: comply with applicable laws, respond to lawful requests, and protect the rights, safety, and property of the Company, our Users, and the public.

No advertising profiling.We do not use your personal information to build advertising profiles, to perform cross-context behavioral advertising, or for any ad-targeting purpose, ours or any third party’s.

No AI training on your content. We do not use your asks, connection graph, or other User Content to train, fine-tune, or evaluate any machine-learning model.

5. Google Sign-In and Limited Use disclosure

If you sign in with Google, our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

  • We request only basic profile scopes (email address, name, profile picture, and a stable account identifier) sufficient to create and authenticate your account.
  • We do not request access to your Gmail, Google Drive, Google Calendar, Google Contacts, or any other restricted Google API scope.
  • We use Google account data solely to provide and improve user-facing features that are visible and prominent in the Service (account creation, sign-in, and identity display).
  • We do not transfer Google account data to third parties except as necessary to provide or improve user-facing features, comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to you.
  • We do not use Google account data for serving advertisements or to determine creditworthiness or for lending purposes.
  • We do not allow humans to read Google account data unless we have your affirmative consent for specific messages, doing so is necessary for security purposes (such as investigating abuse), to comply with applicable law, or for our internal operations and only when the data has been aggregated and de-identified.

6. Legal bases for processing (EEA / UK)

If you are in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following legal bases under the GDPR / UK GDPR:

  • Performance of a contract (Art. 6(1)(b)) — to provide the Service, process payments, and respond to support requests.
  • Legitimate interests (Art. 6(1)(f)) — to secure the Service, prevent abuse, improve features, and run essential analytics; balanced against your rights and freedoms.
  • Consent (Art. 6(1)(a)) — for optional marketing communications and non-essential cookies, where required.
  • Legal obligations (Art. 6(1)(c)) — to comply with applicable law, such as tax and recordkeeping requirements.

You may withdraw consent at any time by emailing legal@referralreminders.com or by using the unsubscribe link in our optional emails. Withdrawal does not affect prior lawful processing.

7. How we share information

We do not sell personal information. We share information only as described below.

7.1 With your Connections

The asks you author are delivered, in your own words, to the people you have mutually agreed to connect with through the Service. Your name and the asks you have shared are visible to those Connections in their digest. Your Connections cannot see one another through the Service.

7.2 With service providers (subprocessors)

We use trusted third-party providers (subprocessors) to operate the Service. They process personal information only on our instructions and under written agreements requiring appropriate confidentiality and security.

ProviderPurposeData processedLocation
Clerk, Inc.Authentication, identity, and profile storageName, email, profile picture, OAuth identifiers, session dataUSA
Neon, Inc.Managed PostgreSQL database hostingAccount links, asks, connections, digest preferencesUSA
Resend, Inc.Transactional and digest email deliveryEmail address, message content, delivery metadataUSA
Upstash, Inc.Rate-limiting (Redis) and scheduled jobs (QStash) for digest deliveryAccount identifiers, request metadata, scheduled-job payloadsUSA
Stripe, Inc.Payment processing and subscription billingName, email, billing address, payment-method metadata (last 4 digits, brand), transaction historyUSA
Fly.io, Inc.Application hosting and infrastructureServer logs, IP addresses, request dataUSA

7.3 Legal and safety disclosures

We may disclose information if we reasonably believe disclosure is required to (i) comply with applicable law, regulation, legal process, or governmental request; (ii) enforce our Terms, including investigation of potential violations; (iii) detect, prevent, or address fraud, security, or technical issues; or (iv) protect the rights, property, or safety of the Company, our Users, or the public. Where legally permitted, we will give you advance notice of legal requests for your data.

7.4 Business transfers

If we are involved in a merger, acquisition, financing, reorganization, or sale of assets, your information may be transferred as part of the transaction. We will give notice before personal information is transferred and becomes subject to a different privacy policy.

7.5 With your consent

With your consent, we may share information for purposes not described above. You may withdraw consent at any time.

8. Data retention

We retain personal information only as long as necessary to provide the Service and for the purposes described in this Policy.

  • Account, asks, and connections: retained while your account is active. When you delete your account, we delete this data within thirty (30) days, except as needed to comply with legal obligations, resolve disputes, or enforce our agreements.
  • Email delivery records: retained by Resend per their retention policy and by us for up to ninety (90) days for deliverability and abuse-prevention purposes.
  • Server logs and rate-limit records: retained for up to thirty (30) days, except where longer retention is needed for security investigations.
  • Billing and tax records: retained for up to seven (7) years to comply with tax and accounting obligations.
  • Backups: may persist for up to ninety (90) days after deletion of live data and are then overwritten on a rolling basis.

9. International data transfers

We are based in the United States and our subprocessors are primarily located in the United States. If you access the Service from outside the U.S., your information will be transferred to, stored, and processed in the U.S. and other countries that may have data-protection laws different from those in your country. Where required, we rely on transfer mechanisms recognized under GDPR and UK GDPR, including the European Commission’s Standard Contractual Clauses and the UK International Data Transfer Addendum, supplemented by appropriate safeguards.

10. Cookies and similar technologies

The marketing site (referralreminders.com) uses minimal first-party storage required for the site to function. The web application (app.referralreminders.com) uses first-party cookies and local storage to keep you signed in (managed by our authentication provider, Clerk) and to remember preferences.

  • Strictly necessary: session and authentication cookies (e.g., the __session cookie set by Clerk). Required for the Service to operate.
  • Functional: local-storage entries that remember your interface preferences (such as your selected timezone or last-viewed digest).
  • Security and anti-abuse: short-lived rate-limit and CSRF tokens.

We do not use third-party advertising cookies, retargeting pixels, or cross-site tracking. Most browsers let you block or delete cookies; doing so for strictly necessary cookies will prevent you from signing in.

11. Your rights and choices

Subject to applicable law and verification of your identity, you have the following rights regarding your personal information:

  • Access: request a copy of the personal information we hold about you.
  • Correction: ask us to correct inaccurate or incomplete data.
  • Deletion: ask us to delete your personal information. You may also delete your account at any time from within the Service.
  • Portability: request a copy of your data in a structured, machine-readable format.
  • Restriction or objection: ask us to restrict or object to certain processing based on legitimate interests.
  • Withdraw consent: where processing is based on consent, withdraw that consent at any time.
  • Lodge a complaint:with your local supervisory authority. EEA users may contact their national Data Protection Authority; UK users may contact the Information Commissioner’s Office (ico.org.uk).

To exercise any of these rights, email legal@referralreminders.com. We will respond within thirty (30) days, or sooner where required by law. We will not discriminate against you for exercising your privacy rights.

11.1 California (CCPA / CPRA) rights

California residents have the right to know what personal information we have collected, to request deletion or correction of that information, to opt out of any “sale” or “sharing” of personal information for cross-context behavioral advertising, and to limit the use of sensitive personal information. We do not sell or share personal information for cross-context behavioral advertising and we do not use sensitive personal information for any purpose beyond what is reasonably necessary to provide the Service.

Categories of personal information we collect (CCPA categories): identifiers (name, email, IP, account IDs); customer-records information (billing metadata); commercial information (subscription history); internet/network activity (server logs, request data); and inferences only to the extent embedded in usage logs. We do not collect biometric, geolocation (precise), employment, education, or sensitive categories beyond account credentials managed by our authentication provider.

We retain each category only for as long as described in Section 8 and use it for the purposes described in Section 4.

You may submit a verifiable consumer request by emailing legal@referralreminders.com. You may designate an authorized agent to act on your behalf; the agent must provide proof of authority.

12. Security

We implement administrative, technical, and physical safeguards designed to protect your information, including encryption in transit (TLS), encryption at rest for production databases, principle-of-least-privilege access controls, signed webhook verification, application-level rate limiting, and continuous monitoring. No security program is perfect, however, and we cannot guarantee absolute security. If we become aware of a personal data breach affecting you, we will notify you and applicable regulators as required by law.

13. Children’s privacy

The Service is not directed to children under sixteen (16) and we do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact legal@referralreminders.com and we will delete it.

14. Third-party links and services

The Service may contain links to third-party websites or services. Their privacy practices are governed by their own policies, not this Policy. We encourage you to review them.

15. Do Not Track

We do not respond to browser “Do Not Track” signals because no industry consensus exists for how to interpret them. We do not engage in cross-site tracking.

16. Changes to this Policy

We may update this Policy from time to time. We will post the updated Policy with a new effective date and, for material changes, notify you by email or in-app notice at least seven (7) days before the change takes effect. Your continued use of the Service after the effective date constitutes acceptance of the updated Policy.

17. Contact us

For privacy questions, requests, or concerns, contact: legal@referralreminders.com. For general support, contact: support@referralreminders.com. We aim to respond within five (5) business days.

Plain-English summary

This summary is for convenience only and is not a substitute for the full Policy above. Where this summary and the full Policy differ, the full Policy controls.

  • What we collect: your name and email (via Clerk), your asks and connections, your digest schedule, and basic technical data.
  • What we don’t do: sell your data, build ad profiles, train AI on your content, scrape your contacts, or import your LinkedIn.
  • Who else sees your data: only the Connections you choose, plus a short list of service providers (auth, email, database, payments, hosting) bound to process it only on our instructions.
  • Where we store it: United States.
  • How long: while your account is active; deleted within 30 days of account deletion (backups roll off within 90 days).
  • Your rights: see your data, correct it, export it, delete it, or ask us a question — email legal@referralreminders.com.
  • Cookies: only the ones we need to keep you signed in. No ad trackers.
  • Google sign-in:we only ask for your name, email, and profile picture. We don’t touch your Gmail, Drive, Calendar, or anything else.

Last updated: April 25, 2026.