Referly handles your affiliate, referral, and commission data. Here's how we protect it.
- Encrypted in transit
- All traffic to Referly — the marketing site, dashboards, affiliate portals, and API — is served exclusively over HTTPS/TLS.
- Payments handled by Stripe
- Card and payout details are processed by Stripe, a PCI-DSS Level 1 certified provider. Your card numbers never touch Referly's servers or database.
- Managed, access-controlled infrastructure
- Referly runs on Vercel with data stored in a managed PostgreSQL database (Supabase). Production access is limited to the founding team.
- Session-based authentication
- Accounts are protected with industry-standard session authentication (NextAuth), and auth pages are excluded from search indexing.
- Privacy-first data handling
- We don't sell personal data. What we collect and why — including Google-connected account data for affiliate verification — is documented in our Privacy Policy.
- Data deletion on request
- Want your account and data removed? Email us and we'll process the deletion.
Questions or disclosures
Found a vulnerability, or have a security question before signing up? Email support@referly.so and we'll respond promptly. See also our Privacy Policy and Terms of Use.