Legal

Privacy Policy

How Visulry collects, uses, discloses, and safeguards information related to visitors, account holders, and advertisers.

Overview

This Privacy Policy applies to Visulry and the services at visulry.com. It describes what we collect, how it is used, the parties to whom it may be disclosed, the methods used for those disclosures, and the security practices we use to protect it.

Visulry is operated by Aurdal ENK, based in Norway. This page should be read together with our Terms of Service. For a privacy question or request, use our contact page or email contact@visulry.com.

Effective Date

April 24, 2026

Operator

Aurdal ENK

Business Location

Norway

Privacy Email

contact@visulry.com

Information We Collect

Account and contact details

Email address, display name, and optional avatar URL when you sign up or log in using a magic link.

Advertising order details

Advertiser name, advertiser email, uploaded banner image, destination link URL, product slug, and Stripe session, customer, and payment references. Full card numbers and CVC values are handled by Stripe, not stored by Visulry.

Product activity

Upvote history on products, session activity such as sign-in events, and the pages you request from Visulry.

Session, device, and usage signals

JWT session cookie contents (HTTP-only), user-agent strings from server logs, and rate-limit data used to protect login and API endpoints.

Analytics signals (Google Analytics 4)

Page views, referrer, user-agent, approximate geolocation (country/region), device type, and a Google Analytics client ID stored in a first-party _ga cookie. This is used to understand aggregate traffic, not to contact you personally.

How We Use Information

  • Create accounts, verify email ownership, and keep you signed in.
  • Process advertising orders, issue receipts, process Stripe refunds, and manage the review lifecycle of each placement.
  • Deliver transactional emails such as magic links, ad approval notices, ad rejection notices (with the human-written reason), and refund notices.
  • Operate product features including upvotes, browsing history on your own account, and the admin review flow for ad placements.
  • Prevent abuse, enforce rate limits, investigate suspicious activity, and maintain security logs and audit trails.
  • Measure product usage such as ad impressions and first-party page events related to ad performance.
  • Respond to support, compliance, or legal requests.

Disclosure Recipients and Methods

We do not need every provider to receive every data type. When disclosure happens, it is limited to the information reasonably needed for the specific service or legal purpose.

Stripe

Information Disclosed

Advertiser email, order context, customer and session identifiers, invoice and billing details.

Method of Disclosure

Hosted Checkout and billing API, plus webhook exchanges between Visulry and Stripe.

Why

To collect payment, issue refunds, and produce receipts.

Resend

Information Disclosed

Email address and the transactional email content needed to send magic links, ad approval, rejection, and refund notices.

Method of Disclosure

Server-to-server API calls from Visulry to the email delivery provider.

Why

To deliver account and advertising emails.

Cloudflare R2

Information Disclosed

Uploaded banner ad images submitted by advertisers, plus the image keys Visulry assigns.

Method of Disclosure

Server-to-server S3-compatible API calls from Visulry to R2.

Why

To host advertiser-supplied creative while a placement is active.

MongoDB Atlas (managed database)

Information Disclosed

Operational records including accounts, ad orders, upvotes, products, salaries, and articles.

Method of Disclosure

Encrypted connections from the Visulry server to the managed database provider.

Why

To persist the data required to operate the product.

Google Analytics (Google LLC)

Information Disclosed

Page URL and title, referrer, user-agent, approximate geolocation, device type, and the Google Analytics client ID stored in the _ga cookie.

Method of Disclosure

The gtag.js tag loads from googletagmanager.com in the browser and sends page-view and event hits directly to Google. No personal account identifiers are sent by Visulry.

Why

To understand aggregate product usage and measure marketing reach.

Authorities, courts, and advisers

Information Disclosed

Information required to comply with law, enforce rights, investigate fraud, or respond to valid legal process.

Method of Disclosure

Direct legal disclosures or secure document sharing when legally required.

Why

Compliance, dispute handling, and security response.

Stripe's own processing of payment information is governed by Stripe's Privacy Policy.

Cookies and Similar Technology

session

HTTP-only JWT cookie

Keeps signed-in users authenticated. In production it is set with secure and same-site protections.

_ga, _ga_*

First-party analytics cookies (Google Analytics 4)

Distinguish browsers for aggregate usage measurement. Set by the gtag.js tag loaded in every page.

If you block essential cookies, login persistence may stop working correctly.

Security Practices

  • Session tokens are signed HMAC-SHA256 JWTs and delivered as HTTP-only cookies. In production they are same-site and marked secure.
  • Google Analytics is configured without sending account identifiers, and the analytics cookie is first-party.
  • Magic-link tokens are single-use and expire after a short validity window.
  • Login and AI-sensitive endpoints are rate-limited to reduce abuse.
  • Payments are handled through Stripe-hosted Checkout over HTTPS, and Visulry does not store full card numbers or CVC values.
  • Admin tools and admin API endpoints are role-restricted; higher-risk ad-review actions are recorded in server logs.
  • Banner images uploaded by advertisers are stored in Cloudflare R2 and deleted when the placement is rejected, expires, or is manually removed.

Retention and Control

  • Magic-link tokens expire after a short validity window and are single-use.
  • Session cookies expire automatically; signing out removes them from your browser.
  • Account, ad order, invoice, and audit records may be retained as needed for operations, tax and accounting obligations, fraud prevention, and dispute handling.
  • If you ask us to delete your account, we may retain limited records required to comply with law or defend against abuse or chargebacks.

To request access, correction, or deletion, contact us through the contact page.

Frequently Asked Questions

Do you store my payment card number?

No. Stripe handles payment details and card storage. Visulry stores only the billing metadata Stripe returns, such as session, customer, and payment references.

Do you sell personal information?

No. Visulry earns revenue from one-time advertising placements, not from selling or renting personal information.

Do you use third-party AI vendors with my data?

No. Today Visulry does not expose user-facing AI features that send your personal data to third-party model providers. If that changes, this page will be updated.

How can I opt out of Google Analytics?

You can block the gtag.js script with a browser extension or privacy-focused browser, block first-party analytics cookies, or install the Google Analytics opt-out add-on. Visulry does not rely on Google Analytics data to deliver core product functionality.

How do I request deletion?

Contact us through the contact page and we will remove personal data we are not required to keep for legal, accounting, or dispute-handling reasons.