Legal
Privacy Policy
Effective date: May 2, 2026
1. Who we are
Currly (“we”, “our”, “us”) operates currly.ai — an AI-powered tool discovery platform. If you have questions about this policy, email us at founders@currly.ai.
2. Data we collect
Account data
When you sign up, we store your email address and any profile information you provide (name, avatar) via Supabase Auth. This data is required to provide the service.
Saved tools
Tools you save are stored in our database and associated with your account so we can show them to you across sessions.
Search events (anonymous)
We log search queries and timestamps to improve search relevance and understand popular use-cases. These records are not linked to your user account — they are anonymous. Retained for 90 days, then automatically deleted.
Tool click events (anonymous)
When you visit a tool's detail page, we record the click anonymously to surface popular tools. Retained for 90 days.
API usage (authenticated)
When you use AI-generated summaries, we log your user ID, the endpoint called, and a timestamp for rate-limiting and abuse prevention. Retained for 30 days.
Analytics (with consent)
With your consent, we use PostHog to capture page views and in-app events. No personal data is sent to PostHog beyond anonymous session identifiers. You can withdraw consent at any time from your profile settings.
3. How we use your data
- Authenticate you and maintain your account
- Show you tools you've saved across devices
- Improve search ranking and surface popular tools
- Enforce rate limits on AI features to prevent abuse
- Understand aggregate usage patterns (analytics, with consent)
- Comply with legal obligations
We do not sell your data. We do not use your data for advertising. We do not build personal profiles for marketing.
4. Third-party processors
We share data with the following processors only to the extent necessary to provide the service:
| Processor | Purpose | Data shared |
|---|---|---|
| Supabase | Database and authentication hosting | All stored data (see §2) |
| OpenAI | Semantic search (query embeddings) and AI summaries | Search queries; tool data for summaries |
| Vercel | Application hosting and edge delivery | Request metadata (IP, headers) for routing |
| PostHog | Product analytics (consent required) | Page views, anonymous event data |
OpenAI's API processes search queries to generate vector embeddings. Per OpenAI's API usage policy, data submitted via API is not used to train models (as of March 2023).
5. Data retention
| Data type | Retention period |
|---|---|
| Account and profile data | Until account deletion |
| Saved tools | Until removed by user or account deletion |
| Anonymous search events | 90 days (auto-deleted) |
| Anonymous click events | 90 days (auto-deleted) |
| API usage logs | 30 days (auto-deleted) |
6. Your rights
Depending on your jurisdiction (including EEA, UK, and California), you may have the right to access, correct, export, or delete your personal data. We support these rights directly:
- Export: Download a copy of your account data from your Profile page.
- Delete: Delete your account (and all associated data) from your Profile page.
- Analytics opt-out: Withdraw PostHog analytics consent at any time from Profile settings.
- Correct: Update your profile information via your account settings.
For requests we cannot automate, email founders@currly.ai. We respond within 30 days.
7. Cookies and tracking
We use session cookies set by Supabase Auth to keep you logged in. These are strictly necessary and cannot be declined without preventing login.
We use PostHog for product analytics only with your explicit consent. If you decline, no analytics cookies or tracking pixels are loaded.
8. Security
All data is encrypted in transit (TLS) and at rest. Access to the database is controlled via Supabase Row Level Security (RLS). Admin access requires authentication and is limited to specific authorized accounts. We follow responsible disclosure principles — if you discover a security issue, please email us.
9. Changes to this policy
We will update this policy as our practices change. Material changes will be communicated by updating the effective date and, for significant changes, by email. Continued use after changes constitutes acceptance.
10. Contact
For any privacy questions or data requests: founders@currly.ai