At ovely (“we,” “our,” or “us”), we are committed to protecting your privacy. ovely is operated as a global sole proprietorship. This comprehensive Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform at ovely.me and any related services, in strict adherence to global data protection regulations, including the European Union's General Data Protection Regulation (GDPR).
1Information We Collect
1.1 Account Information
When you create an account, we collect your name, email address, phone number (including WhatsApp number), business name, and password credentials.
1.2 Store Data
We collect information you provide to build your storefront, including product listings, images, pricing, descriptions, categories, business hours, social media links, and custom domain configurations.
1.3 Customer & Order Data
When customers interact with your storefront, we may collect order details, booking requests, lead capture form submissions (name, phone, email), and WhatsApp message routing metadata.
1.4 Analytics & Usage Data
We automatically collect usage information such as page views, device type, browser information, IP address, referring URLs, and interaction patterns to improve our services.
2How We Use Your Information
- To create, maintain, and operate your storefront
- To process orders and route WhatsApp checkout messages
- To manage booking engine appointments and schedules
- To provide CRM features including lead capture and contact management
- To send transactional notifications and service updates
- To analyze usage patterns and improve platform performance
- To provide customer support and respond to inquiries
- To enforce our Terms of Service and prevent abuse
3Data Sharing & Third Parties
3.1 WhatsApp / Meta Integration
Our platform routes checkout messages through WhatsApp (operated by Meta Platforms, Inc.). When a customer completes an order, their message content and your WhatsApp number are shared with Meta’s infrastructure. We do not control Meta’s data practices — please review their privacy policy separately.
3.2 Hosting & Infrastructure
We use third-party hosting providers (including Supabase and Vercel) to store and serve your data securely. These providers adhere to industry-standard security practices.
3.3 No Sale of Data
We do not sell, rent, or trade your personal information or your customers’ data to any third parties for marketing purposes.
4Cookies & Tracking
We use essential cookies to maintain your login session and preferences. We may also use analytics cookies (such as Google Analytics) to understand aggregate usage patterns. You can control cookie preferences through your browser settings. Disabling cookies may affect certain platform features.
5Data Retention
We retain your account data for as long as your account is active. If you delete your account, we will remove your personal data within 30 days, except where retention is required by law. Order and transaction logs may be retained for up to 24 months for audit and compliance purposes.
6Your Rights (Including GDPR)
Depending on your jurisdiction, and specifically under the GDPR for users in the EU/EEA, you have comprehensive rights regarding your personal data:
- Right to Access: Request a copy of the personal data we hold about you.
- Right to Rectification: Request corrections to inaccurate or incomplete data.
- Right to Erasure (Right to be Forgotten): Request deletion of your personal data (subject to legal requirements).
- Right to Data Portability: Request your data in a structured, commonly used, and machine-readable format.
- Right to Object: Object to our processing of your personal data based on legitimate interests or direct marketing.
- Right to Restrict Processing: Request that we limit the processing of your data.
- Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.
To exercise any of these rights, or if you wish to lodge a complaint with a supervisory authority, please contact us at support@ovely.me.
7Children's Privacy
Our platform is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 16, we will take steps to delete that information promptly.
8Security
We implement industry-standard security measures including encryption in transit (TLS/SSL), encryption at rest, role-based access controls, and regular security audits. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.
9Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the “Last updated” date. Your continued use of ovely after changes constitutes acceptance of the updated policy.
10Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us: