Privacy Policy

This Privacy Policy describes how Vine Street Ventures LLC (“we,” “us,” “our”) collects, uses, stores, and protects your personal information when you use BetterFriend (“Service”). By using the Service, you agree to the collection and use of information as described in this policy.

1. Information We Collect

1.1 Information You Provide

Account information: When you create an account, we collect your name, email address, and authentication credentials. If you sign in with Google, we receive your name, email address, and profile photo from Google.

Return address: To send postcards on your behalf, we collect your mailing address (street address, city, state, and ZIP code). This address is printed as the return address on every postcard you send.

Contact information: You provide us with personal information about your friends and family, including their names, birthdays (month, day, and optionally year), mailing addresses, and any tags or notes you choose to add. We collect this information solely to operate the Service on your behalf.

Postcard content: We collect the personal messages you write for postcards and any custom image generation prompts you provide.

Payment information: Payment is processed by Stripe, Inc. We do not directly collect or store your credit card number, expiration date, or CVV. Stripe collects and stores this information in accordance with PCI-DSS standards. We receive and store your Stripe customer ID and limited payment metadata (last four digits of your card, card brand, and billing history).

1.2 Information Collected Automatically

Usage data: We collect information about how you interact with the Service, including pages visited, features used, actions taken (such as cards sent, contacts added, decisions made), timestamps, and session duration.

Device and browser data: We collect your IP address, browser type and version, operating system, device type, and screen resolution.

Timezone and locale: We detect your timezone to schedule email digests at appropriate times.

1.3 Information from Third Parties

Google (Firebase Authentication): If you sign in with Google, we receive your name, email address, and profile photo.

Stripe: We receive payment status updates, subscription status, and invoice history from Stripe via webhooks.

Lob: We receive postcard delivery tracking updates (mailed, in transit, delivered, returned) from Lob via webhooks. We also receive address verification results when you save a mailing address.

1.4 Google Account Data (optional connection)

If you choose to connect your Google account, we may access the following data depending on which permissions you grant. Each permission is requested only when you use the relevant feature, and you can approve or deny each one individually.

Google Contacts: Names, birthdays, and mailing addresses of your contacts, to populate your BetterFriend contact list. We access this data through the Google People API using the contacts.readonly scope. We only read your contacts - we never modify your Google Contacts.

Google Calendar: Calendar events containing birthday information, to identify birthdays not listed in your Google Contacts. Many users track birthdays as recurring calendar events. We filter server-side to only process birthday-related events and discard all non-birthday data without storing it. We use the calendar.events.readonly scope. We only read events - we never create, modify, or delete calendar data.

Google Photos: Only the specific photos you select through the Google Photos picker. We do not access your full Google Photos library, albums, or metadata beyond what you explicitly select. Selected photos are used solely as cover art for your postcards. We use the photospicker.mediaitems.readonly scope.

How Google data is stored: All Google account data is stored on Google Cloud Platform (us-central1 region) with AES-256 encryption at rest and TLS encryption in transit. Google OAuth refresh tokens are encrypted at the application layer before storage.

Disconnecting: You can disconnect your Google account at any time from Settings, which revokes our access and deletes stored tokens. You can also revoke access directly at myaccount.google.com/permissions.

Google API Services User Data Policy:BetterFriend's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

2. How We Use Your Information

We use the information we collect to:

• Operate the Service, including creating and mailing postcards, sending email digests, and managing your contacts and card history
• Process payments and manage your subscription
• Verify and standardize mailing addresses to improve delivery accuracy
• Generate AI artwork for postcard covers based on your prompts and your contacts' location data
• Send you transactional emails (digest reminders, send confirmations, delivery updates, billing receipts)
• Track delivery status of postcards you send
• Administer the referral program and apply referral rewards
• Detect and prevent fraud, abuse, and violations of our Terms of Service
• Improve the Service based on usage patterns and feedback
• Respond to your support requests

We do not use your information, or the information of your contacts, for advertising, profiling, or sale to third parties.

3. Information Sharing

We share personal information only in the following circumstances:

3.1 Third-Party Service Providers

We share information with third-party providers who help us operate the Service:

Lob, Inc. - We share recipient names, mailing addresses, your return address, and postcard content (message text and cover art images) with Lob for the purpose of printing and mailing postcards. Lob also receives addresses for verification purposes.

Stripe, Inc. - We share your email address and billing information with Stripe for payment processing.

Firebase (Google Cloud) - We use Firebase for authentication. Google receives your authentication credentials and basic profile information.

SendGrid (Twilio) - We share your email address with SendGrid to deliver transactional emails (digest reminders, confirmations).

AI image generation provider- We share text prompts (which may include your contacts' city and state) with our image generation provider to create postcard cover art. No names, addresses, or other personally identifiable information is shared with the image generation provider.

Google APIs (Contacts, Calendar, Photos) - If you connect your Google account, we access your data through Google APIs as described in Section 1.4. We do not share your Google data with any third parties other than Lob (for printing postcards you authorize). We do not sell, transfer, or use Google user data for advertising, profiling, or any purpose other than operating the Service on your behalf.

Google Cloud Platform - Our infrastructure, including database and file storage, runs on Google Cloud Platform.

3.2 Legal Requirements

We may disclose your information if required to do so by law, subpoena, court order, or government request, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, the safety of others, investigate fraud, or respond to a legal request.

3.3 Business Transfers

If Vine Street Ventures LLC is acquired, merges with another company, or sells substantially all of its assets, your information may be transferred as part of that transaction. We will notify you via email before your information becomes subject to a different privacy policy.

3.4 With Your Consent

We may share your information in other ways if you give us explicit consent to do so.

We do not sell, rent, or trade your personal information or your contacts' personal information to any third party for marketing, advertising, or any other purpose.

4. Information About Your Contacts

BetterFriend collects and stores personal information about people who are not users of the Service - specifically, the friends and family members whose names, birthdays, and mailing addresses you provide. We recognize the sensitivity of this information and handle it with particular care.

How we use contact information:We use your contacts' information solely to operate the Service on your behalf - to remind you of their upcoming birthdays, to print and mail postcards to them, and to verify their mailing addresses for delivery accuracy. We use their city and state (but not their name or full address) to generate relevant AI artwork for postcard covers.

How we do not use contact information: We do not contact your friends or family directly for any marketing or promotional purpose. We do not build profiles of non-users. We do not share contact information with any third party except Lob for the purpose of printing and mailing postcards that you have explicitly authorized.

Contact data deletion: If you delete a contact from BetterFriend, we delete their personal information from our active database. Recipient address snapshots on previously sent cards are retained as part of your card history. If you delete your entire account, all contact information is deleted.

Requests from non-users: If a person who is not a BetterFriend user contacts us and requests that we delete their personal information from our system, we will make reasonable efforts to identify and remove their information from all user accounts where it appears, and notify the affected users.

5. Data Storage and Security

Where data is stored: Your data is stored on Google Cloud Platform servers in the United States (us-central1 region).

Database encryption: Our database (Cloud SQL PostgreSQL) encrypts all data at rest using AES-256 encryption, managed by Google Cloud.

Data in transit: All data transmitted between your browser, our servers, and third-party providers is encrypted using TLS 1.2 or higher.

Access controls: Access to production databases and infrastructure is restricted to authorized personnel using multi-factor authentication. Third-party service provider access is limited to the minimum data necessary to perform their function.

Payment security: We do not store credit card numbers or sensitive payment credentials. All payment processing is handled by Stripe, which is PCI-DSS Level 1 certified.

Retention: We retain your account data for as long as your account is active. After account deletion, we remove your data from our active systems within 30 days, except where retention is required by law (such as billing records, which may be retained for up to 7 years for tax and accounting purposes). Backup copies may persist for up to 90 days before being automatically purged.

While we implement commercially reasonable security measures, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security of your data.

6. Your Rights and Choices

6.1 Access and Export

You may access your personal information at any time through the Service. You may export all of your data (contacts, card history, account settings) in machine-readable format (JSON) through the Account section of your settings.

6.2 Correction

You may update or correct your personal information at any time through the Service.

6.3 Deletion

You may delete individual contacts at any time. You may delete your entire account through the Account section of your settings. Account deletion removes all personal information, contact information, card history, and associated data, subject to the retention requirements described in Section 5. Account deletion includes a 24-hour grace period during which you may cancel the deletion by logging back in.

6.4 Email Preferences

You may disable weekly digest emails through your preferences without deleting your account. Transactional emails (payment receipts, send confirmations, security notifications) cannot be disabled while your account is active, as they are necessary for the operation of the Service.

6.5 Data Portability

You may request a copy of your data at any time via the data export feature in your account settings.

7. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Right to know: You may request a description of the categories and specific pieces of personal information we have collected about you in the past 12 months, the sources of that information, the business purposes for collection, and the categories of third parties with whom we share it.

Right to delete: You may request that we delete the personal information we have collected about you, subject to certain exceptions permitted by law.

Right to non-discrimination: We will not discriminate against you for exercising your CCPA rights.

No sale of personal information: We do not sell personal information as defined by the CCPA. We have not sold personal information in the preceding 12 months.

To exercise your CCPA rights, contact us at our contact page.

8. Children's Privacy

The Service is not directed at children under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe a child under 18 has provided us with personal information, please contact us at our contact page.

9. Cookies and Tracking

BetterFriend uses a minimal set of cookies and similar technologies:

Authentication cookies: Used to keep you logged in to your account. These are essential for the Service to function and cannot be disabled.

Preference cookies: Used to remember your settings (such as timezone and display preferences).

We do not use advertising cookies, tracking pixels, or third-party analytics services that track you across other websites. We do not participate in ad networks or behavioral advertising.

We collect basic usage analytics (page views, feature usage, session duration) through server-side logging, not through client-side tracking scripts.

10. Third-Party Links

Postcards sent through the Service may include a QR code linking to the BetterFriend website. The BetterFriend website may contain links to third-party websites. We are not responsible for the privacy practices of third-party websites.

11. International Users

The Service is currently available only within the United States. If you access the Service from outside the United States, be aware that your information will be transferred to, stored, and processed in the United States. By using the Service, you consent to this transfer.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email at least 30 days before the changes take effect. Your continued use of the Service after the effective date constitutes your acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy, want to exercise your privacy rights, or have concerns about how your data is handled, please contact us at:

Vine Street Ventures LLC
our contact page
Indianapolis, Indiana

For general support inquiries, contact our contact page.