Legal
Privacy Policy
Effective date: 12 June 2026
1. Introduction
Vyre ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains what personal information we collect, how we use it, who we share it with, and the choices you have. It applies to all users of the Vyre platform, including account holders and visitors to public profile pages.
This policy is written in accordance with the Data Protection and Privacy Act, 2019 (Uganda) and international privacy best practices.
2. Information We Collect
2.1 Information You Provide Directly
- Account data: Name, email address, phone number, and password (stored as a cryptographic hash — we never store plain-text passwords).
- Profile data: Display name, job title, company, bio, profile photo, logo, WhatsApp number, MoMo/Airtel Money numbers, website URL, social media handles, custom links, product/service listings, gallery images, and testimonials. This information is publicly visible if your profile is published.
- Card design data: Design choices, selected templates, colour preferences, and uploaded artwork for NFC card printing.
- Order & shipping data: Name, phone number, delivery address, and city provided when placing a physical card order.
- Payment data: For subscription upgrade requests, we collect your Airtel Money sender name and phone number. We do not collect or store card numbers, bank account numbers, or transaction PINs.
- Communications: Any messages you send to us via email or the in-app contact form.
2.2 Information Collected Automatically
- Profile view analytics: When someone visits your public profile page, we record the approximate device type (mobile/desktop/tablet), referrer URL, approximate country (derived from IP address), and timestamp. IP addresses are processed to derive country and are not stored in identifiable form.
- Tile tap events: When visitors interact with links on your profile (social media icons, product tiles, contact buttons, payment buttons), we record the interaction type and timestamp as anonymised aggregate data.
- User agent strings: Browser/device strings used solely for device type classification.
- Session cookies: A secure HTTP-only cookie is set when you log in to maintain your authenticated session. See Section 8 for details.
2.3 Information We Do Not Collect
We do not collect:
- Payment card details, bank account numbers, or transaction PINs.
- Mobile Money transaction IDs (we ask only for sender name and phone).
- Precise GPS location of any user.
- Biometric data of any kind.
3. How We Use Your Information
- Providing the Services: Rendering your public portfolio page, generating QR codes and vCards, enabling contact CTAs, and fulfilling physical card orders.
- Account management: Creating and maintaining your account, authentication, password resets, and subscription management.
- Analytics dashboard: Aggregating your profile view and tap data to display in your personal analytics dashboard (available on Pro and Business plans).
- Payment verification: Matching submitted payment details (sender name + phone) against Airtel Money transactions to verify and activate subscriptions.
- Order fulfilment: Using your shipping details to deliver physical NFC products.
- Platform improvement: Aggregated, anonymised analytics to understand how the platform is used and improve our Services.
- Legal compliance: Complying with our obligations under Ugandan law, including the Data Protection and Privacy Act 2019.
- AI features: When you use the bio generator or AI suggestions, your input (name, title, keywords) is sent to the Google Gemini API to generate a response. See Section 5 for details.
4. Legal Basis for Processing
Under Uganda's Data Protection and Privacy Act 2019, we process your personal data on the following lawful bases:
- Contract performance: Processing necessary to provide the Services you have signed up for (e.g., hosting your profile, fulfilling orders).
- Legitimate interests: Fraud prevention, platform security, and aggregated analytics to improve the Services.
- Legal obligation: Compliance with applicable Ugandan law.
- Consent: AI feature inputs and any optional marketing communications (you may withdraw consent at any time).
5. Third-Party Services & Data Sharing
5.1 Google Gemini (AI)
When you use AI-powered features, your inputs (name, job title, keywords you enter) are transmitted to the Google Gemini API for processing. Google processes this data in accordance with their Gemini API Terms and Privacy Policy. We recommend you do not enter sensitive personal information into AI prompts.
5.2 WhatsApp
Clicking a WhatsApp contact button on a profile page opens WhatsApp (owned by Meta) with a pre-filled message. Any conversation that follows is subject to Meta's privacy policy. We do not receive or store the content of WhatsApp messages.
5.3 Airtel Money
Payment transactions are conducted directly on the Airtel Money platform. We do not have access to your Airtel Money account, PIN, or transaction history. We only receive the sender name and phone number that you voluntarily submit in the upgrade request form.
5.4 No Sale of Data
We do not sell, rent, or trade your personal information to any third party for marketing purposes, under any circumstances.
5.5 Legal Disclosures
We may disclose your personal data if required to do so by law, court order, or legitimate request by a government authority in Uganda with jurisdiction over us.
6. Data Retention
- Account data: Retained while your account is active and for up to 90 days after deletion, to allow for account recovery or dispute resolution, then permanently deleted.
- Profile analytics: Retained for 24 months on a rolling basis, then purged. Aggregated (non-identifiable) statistics may be retained indefinitely.
- Order data: Retained for 5 years after the order date for accounting and legal compliance purposes.
- Upgrade request data: Retained for 12 months after the request is resolved.
- Deleted accounts: You may request immediate deletion of your account and associated data at any time (see Section 7 below).
7. Your Rights
Under the Data Protection and Privacy Act 2019 (Uganda), you have the following rights regarding your personal data:
- Right of access: Request a copy of the personal data we hold about you.
- Right to rectification: Request correction of inaccurate or incomplete data. You can update most profile data directly in your dashboard.
- Right to erasure: Request deletion of your account and associated personal data (subject to legal retention obligations for order data).
- Right to restrict processing: In limited circumstances, request that we restrict how we use your data.
- Right to data portability: Request a structured, machine-readable export of your profile and analytics data.
- Right to object: Object to processing based on legitimate interests.
To exercise any of these rights, email us at bahatlimitho@gmail.com with the subject line "Privacy Request". We will respond within 30 days. We may ask you to verify your identity before processing your request.
9. Data Security
We implement the following security measures to protect your data:
- Passwords are stored as bcrypt hashes — never in plain text.
- Session tokens are stored in HTTP-only, secure cookies — inaccessible to JavaScript.
- CSRF protection on all state-modifying API endpoints via origin verification.
- Rate limiting on authentication and sensitive endpoints to prevent brute-force attacks.
- File upload validation to prevent malicious file execution.
- HTTPS enforced across all platform endpoints.
Despite our best efforts, no internet-based system is completely secure. We cannot guarantee absolute security and encourage you to use a strong, unique password for your Vyre account.
10. Children's Privacy
The Services are not directed at children under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at bahatlimitho@gmail.com and we will promptly delete that information.
11. Public Nature of Profile Pages
Your Vyre profile page is publicly accessible when published. This means:
- Anyone with your URL or NFC card can view your profile without logging in.
- Search engines may index your profile page and display it in search results.
- We generate an Open Graph (OG) preview image using your profile data, which may appear in social media link previews when your profile URL is shared.
You can unpublish your profile at any time from your dashboard. Unpublishing immediately redirects your profile URL to a "coming soon" page. Note that cached versions of your page may remain accessible via search engine caches for a period of time after unpublishing.
12. Changes to This Policy
We may update this Privacy Policy as our Services evolve or as required by law. When we make material changes, we will update the "Effective date" and notify registered users via in-app notification. Your continued use of the Services after changes constitutes acceptance of the updated policy.
13. Contact & Complaints
For privacy-related questions, requests, or complaints:
Vyre — Privacy
Kampala, Uganda
Email: bahatlimitho@gmail.com
If you are unsatisfied with our response, you have the right to lodge a complaint with Uganda's Personal Data Protection Office (PDPO), which operates under the Uganda Registration Services Bureau (URSB).
© 2026 Vyre. All rights reserved.