Legal
Privacy Policy
Effective: April 23, 2026
This Privacy Policy describes how Referist LLC ("we," "us," or "our") collects, uses, and shares your personal information when you use our website and services ("Services"). By using our Services, you agree to the collection and use of information in accordance with this policy.
1. Information We Collect
We collect information you provide directly, such as when you apply for membership, create a profile, or interact with our platform:
- Personal Identifiers: Name, email address, phone number, and location (e.g., city/state).
- Professional Information: Industry, business details, bio, ideal client descriptions, and goals.
- Payment Information: Billing details processed securely via third-party providers (such as Stripe). We do not store full card information.
- Communications Data: Direct messages between members, group posts, and broadcast messages sent through the platform.
- Usage Data: IP address, browser type, pages visited, and platform interactions (e.g., messages, referrals, badges earned, challenges completed).
- Other: Feedback, testimonials, or information shared during interviews or communications with our team. Introductory calls scheduled through our calendar integration may be recorded where disclosed to you in advance.
2. How We Use Your Information
We use your information to provide and improve our Services, including:
- Processing applications, conducting interviews, and matching you into curated referral circles (8–15 members, one per industry, local focus).
- Facilitating platform features like member profiles, messaging, one-on-one scheduling, referral tracking, and badges.
- Sending notifications about group launches, waitlist status, monthly meeting suggestions, new challenges, and platform updates.
- Processing subscription payments and managing refundable deposits ($10, refundable upon request if no group launches within 90 days).
- Analyzing usage patterns, both individual and aggregate, to improve the platform and prevent abuse.
- Complying with legal obligations or responding to lawful requests from authorities.
3. Sharing Your Information
We do not sell your personal information. We may share it with:
- Circle Members: Limited profile information (e.g., name, profession, city) is shared with members of your assigned local referral circle and, if applicable, your National Peer Forum group.
- Service Providers: Trusted third parties that help us operate our Services, including Stripe (payment processing), Resend (transactional email delivery), Supabase (database and authentication), Vercel (hosting), Google Analytics (usage analytics), and Calendly (meeting scheduling). These providers are contractually bound to protect your data.
- Advertising Measurement: We use the Meta (Facebook) Pixel and Google Analytics on our public marketing pages to measure the effectiveness of our own marketing. This may involve limited sharing of standard web event data (such as page visits or form submissions) with these platforms for the purpose of measuring Referist's marketing performance. We do not use this data for cross-context behavioral advertising. Under the California Consumer Privacy Act ("CCPA"), this sharing may be considered "sharing" for cross-context behavioral advertising purposes. You may opt out by emailing hello@referist.io or by using available browser-based privacy controls.
- Legal Requirements: We may disclose information if required by law, subpoena, or to protect the rights and safety of Referist LLC, our members, or others.
Note on National Peer Forum: If you participate in a Forum group, limited professional information may be shared with non-competing peers in other geographic markets. This is limited to your name, profession, and general location.
4. Platform Access and Message Monitoring
Direct messages and other content shared through the Referist platform are delivered and stored using our systems. We want members to understand the following:
- Circle Moderators: Circle moderators have visibility into group messages, broadcasts, and direct messages in which they are a participant. Private direct messages between two other members are not routinely visible to moderators.
- Referist LLC. Referist LLC reserves the right to access, review, and retain the content of any message or platform data — including direct messages between members — for purposes including enforcing our Terms, investigating complaints, responding to member reports, investigating suspected abuse or violations, ensuring platform safety and security, complying with legal obligations, and responding to lawful requests from authorities. Access is limited to authorized personnel.
- Extended Access. Where reasonably necessary for the purposes above, Referist may grant temporary access to additional individuals such as investigators, counsel, or moderators handling a specific incident.
Members should not have an expectation that content shared on the platform is private from Referist. Members should treat the platform accordingly and should not share highly sensitive personal information through messaging that they would not want Referist to have the ability to access.
5. Data Retention
We retain your personal information for as long as your account is active. After account closure or deletion, we retain your personal information for up to seven (7) years for legitimate business purposes, including maintaining accurate business records, resolving disputes, enforcing agreements, defending against legal claims, and complying with tax, accounting, and other legal obligations. After this retention period, we anonymize or delete your personal data, except where longer retention is required by applicable law.
Aggregated or anonymized data that cannot be used to identify you may be retained indefinitely for analytics and business improvement purposes.
If you would like to request deletion of your data, please contact us at hello@referist.io. We will respond within 30 days. Note that we may retain certain information as required by law or for legitimate business interests even following a deletion request.
6. Data Security
We implement reasonable technical and organizational security measures to protect your information from unauthorized access, disclosure, or misuse. Sensitive data is encrypted in transit and at rest. Access is limited to authorized personnel with a legitimate business need. However, no system is 100% secure, and we cannot guarantee absolute security.
7. Data Breach Notification
If a data breach affecting your personal information occurs, we will notify you without undue delay and within the timeframe required by applicable law. Our notification will include, to the extent known, the nature of the breach, the categories of personal information affected, the likely consequences, and the steps we are taking to address the breach and mitigate harm.
8. Your Rights
Depending on your location, you may have certain rights regarding your personal information:
- Access & Correction: You may request a copy of your data or ask us to correct inaccuracies.
- Deletion: You may request deletion of your personal data, subject to our retention policy above.
- Opt-Out: You may opt out of non-essential marketing communications at any time.
- CCPA (California Residents): We do not sell personal data. As described in Section 3, we may "share" limited web event data with advertising platforms for the purpose of measuring our own marketing; you may opt out by contacting us.
- GDPR (EU/UK Residents): You have additional rights including data portability, the right to restrict processing, the right to object to processing, and the right to lodge a complaint with your local supervisory authority. Contact us to exercise these rights.
- Automated Decisions: We do not use automated decision-making (including profiling) to make legally significant decisions about you without human review.
To exercise any of these rights, contact us at hello@referist.io. We will respond within 30 days, or the timeframe required by applicable law, whichever is shorter.
9. Cookies and Tracking
We use cookies for essential functions (such as session management and authentication) and analytics (such as understanding which pages are most visited). You can manage or disable cookies through your browser settings, though some features may not function correctly if cookies are disabled.
Do Not Track: Our Services do not currently respond to Do Not Track browser signals. We treat all visitors the same regardless of DNT status, consistent with the practices described in this Policy.
10. Children's Privacy
Our Services are intended for business professionals 18 years of age and older. We do not knowingly collect personal information from individuals under 13 (in compliance with the Children's Online Privacy Protection Act) or from any individual under 18. If we learn we have inadvertently collected personal information from a person under 18, we will delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will post the revised policy on this page with an updated effective date. For material changes (such as changes affecting how we share your data or our data retention practices), we will also provide reasonable advance notice by email to the address on your account. Continued use of our Services after changes are posted constitutes your acceptance of the updated policy.
12. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please reach out: