Privacy Policy

Effective date: January 31, 2026

1. Introduction

WaitlistWin ("we", "our", or "us") is operated by DaSecure Solutions LLC, San Francisco, CA. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use the WaitlistWin platform (waitlistwin.com) and related services (collectively, the "Service").

2. Information We Collect

Account Information

When you create an account, we collect your name, email address, and password (stored securely via Supabase Auth with bcrypt hashing).

Waitlist Data

We store the waitlists you create, including their configuration, custom domains, branding, and settings. This data is necessary to provide the Service.

Signup Data

When people sign up for your waitlists, we collect and store the data they submit (typically email address and any custom fields you configure). You are the data controller for this information; we act as a data processor on your behalf.

Payment Information

Payment details are collected and processed directly by Stripe. We do not store your full credit card number on our servers. We receive only a summary (last four digits, card brand, expiration) for display in your account dashboard.

Usage & Analytics Data

We collect information about how you and your waitlist visitors interact with the Service, including IP address, browser type, pages visited, referral sources, and feature usage, to provide analytics and improve the Service.

3. How We Use Your Information

  • To provide and maintain the Service, including hosting your waitlist pages
  • To process and display signups on your dashboard
  • To provide analytics about your waitlist performance
  • To authenticate your account and protect your data
  • To process payments and manage your subscription
  • To communicate with you about your account or the Service
  • To detect and prevent fraud, abuse, and security threats
  • To improve the Service based on usage patterns

4. Data Storage & Security

Your data is stored securely using Supabase (hosted on AWS). All data is encrypted in transit via TLS/SSL. Passwords are hashed using bcrypt. We implement row-level security policies to ensure users can only access their own data. Signup data is isolated per waitlist and per account.

5. Third-Party Services

We use the following third-party services:

  • Supabase — Database, authentication, and storage
  • Stripe — Payment processing
  • Vercel — Web hosting and edge functions

Each third-party service is governed by its own privacy policy. We encourage you to review their policies.

6. Cookies

We use essential cookies to maintain your session and authenticate your account. We may also use analytics cookies to understand how the Service is used. Waitlist pages hosted through the Service may use cookies for tracking referral sources and preventing duplicate signups. You can manage cookie preferences through your browser settings.

7. Data Sharing

We do not sell your personal information. We share data only with the third-party service providers listed above, as necessary to provide the Service. We may disclose information if required by law, regulation, or legal process.

8. Data Retention

We retain your data for as long as your account is active. You may export your signup data at any time via CSV export. You may delete your account and all associated data by contacting us. Upon account deletion, we will remove your personal data within 30 days, except where retention is required by law.

9. Your Rights

You have the right to:

  • Access your personal data
  • Correct inaccurate personal data
  • Delete your account and all associated data
  • Export your signup data in a portable format (CSV)
  • Opt out of marketing communications
  • Object to data processing where applicable

10. CCPA & GDPR

California Residents (CCPA): You have the right to know what personal information we collect, request deletion of your data, and opt out of the sale of personal information. We do not sell your personal information.

EEA Residents (GDPR): You have the right to access, rectify, erase, restrict processing, and port your data. Our lawful basis for processing is contract performance and legitimate interest. For signup data collected through your waitlists, you are the data controller and we act as a data processor. To exercise any of these rights, contact us at support@waitlistwin.com.

11. Children's Privacy

The Service is not intended for children under 13. We do not knowingly collect information from children under 13. If we become aware that we have collected data from a child under 13, we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the effective date. Continued use of the Service after changes constitutes acceptance.

13. Contact Us

If you have questions about this Privacy Policy, contact us at support@waitlistwin.com

© 2026 DaSecure Solutions LLC. All rights reserved.