waitsetwaitset

Privacy Policy

Last updated: 11/3/2025

This Privacy Policy explains how waitset ("we", "us", or "our") collects, uses, and protects your information when you use our Services.

1. About Us

waitset is currently operated by individuals and does not yet have a registered legal entity. You can reach us via our contact page or by email at waitset [at] harvide [dot] com.

2. Information We Collect

  • Account Data: email, password (hashed), name, and optional profile data. Email verification is required for email/password logins. We may also collect data from OAuth providers (e.g., GitHub).
  • Usage and Analytics: events and device information via PostHog; a browser fingerprint from FingerprintJS to improve fraud detection and analytics. If fingerprinting is blocked, we create a first‑party anonymous identifier.
  • Hosted Page Interactions: page views, UTM/referrer parameters, and referrals associated with hosted pages.
  • Signup Data: information submitted by your visitors via your hosted pages or embedded forms (e.g., email and optional fields).
  • Billing: subscription and payment metadata processed by our billing providers (we do not store full payment card details).
  • Communications: emails we send for verification, sign‑in, password reset, and automated post‑signup follow‑ups via Resend.

3. How We Use Information

  • Provide, secure, and maintain the Services.
  • Authenticate users and prevent abuse.
  • Host customizable waitlist pages and process signups.
  • Analyze performance, referral sources, and improve product features.
  • Send transactional and follow‑up communications as configured.
  • Comply with legal obligations.

4. Legal Bases

Where applicable (e.g., EU/UK), we process data based on consent, contract necessity, legitimate interests (product improvement, security, fraud prevention), and legal obligations.

5. Sharing

We share data with service providers who help us operate the Services: Convex (backend infrastructure), Resend (email), PostHog (analytics), FingerprintJS (device identification), and Autumn and its payment partners (subscriptions/billing). We require them to protect your data and use it only for our instructions.

6. Data Retention

We retain personal data for as long as necessary to provide the Services and for legitimate business purposes. You may request deletion of your account and associated data subject to legal holds.

7. International Transfers

Your data may be processed in countries other than your own. Where applicable, we use appropriate safeguards for international transfers.

8. Your Rights

Depending on your location, you may have rights to access, correct, delete, or port your data, object to or restrict processing, and withdraw consent. To exercise these rights, contact us.

9. Security

We take reasonable and appropriate measures to protect your information. No method of transmission or storage is 100% secure.

10. Children

For EU compliance, we do not knowingly process data of users under 16 without appropriate consent. Elsewhere, the minimum age is 13 or as required by local law.

11. Marketing

We do not send marketing emails at this time. If this changes, we will provide clear opt‑out mechanisms in each message and update this policy.

12. Changes

We may update this Policy. We will post changes on this page with an updated date and, where appropriate, provide additional notice.

13. Contact

Questions? Use our contact page or email us at waitset [at] harvide [dot] com.

14. Additional Disclosures

  • Cookies/Local Storage: We use first‑party storage for preferences and anonymous identifiers when fingerprinting is unavailable.
  • Referrals/UTM: We process UTM and referral parameters to attribute traffic sources.
  • Emails: Automated post‑signup emails include an initial message upon signup and follow‑ups starting 1 hour later, up to 7 days after signup.