Legal

Privacy Policy

thewiretap.io · Effective Date: [DATE] · Last Updated: [DATE]

Your privacy matters to us. This Privacy Policy explains what information we collect when you use Wiretap, how we use it, and what rights you have over it.

1. Who We Are

Wiretap is operated by [COMPANY NAME], a Delaware corporation (“Wiretap,” “we,” “us,” or “our”).

Contact:
[COMPANY NAME]
[ADDRESS]
[CITY, STATE, ZIP]
Email: [PRIVACY EMAIL]
Website: thewiretap.io

For GDPR purposes, [COMPANY NAME] is the data controller of personal data you provide directly to us.

2. What Data We Collect

2.1 Account Data

When you register for Wiretap, we collect: your email address; a hashed password (we never store your password in plain text; authentication is managed by Supabase Auth); and your subscription status and plan.

2.2 Customer Inputs

To operate the Service, you provide us with: competitor website URLs you want to monitor; and your Ideal Customer Profile (“ICP”), which may include preferred job titles, industries, company sizes, and optional free-text context. This information is used solely to configure and deliver your daily lead digest.

2.3 Lead Data We Deliver to You

As part of the Service, we surface publicly available professional information (“Lead Data”) and deliver it to your inbox. Lead Data may include names and job titles of individuals; company names; profile and page URLs from publicly accessible platforms and websites, such as X/Twitter, LinkedIn, Reddit, Bluesky, GitHub, YouTube, TikTok, Quora, G2, Trustpilot, and similar platforms; and other publicly available professional information.

This data relates to third parties (potential leads), not to you as our customer. See Section 6 for more on how we handle this data.

2.4 Payment Data

All payment processing is handled by Paddle.com Market Limited (“Paddle”), our Merchant of Record. We do not receive, process, or store your payment card numbers, bank details, or billing address. We do receive from Paddle: your subscription status, plan details, and transaction identifiers.

2.5 Usage and Technical Data

We may automatically collect limited technical data when you use the Service, including log data (IP address, browser type, pages visited, timestamps) and device and session information. We use this data to maintain security, troubleshoot issues, and improve the Service. We do not build advertising profiles from this data.

3. How We Use Your Data

PurposeData UsedLegal Basis (GDPR)
Creating and managing your accountAccount dataContract performance
Delivering your daily lead digestCustomer inputsContract performance
Processing your subscriptionSubscription status (via Paddle)Contract performance
Communicating with youEmail addressContract performance / Legitimate interests
Maintaining security and preventing fraudAccount data, usage dataLegitimate interests
Complying with legal obligationsAs requiredLegal obligation
Improving the ServiceAggregated, anonymized usage dataLegitimate interests

We do not sell your personal data. We do not use your data for behavioral advertising.

4. Legal Bases for Processing (GDPR)

If you are in the EU/EEA, we rely on the following legal bases under Article 6 of the GDPR:

  • Contract performance (Art. 6(1)(b)): Most processing is necessary to provide you with the Service you signed up for.
  • Legitimate interests (Art. 6(1)(f)): For security, fraud prevention, and improving the Service.
  • Legal obligation (Art. 6(1)(c)): When we are required to process data by law.
  • Consent (Art. 6(1)(a)): Where we ask for consent, you may withdraw it at any time without affecting prior processing.

5. Data Sharing and Third Parties

We share your data only as described below. We do not sell your personal data to third parties.

5.1 Paddle (Billing and Payments)

Paddle acts as our Merchant of Record and processes payment transactions on our behalf. Paddle receives your email address and subscription-related information as needed to manage billing, taxes, and receipts. Paddle operates independently under its own privacy policy.

5.2 Infrastructure Providers

We use the following infrastructure providers to operate the Service:

  • Supabase — Database and authentication (hosted on Amazon Web Services, primarily in the US). Stores your account data and Customer Inputs.
  • Vercel — Frontend hosting (CDN nodes globally).
  • Railway — Backend application hosting (US-based).

5.3 Legal Requirements

We may disclose your data if required to do so by law, regulation, court order, or governmental authority, or if we believe in good faith that disclosure is necessary to protect our rights, prevent fraud, or protect the safety of any person.

5.4 Business Transfers

If Wiretap is involved in a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on the Service before your data is transferred and becomes subject to a different privacy policy.

6. Lead Data (Third-Party Personal Information)

As part of the Service, we surface and deliver publicly available professional information about third parties (potential leads) to you.

Lawful basis for processing lead data. We process Lead Data on the basis of our legitimate interests under GDPR Art. 6(1)(f). Our legitimate interest is providing a business intelligence service that helps sales professionals identify potential customers from publicly available professional information.

How we handle lead data. Lead Data is sourced from publicly accessible platforms and websites and is delivered to customers who have configured a matching Ideal Customer Profile. Once delivered, you become an independent data controller responsible for how you use it in compliance with applicable law. We retain Lead Data only as long as needed to deliver it and maintain records of the Service we provided.

For individuals who appear in Lead Data. If you are a person whose information may appear in a Wiretap digest, you have rights over your data, including the right to object to processing and request suppression. You may contact us directly at [PRIVACY EMAIL] to request removal. We will suppress your information from future deliveries within 30 days of a verified request.

7. Data Retention

  • Account data: Retained for the duration of your subscription and for up to 90 days after account deletion.
  • Customer Inputs (ICP and competitor URLs): Retained for the duration of your subscription and deleted within 30 days of account deletion.
  • Lead Data delivered to you: Retained in our systems for up to 90 days after delivery, then deleted or anonymized.
  • Payment records: Retained as required by financial and tax law (typically 7 years), though card details are never stored by us.
  • Log data: Retained for up to 90 days for security and troubleshooting purposes.

You may request deletion of your data at any time (see Section 9).

8. Data Security

We take reasonable technical and organizational measures to protect your data against unauthorized access, loss, or disclosure. These measures include: encrypted connections (HTTPS/TLS) for all data in transit; password hashing (we never store plain-text passwords); access controls limiting who within our team can access your data; and use of reputable infrastructure providers with their own security certifications.

No system is perfectly secure. If we become aware of a data breach affecting your personal data, we will notify you as required by applicable law.

9. Your Rights

9.1 Rights for EU/EEA Users (GDPR)

If you are in the EU or EEA, you have the following rights: right of access; right to rectification; right to erasure (“right to be forgotten”); right to restriction of processing; right to data portability; right to object; right to withdraw consent; and right to lodge a complaint with your local data protection authority.

To exercise any of these rights, contact us at [PRIVACY EMAIL]. We will respond within 30 days.

9.2 Rights for California Residents (CCPA/CPRA)

If you are a California resident, you have the right to know, right to delete, right to correct, right to opt out of sale/sharing (we do not sell or share your personal information for cross-context behavioral advertising), and right to non-discrimination.

To submit a CCPA request, contact us at [PRIVACY EMAIL] or use the subject line “California Privacy Request.” We will respond within 45 days.

10. International Data Transfers

Wiretap is operated from the United States. If you are located outside the US, your data will be transferred to and processed in the US. For transfers of EU/EEA personal data to the US, we rely on appropriate safeguards including Standard Contractual Clauses (“SCCs”) where applicable.

11. Children's Privacy

Wiretap is intended solely for users who are 18 years of age or older. We do not knowingly collect personal data from anyone under 18. If we become aware that we have collected data from a minor, we will delete it promptly.

12. Cookies and Tracking

Our website and application may use essential cookies and similar technologies to maintain your session and ensure the Service functions correctly. We do not use cookies for behavioral advertising or third-party tracking. If we introduce any non-essential cookies in the future, we will update this Policy and provide appropriate consent mechanisms.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last Updated” date at the top of this page and notify you by email if the changes are material. Your continued use of the Service after any update constitutes your acceptance of the revised Policy.

14. Contact Us

For any privacy-related questions, requests, or complaints, contact us at:

[COMPANY NAME]
[ADDRESS]
[CITY, STATE, ZIP]
Email: [PRIVACY EMAIL]
Website: thewiretap.io

EU/EEA users may also contact your local supervisory authority. A list of EU data protection authorities is available at edpb.europa.eu.

This Privacy Policy was last updated on [DATE].