Legal
thewiretap.io · Effective Date: [DATE] · Last Updated: [DATE]
Your privacy matters to us. This Privacy Policy explains what information we collect when you use Wiretap, how we use it, and what rights you have over it.
Wiretap is operated by [COMPANY NAME], a Delaware corporation (“Wiretap,” “we,” “us,” or “our”).
Contact:
[COMPANY NAME]
[ADDRESS]
[CITY, STATE, ZIP]
Email: [PRIVACY EMAIL]
Website: thewiretap.io
For GDPR purposes, [COMPANY NAME] is the data controller of personal data you provide directly to us.
When you register for Wiretap, we collect: your email address; a hashed password (we never store your password in plain text; authentication is managed by Supabase Auth); and your subscription status and plan.
To operate the Service, you provide us with: competitor website URLs you want to monitor; and your Ideal Customer Profile (“ICP”), which may include preferred job titles, industries, company sizes, and optional free-text context. This information is used solely to configure and deliver your daily lead digest.
As part of the Service, we surface publicly available professional information (“Lead Data”) and deliver it to your inbox. Lead Data may include names and job titles of individuals; company names; profile and page URLs from publicly accessible platforms and websites, such as X/Twitter, LinkedIn, Reddit, Bluesky, GitHub, YouTube, TikTok, Quora, G2, Trustpilot, and similar platforms; and other publicly available professional information.
This data relates to third parties (potential leads), not to you as our customer. See Section 6 for more on how we handle this data.
All payment processing is handled by Paddle.com Market Limited (“Paddle”), our Merchant of Record. We do not receive, process, or store your payment card numbers, bank details, or billing address. We do receive from Paddle: your subscription status, plan details, and transaction identifiers.
We may automatically collect limited technical data when you use the Service, including log data (IP address, browser type, pages visited, timestamps) and device and session information. We use this data to maintain security, troubleshoot issues, and improve the Service. We do not build advertising profiles from this data.
| Purpose | Data Used | Legal Basis (GDPR) |
|---|---|---|
| Creating and managing your account | Account data | Contract performance |
| Delivering your daily lead digest | Customer inputs | Contract performance |
| Processing your subscription | Subscription status (via Paddle) | Contract performance |
| Communicating with you | Email address | Contract performance / Legitimate interests |
| Maintaining security and preventing fraud | Account data, usage data | Legitimate interests |
| Complying with legal obligations | As required | Legal obligation |
| Improving the Service | Aggregated, anonymized usage data | Legitimate interests |
We do not sell your personal data. We do not use your data for behavioral advertising.
If you are in the EU/EEA, we rely on the following legal bases under Article 6 of the GDPR:
We share your data only as described below. We do not sell your personal data to third parties.
Paddle acts as our Merchant of Record and processes payment transactions on our behalf. Paddle receives your email address and subscription-related information as needed to manage billing, taxes, and receipts. Paddle operates independently under its own privacy policy.
We use the following infrastructure providers to operate the Service:
We may disclose your data if required to do so by law, regulation, court order, or governmental authority, or if we believe in good faith that disclosure is necessary to protect our rights, prevent fraud, or protect the safety of any person.
If Wiretap is involved in a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on the Service before your data is transferred and becomes subject to a different privacy policy.
As part of the Service, we surface and deliver publicly available professional information about third parties (potential leads) to you.
Lawful basis for processing lead data. We process Lead Data on the basis of our legitimate interests under GDPR Art. 6(1)(f). Our legitimate interest is providing a business intelligence service that helps sales professionals identify potential customers from publicly available professional information.
How we handle lead data. Lead Data is sourced from publicly accessible platforms and websites and is delivered to customers who have configured a matching Ideal Customer Profile. Once delivered, you become an independent data controller responsible for how you use it in compliance with applicable law. We retain Lead Data only as long as needed to deliver it and maintain records of the Service we provided.
For individuals who appear in Lead Data. If you are a person whose information may appear in a Wiretap digest, you have rights over your data, including the right to object to processing and request suppression. You may contact us directly at [PRIVACY EMAIL] to request removal. We will suppress your information from future deliveries within 30 days of a verified request.
You may request deletion of your data at any time (see Section 9).
We take reasonable technical and organizational measures to protect your data against unauthorized access, loss, or disclosure. These measures include: encrypted connections (HTTPS/TLS) for all data in transit; password hashing (we never store plain-text passwords); access controls limiting who within our team can access your data; and use of reputable infrastructure providers with their own security certifications.
No system is perfectly secure. If we become aware of a data breach affecting your personal data, we will notify you as required by applicable law.
If you are in the EU or EEA, you have the following rights: right of access; right to rectification; right to erasure (“right to be forgotten”); right to restriction of processing; right to data portability; right to object; right to withdraw consent; and right to lodge a complaint with your local data protection authority.
To exercise any of these rights, contact us at [PRIVACY EMAIL]. We will respond within 30 days.
If you are a California resident, you have the right to know, right to delete, right to correct, right to opt out of sale/sharing (we do not sell or share your personal information for cross-context behavioral advertising), and right to non-discrimination.
To submit a CCPA request, contact us at [PRIVACY EMAIL] or use the subject line “California Privacy Request.” We will respond within 45 days.
Wiretap is operated from the United States. If you are located outside the US, your data will be transferred to and processed in the US. For transfers of EU/EEA personal data to the US, we rely on appropriate safeguards including Standard Contractual Clauses (“SCCs”) where applicable.
Wiretap is intended solely for users who are 18 years of age or older. We do not knowingly collect personal data from anyone under 18. If we become aware that we have collected data from a minor, we will delete it promptly.
Our website and application may use essential cookies and similar technologies to maintain your session and ensure the Service functions correctly. We do not use cookies for behavioral advertising or third-party tracking. If we introduce any non-essential cookies in the future, we will update this Policy and provide appropriate consent mechanisms.
We may update this Privacy Policy from time to time. When we do, we will revise the “Last Updated” date at the top of this page and notify you by email if the changes are material. Your continued use of the Service after any update constitutes your acceptance of the revised Policy.
For any privacy-related questions, requests, or complaints, contact us at:
[COMPANY NAME]
[ADDRESS]
[CITY, STATE, ZIP]
Email: [PRIVACY EMAIL]
Website: thewiretap.io
EU/EEA users may also contact your local supervisory authority. A list of EU data protection authorities is available at edpb.europa.eu.
This Privacy Policy was last updated on [DATE].