Waitle

Privacy Policy — Waitle

Operated by Monofact, LLC (Wyoming, USA)
Last updated: November 2025

1. Introduction

This Privacy Policy explains how Monofact, LLC (“Monofact”, “we”, “us”, “our”) collects, uses, and protects personal information when you use waitle.io, app.waitle.io, and any public pages created through the Service (“User Pages”).

By using the Service, you agree to the practices described in this Privacy Policy.

2. Scope — Who This Policy Applies To

This Policy applies to:

  • Visitors to waitle.io
  • Users who create an account at app.waitle.io
  • Visitors to User Pages (e.g., waitle.io/{slug})
  • Individuals who submit their email address through a User Page (“Subscribers”)

3. Information We Collect

3.1 Account Information

When you create an account or sign in, we collect:

  • Email address
  • Password (securely hashed)
  • OAuth identity information (Google, GitHub, and, in the future, Facebook and X/Twitter)

We do not receive or store OAuth provider passwords.

3.2 Usage Data (Anonymous)

We collect limited, anonymized usage data to understand general service performance, including:

  • pages visited
  • referrer information
  • device type
  • general region (non-precise)
  • browser type
  • aggregated events (clicks, visits)

We use a self-hosted, privacy-friendly, cookie-less analytics solution, which does not:

  • use cookies
  • track individuals
  • create advertising profiles
  • perform cross-site tracking

No personal identifiers are collected.

3.3 Technical Logs

For security, diagnostics, and abuse prevention, our systems temporarily log:

  • IP address
  • user agent
  • request metadata
  • firewall and rate-limiting events (via Cloudflare)

Cloudflare retains logs according to their own policies.
Our application server retains logs for approximately 7–30 days.

3.4 Subscriber Data

When a visitor enters their email into a User Page form, we collect:

  • email address
  • timestamp
  • the User Page/project the subscriber joined

Important:
For Subscriber email data:

  • The User (Account Owner) is the data controller.
  • Waitle acts only as a data processor on behalf of the User.
  • We do not send emails to Subscribers.
  • We do not use Subscriber data for our own purposes.
  • Subscriber data is stored only to allow Users to manage and export it.

3.5 Communications

We may send Users (not Subscribers):

  • account-related emails
  • password reset emails
  • security notifications
  • service updates and product changes
  • administrative notices

Subscribers do not receive any email from Waitle unless explicitly stated otherwise in the future.

4. How We Use Information

We use information to:

  • provide and operate the Service
  • authenticate Users
  • host and publish User Pages
  • store Subscriber emails on behalf of Users
  • maintain security and prevent abuse
  • generate aggregated, non-personal analytics
  • communicate service updates
  • comply with legal obligations

We do not sell, rent, or monetize personal data.

5. Legal Basis for Processing (GDPR)

We rely on the following legal bases under the GDPR:

Contract

To provide account functionality and page publishing tools.

Legitimate Interest

For security, performance monitoring, anonymous analytics, and ensuring service integrity.

Subscribers provide consent when entering their email on a User Page.

6. User Pages & Subscriber Responsibility

6.1 User Responsibility

Users (Account Owners) are fully responsible for:

  • how they collect Subscriber email addresses
  • how they store, use, or export Subscriber data
  • complying with email, marketing, and privacy laws (GDPR, CAN-SPAM, etc.)
  • any communication they send to their Subscribers

Waitle does not monitor or control User-to-Subscriber communication.

6.2 Waitle’s Role

Waitle:

  • stores Subscriber data only on behalf of the User
  • provides export functionality
  • does not determine the purpose or means of processing Subscriber data
  • does not send Subscriber emails
  • does not share, resell, or use Subscriber data for any purpose

7. Third-Party Services

We rely on third-party providers to deliver key parts of the Service:

Infrastructure & Security

Cloudflare — CDN, DDoS protection, routing, firewall
(Privacy Policy: https://www.cloudflare.com/privacypolicy/)

Email Delivery

Resend — used only for system emails sent to Users

Authentication

OAuth providers such as Google and GitHub (and soon Facebook and X/Twitter)
(We do not store OAuth passwords.)

Analytics

Self-hosted, privacy-friendly, cookie-less analytics solution
(no data sent to third-party analytics vendors)

Hosting

Servers are hosted on Hetzner, located in the European Union (Germany).
Traffic may route through Cloudflare’s global network for performance and security.

We do not permit third parties to use Waitle data for advertising or profiling.

8. Cookies & Tracking

Waitle does not use:

  • advertising cookies
  • marketing cookies
  • third-party tracking cookies
  • fingerprinting technologies
  • cross-site tracking

We may use minimal, essential cookies for:

  • authentication
  • session management
  • user preferences

Analytics is entirely cookie-less.

9. Data Retention

  • Account data: retained until the User deletes their account
  • Subscriber data: retained until the User deletes it or their account
  • Server logs: retained for approximately 7–30 days
  • Anonymous analytics: aggregated with no personal retention period
  • Legal/security records: retained only when required by law

10. Data Sharing

We do not sell or rent personal data.

We may share limited data only with:

  • service providers required to operate the platform
  • infrastructure and security providers (e.g., Cloudflare)
  • legal authorities if required by law

We minimize data sharing to the smallest necessary scope.

11. Data Security

We implement industry-standard security measures, including:

  • HTTPS encryption
  • Cloudflare security and DDoS protection
  • restricted system access
  • encrypted passwords
  • secure hosting environments
  • access and error logging

No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

12. International Data Transfers

Personal data may be processed in the United States or the European Union.
Cloudflare may route traffic globally via its edge network.

We use approved safeguards (such as Standard Contractual Clauses) where required by law.

13. Your Rights (GDPR)

Under GDPR, you may request:

  • access to your personal data
  • correction of inaccurate data
  • deletion of your data
  • portability (export)
  • restriction or objection to processing
  • withdrawal of consent (for Subscribers)
  • filing a complaint with a supervisory authority

Users may contact us at legal@waitle.io for GDPR-related requests.

Subscribers must contact the User (Account Owner) who collected their email.

14. Children

Waitle is not intended for children under the age of 16.
We do not knowingly collect personal data from minors.
If we become aware of such data, we will delete it promptly.

15. Changes to This Policy

We may update this Privacy Policy periodically.
Material changes may be communicated via email or through the Service.

Continued use of the Service constitutes acceptance of the updated Policy.

16. Contact

For privacy inquiries or data requests, please contact:
legal@waitle.io