Waitle

Privacy Policy — Waitle

Operated by Monofact, LLC (Wyoming, USA)
Last updated: February 23, 2025

1. Introduction

This Privacy Policy explains how Monofact, LLC (“Monofact”, “we”, “us”, “our”) collects, uses, and protects personal information when you use waitle.io, app.waitle.io, and any public pages created through the Service (“User Pages”).

By using the Service, you agree to the practices described in this Privacy Policy.

2. Scope — Who This Policy Applies To

This Policy applies to:

  • Visitors to waitle.io
  • Users who create an account at app.waitle.io
  • Visitors to User Pages (e.g., waitle.io/{slug})
  • Individuals who submit their email address through a User Page (“Subscribers”)

3. Information We Collect

3.1 Account Information

When you create an account or sign in, we collect:

  • Email address
  • Password (securely hashed)
  • OAuth identity information (Google, GitHub, and, in the future, Facebook and X/Twitter)

We do not receive or store OAuth provider passwords.

3.2 Usage Data (Anonymous)

We collect limited, anonymized usage data to understand general service performance, including:

  • pages visited
  • referrer information
  • device type
  • general region (non-precise)
  • browser type
  • aggregated events (clicks, visits)

We use a self-hosted, privacy-friendly, cookie-less analytics solution, which does not:

  • use cookies
  • track individuals
  • create advertising profiles
  • perform cross-site tracking

No personal identifiers are collected.

3.2.1 Corporate Site Analytics & Advertising

On our corporate website (waitle.io, including /privacy and /tos), we use Google Analytics and Google Ads to measure site traffic and advertising performance. This may involve:

  • cookies and similar technologies
  • collection of data for ad personalization and remarketing (when you consent)
  • sharing of data with Google for advertising purposes

We only activate these tools after you have given your consent via our cookie banner. You can withdraw consent at any time. For more information on how Google uses this data, see Google's Business Data Responsibility.

3.3 Technical Logs

For security, diagnostics, and abuse prevention, our systems temporarily log:

  • IP address
  • user agent
  • request metadata
  • firewall and rate-limiting events (via Cloudflare)

Cloudflare retains logs according to their own policies.
Our application server retains logs for approximately 7–30 days.

3.4 Subscriber Data

When a visitor enters their email into a User Page form, we collect:

  • email address
  • timestamp
  • the User Page/project the subscriber joined

Important:
For Subscriber email data:

  • The User (Account Owner) is the data controller.
  • Waitle acts only as a data processor on behalf of the User.
  • We do not send emails to Subscribers.
  • We do not use Subscriber data for our own purposes.
  • Subscriber data is stored only to allow Users to manage and export it.

3.5 Communications

We may send Users (not Subscribers):

  • account-related emails
  • password reset emails
  • security notifications
  • service updates and product changes
  • administrative notices

Subscribers do not receive any email from Waitle unless explicitly stated otherwise in the future.

4. How We Use Information

We use information to:

  • provide and operate the Service
  • authenticate Users
  • host and publish User Pages
  • store Subscriber emails on behalf of Users
  • maintain security and prevent abuse
  • generate aggregated, non-personal analytics
  • communicate service updates
  • comply with legal obligations

We do not sell, rent, or monetize personal data.

5. Legal Basis for Processing (GDPR)

Where the General Data Protection Regulation (GDPR) applies, we rely on the following legal bases for processing personal data:

Contract

We process personal data as necessary to perform our contract with Users, including:

  • creating and managing accounts
  • authenticating Users
  • hosting and publishing User Pages
  • storing Subscriber email data on behalf of Users
  • providing export and dashboard functionality
  • delivering account-related communications

Without this processing, we cannot provide the Service.

Legitimate Interest

We process certain data based on our legitimate interests in operating, securing, and improving the Service, including:

  • maintaining platform security
  • preventing abuse and fraud
  • logging technical events for diagnostics
  • ensuring infrastructure stability
  • generating aggregated, non-personal analytics through our self-hosted, cookie-less analytics solution

We carefully balance our legitimate interests against the rights and freedoms of individuals.

We rely on consent where required by law, including for:

  • Subscribers who voluntarily enter their email address on a User Page
  • optional analytics tools
  • Google Analytics and Google Ads on the corporate website (waitle.io)
  • advertising cookies, ad personalization, and remarketing (where enabled)

Google Analytics and Google Ads are activated only after explicit user consent through our cookie banner.

You may withdraw your consent at any time by adjusting cookie preferences.

6. User Pages & Subscriber Responsibility

6.1 User Responsibility

Users (Account Owners) are fully responsible for:

  • how they collect Subscriber email addresses
  • how they store, use, or export Subscriber data
  • complying with email, marketing, and privacy laws (GDPR, CAN-SPAM, etc.)
  • any communication they send to their Subscribers

Waitle does not monitor or control User-to-Subscriber communication.

6.2 Waitle’s Role

Waitle:

  • stores Subscriber data only on behalf of the User
  • provides export functionality
  • does not determine the purpose or means of processing Subscriber data
  • does not send Subscriber emails
  • does not share, resell, or use Subscriber data for any purpose

7. Third-Party Services

We rely on third-party providers to deliver key parts of the Service:

Infrastructure & Security

Cloudflare — CDN, DDoS protection, routing, firewall
(Privacy Policy: https://www.cloudflare.com/privacypolicy/)

Email Delivery

Resend — used only for system emails sent to Users

Authentication

OAuth providers such as Google and GitHub (and soon Facebook and X/Twitter)
(We do not store OAuth passwords.)

Analytics

Self-hosted, privacy-friendly, cookie-less analytics solution
(no data sent to third-party analytics vendors)

Corporate Site: Google Analytics & Google Ads

On waitle.io (corporate pages only), we use Google Analytics and Google Ads for traffic measurement and advertising. These services may collect data for ad personalization when you consent.
For more information: Google's Business Data Responsibility

Hosting

Servers are hosted on Hetzner, located in the European Union (Germany).
Traffic may route through Cloudflare’s global network for performance and security.

We do not permit third parties to use User Page or Subscriber data for advertising or profiling.

8. Cookies & Tracking

Waitle does not use:

  • fingerprinting technologies
  • cross-site tracking

Exception — Corporate Site: On our corporate website (waitle.io), we use Google Analytics and Google Ads cookies for traffic measurement and, when you consent, for ad personalization and remarketing. These cookies are only set after you accept them via our cookie banner.

We may use minimal, essential cookies for:

  • authentication
  • session management
  • user preferences

Analytics on User Pages is entirely cookie-less and does not involve Google Analytics or advertising technologies.

9. Data Retention

  • Account data: retained until the User deletes their account
  • Subscriber data: retained until the User deletes it or their account
  • Server logs: retained for approximately 7–30 days
  • Anonymous analytics: aggregated with no personal retention period
  • Legal/security records: retained only when required by law
  • Corporate site analytics data (Google): retained according to Google’s data retention settings and policies.

10. Data Sharing

We do not sell or rent personal data.

We may share limited data only with:

  • service providers required to operate the platform
  • infrastructure and security providers (e.g., Cloudflare)
  • legal authorities if required by law

We minimize data sharing to the smallest necessary scope.

11. Data Security

We implement industry-standard security measures, including:

  • HTTPS encryption
  • Cloudflare security and DDoS protection
  • restricted system access
  • encrypted passwords
  • secure hosting environments
  • access and error logging

No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

12. International Data Transfers

Personal data may be processed in the United States or the European Union.
Cloudflare may route traffic globally via its edge network.

We use approved safeguards (such as Standard Contractual Clauses) where required by law.

13. Your Rights (GDPR)

Under GDPR, you may request:

  • access to your personal data
  • correction of inaccurate data
  • deletion of your data
  • portability (export)
  • restriction or objection to processing
  • withdrawal of consent (for Subscribers and for optional cookies/analytics)
  • filing a complaint with a supervisory authority

Users may contact us at legal@waitle.io for GDPR-related requests.

Subscribers must contact the User (Account Owner) who collected their email.

14. Children

Waitle is not intended for children under the age of 16.
We do not knowingly collect personal data from minors.
If we become aware of such data, we will delete it promptly.

15. Changes to This Policy

We may update this Privacy Policy periodically.
Material changes may be communicated via email or through the Service.

Continued use of the Service constitutes acceptance of the updated Policy.

16. Contact

For privacy inquiries or data requests, please contact:
legal@waitle.io