1. Introduction
WinWaz ("we", "our", or "us") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and share information when you use the WinWaz platform — including our website at winwaz.com, our web application, and any related services (collectively, the "Service").
This policy applies to all users of WinWaz, including business owners, sales staff, installers, and customers accessing the customer portal. By using our Service, you agree to the collection and use of information in accordance with this policy.
WinWaz is operated by TechWaz London and is intended for use by UK-based businesses. We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. Data We Collect
We collect the following categories of personal data:
Account & Identity Data When you register for WinWaz, we collect your name, email address, phone number, job title, and company name. This is necessary to create and manage your account.
Business & Customer Data As part of using the platform, you may enter data about your customers, leads, quotes, jobs, and invoices. This data is stored on your behalf and you remain the data controller for this information.
Usage & Technical Data We automatically collect information about how you use the Service, including IP addresses, browser type, device identifiers, pages visited, and actions taken within the platform. This helps us improve the Service and diagnose issues.
Payment Data If you subscribe to a paid plan, payment processing is handled by Stripe. We do not store your full card details — only a tokenised reference provided by Stripe.
Communications Data If you contact us via email or our support channels, we retain records of those communications to help resolve your queries.
3. How We Use Your Data
We use your personal data for the following purposes:
- Providing the Service — to operate, maintain, and improve the WinWaz platform and all its features. - Account management — to create and manage your account, authenticate your identity, and provide customer support. - Billing & payments — to process subscription payments and manage your billing relationship with us. - Communications — to send you important service updates, security alerts, and (where you have opted in) product news and marketing emails. - Analytics & improvement — to understand how users interact with the platform so we can improve features and fix bugs. - Legal compliance — to comply with applicable laws, regulations, and legal processes. - Security — to detect, prevent, and respond to fraud, abuse, and security incidents.
We will never sell your personal data to third parties.
4. Legal Basis for Processing
Under UK GDPR, we process your personal data on the following legal bases:
- Contract performance — processing necessary to provide the Service you have signed up for. - Legitimate interests — processing for our legitimate business interests, such as improving the platform, preventing fraud, and ensuring security, where these interests are not overridden by your rights. - Legal obligation — processing required to comply with applicable laws and regulations. - Consent — where you have given explicit consent, such as for marketing emails. You may withdraw consent at any time.
5. Data Sharing & Third Parties
We share your data only in the following circumstances:
Service Providers We use trusted third-party providers to operate the Service, including: - Supabase — database hosting and authentication (EU/UK data centres) - Stripe — payment processing - Resend / email providers — transactional email delivery
All service providers are contractually bound to process data only on our instructions and in compliance with applicable data protection law.
Legal Requirements We may disclose your data if required to do so by law, court order, or government authority, or where we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
Business Transfers In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you before your data is transferred and becomes subject to a different privacy policy.
We do not share your data with advertisers or data brokers.
6. Data Retention
We retain your personal data for as long as your account is active or as needed to provide the Service. Specifically:
- Account data is retained for the duration of your subscription plus 90 days after account closure, to allow for reactivation. - Business data (customers, quotes, invoices, jobs) is retained for 7 years after account closure to comply with UK financial record-keeping requirements. - Usage logs are retained for up to 12 months. - Support communications are retained for up to 3 years.
After the applicable retention period, data is securely deleted or anonymised.
7. Your Rights
Under UK GDPR, you have the following rights regarding your personal data:
- Right of access — you can request a copy of the personal data we hold about you. - Right to rectification — you can ask us to correct inaccurate or incomplete data. - Right to erasure — you can request deletion of your personal data in certain circumstances. - Right to restrict processing — you can ask us to limit how we use your data. - Right to data portability — you can request your data in a structured, machine-readable format. - Right to object — you can object to processing based on legitimate interests or for direct marketing. - Rights related to automated decision-making — you have the right not to be subject to solely automated decisions that significantly affect you.
To exercise any of these rights, please contact us at privacy@winwaz.com. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
9. Security
We take the security of your data seriously and implement appropriate technical and organisational measures, including:
- Encryption of data in transit (TLS 1.2+) and at rest (AES-256) - Row-level security policies on all database tables - Multi-factor authentication support - Regular security reviews and penetration testing - Access controls limiting staff access to personal data on a need-to-know basis
While we take all reasonable steps to protect your data, no system is completely secure. If you believe your account has been compromised, please contact us immediately at security@winwaz.com.
10. International Transfers
WinWaz is primarily designed for UK businesses and we store data within the UK and EU where possible. Where data is transferred outside the UK/EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or adequacy decisions, in compliance with UK GDPR Chapter V.
11. Children's Privacy
WinWaz is a business platform intended for use by adults (18+). We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by displaying a prominent notice within the platform at least 14 days before the changes take effect. The "Last Updated" date at the top of this page reflects the most recent revision.
Your continued use of the Service after changes take effect constitutes your acceptance of the updated policy.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please contact us:
Email: privacy@winwaz.com Post: WinWaz / TechWaz London, London, United Kingdom
For complaints, you may also contact the Information Commissioner's Office (ICO): Website: ico.org.uk Phone: 0303 123 1113
Have a privacy question?
Contact our privacy team at privacy@winwaz.com — we respond within 2 business days.