Privacy Policy

Last updated: January 2026

1. Introduction

WishMetric ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our waitlist page creation service at wishmetric.sylexify.com.

2. Information We Collect

2.1 Account Information (Project Owners)

When you create an account using Google Sign-In, we collect:

  • Name - Your display name from Google
  • Email address - Your primary Google email (used for login and notifications)
  • Profile image - Your Google profile picture URL
  • Username - Custom vanity URL for Pro users (optional)

2.2 Subscription & Payment Data

When you upgrade to Pro, we store:

  • Plan type - Free or Pro
  • Plan expiry date - When your subscription expires (null for lifetime plans)
  • Payment reference ID - Dodo Payments transaction ID (we do NOT store card details)
  • Early adopter status - Whether you claimed special pricing

Note: All payment processing is handled by Dodo Payments. We never see or store your credit card number, CVV, or full card details. Dodo Payments is PCI-DSS compliant.

2.3 Project Data

When you create a waitlist project, we store:

  • Project name and URL slug
  • Theme configuration - Colors, branding, content settings
  • SEO metadata - Title and description for search engines
  • Social links - Twitter/GitHub URLs you provide
  • View count - Anonymous page visit counter

2.4 Waitlist Submissions (Collected from Your Visitors)

When someone joins a waitlist you created, we collect:

  • Email address - Required to join the waitlist
  • Name - Optional, if provided
  • Verification status - Whether email was verified via OTP
  • Referral code - Unique code for referral tracking
  • Subscription preferences - Unsubscribe status

2.5 Temporary Security Data

For security purposes, we temporarily store:

  • OTP codes - For email verification (auto-deleted after 10 minutes)
  • OTP attempt counts - To prevent brute force attacks (reset hourly)
  • Login OTP - For passwordless authentication (auto-deleted after use)

3. How We Use Your Information

  • Service delivery - To create and manage your waitlist pages
  • Authentication - To verify your identity and secure your account
  • Communication - To send OTP codes, important updates, and support responses
  • Payment processing - To manage Pro subscriptions via Dodo Payments
  • Analytics - To count page views and show you dashboard statistics
  • Improvement - To enhance our service based on usage patterns

4. Data Storage & Security

  • All data is stored in MongoDB with encryption at rest
  • Data is transmitted over HTTPS with TLS encryption
  • Passwords are never stored (we use Google OAuth and OTP-based login)
  • Payment details are handled entirely by Dodo Payments (PCI-DSS compliant)
  • We implement rate limiting to prevent abuse

5. Third-Party Services

We use the following third-party services:

  • Google OAuth - For secure authentication (see Google Privacy Policy)
  • Dodo Payments - For payment processing (see Dodo Privacy Policy)
  • Resend - For transactional emails (OTP codes, notifications)
  • MongoDB Atlas - For database hosting
  • Vercel - For application hosting

6. Data Retention

  • Account data - Retained until you delete your account
  • Project data - Retained until you delete the project
  • Waitlist submissions - Retained until the project owner deletes them or the project
  • OTP codes - Automatically deleted after 10 minutes
  • Deleted accounts - Soft-deleted and permanently removed after 30 days

7. Your Rights

You have the right to:

  • Access - Request a copy of your personal data
  • Correction - Update incorrect information
  • Deletion - Delete your account and associated data
  • Export - Export your waitlist data (Pro feature)
  • Unsubscribe - Opt out of marketing communications

8. Cookies

We use essential cookies only for authentication (session cookies). We do not use tracking cookies or third-party analytics that track you across websites.

9. Children's Privacy

WishMetric is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

11. Contact Us

If you have questions about this Privacy Policy or want to exercise your data rights, contact us at: wishmetric@gmail.com