Privacy Policy

Waitframe ("Waitframe", "we", "us", or "our") is a platform that helps startup founders validate product ideas through launch pages, waitlists, and analytics. This Privacy Policy explains what personal information we collect, how we use it, and the choices you have.

By using the Waitframe platform — including our website at waitframe.ai, the Waitframe Studio page builder, and all related services (collectively, "Services") — you agree to the collection and use of your information as described in this policy.

Information you provide directly:

• Account information — name and email address when you register; Google profile information if you use Google sign-in
• User content — text, images, and design data you create in Waitframe Studio, including launch page content and settings
• AI generation inputs — prompts, idea descriptions, and conversations you submit to our AI chat feature
• Communications — messages you send to our support team

Information collected automatically:

• Usage data — pages visited, features used, actions performed within the builder, session duration
• Device and browser data — browser type, operating system, device type, screen resolution, language preference
• Log data — IP address, request timestamps, referrer URLs, and error information
• Analytics on your published pages — we collect visit counts, referrer sources, and signup events on launch pages you publish using our Services. We do not use cookies on your visitors; we rely on server-side request data only.

Information from your waitlists:

• Email addresses and names submitted by visitors through waitlist forms on your published launch pages. This data is stored on your behalf and is accessible only to you through your workspace dashboard.

We use the information we collect to:

• Provide, operate, and improve the Services
• Authenticate your identity and manage your account
• Process AI generation requests using your prompts
• Generate analytics reports for your launch pages
• Store and serve your published launch pages to visitors
• Send transactional emails (account confirmation, password reset, important updates)
• Respond to support requests
• Monitor for abuse, fraud, and security threats
• Comply with legal obligations

We do not sell your personal information. We do not use your User Content to train AI models. We do not send marketing emails without your consent.

We share your information only in the following circumstances:

• Service providers — we share necessary data with trusted third-party vendors who help us operate the Services (see Section 5). These providers are contractually bound to handle data only as instructed.
• Legal requirements — we may disclose information if required by law, court order, or government authority, or to protect the rights, property, or safety of Waitframe, our users, or the public.
• Business transfers — if Waitframe is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information is transferred and becomes subject to a different privacy policy.
• With your consent — we will share your information with third parties when you explicitly authorize us to do so.

We use the following third-party services to operate our platform. Each service processes personal data under its own privacy policy and applicable data protection agreements:

We retain your account data and User Content for as long as your account is active. If you delete your account, we will delete your personal information and User Content from our active systems within 30 days. Anonymized, aggregated analytics data may be retained indefinitely.

Waitlist subscriber email addresses you collect through your launch pages are retained until you delete them from your dashboard or close your account. You are responsible for managing the data of your own waitlist subscribers in accordance with applicable privacy laws.

Some data may be retained longer where required by law (e.g., financial records, legal hold obligations).

We implement industry-standard technical and organizational security measures to protect your information, including encrypted connections (HTTPS/TLS), hashed password storage, and access controls. However, no method of transmission over the internet or electronic storage is 100% secure.

We do not store payment card data — all payment processing is handled by our payment provider, LemonSqueezy, under their own PCI DSS compliance.

If you become aware of a security vulnerability or incident involving Waitframe, please disclose it responsibly to isroiljonrustamov25@gmail.com.

Depending on your location, you may have the following rights regarding your personal data. To exercise any right, email us at isroiljonrustamov25@gmail.com.

• Access — request a copy of the personal data we hold about you
• Correction — request that we correct inaccurate or incomplete data
• Deletion — request deletion of your account and personal data (subject to legal retention obligations)
• Portability — request an export of your data in a machine-readable format
• Objection — object to our processing of your data for certain purposes
• Opt-out of marketing — unsubscribe from any marketing emails using the link in the email footer

We will respond to rights requests within 30 days. If you are in the EEA or UK and are unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority.

We use a minimal set of cookies and similar technologies on the Waitframe platform:

• Strictly necessary cookies — authentication session tokens required for you to log in and use the workspace
• Preference cookies — your UI preferences such as dark/light mode

We do not use third-party advertising or behavioral tracking cookies. Analytics for your published launch pages are performed server-side without placing cookies on your visitors' browsers.

Your browser settings allow you to control cookies. Disabling strictly necessary cookies will prevent you from logging in.

The Services are not directed to children under the age of 16. We do not knowingly collect personal information from children under 16. If we learn that we have collected information from a child under 16 without verifiable parental consent, we will delete that information promptly.

If you believe we have inadvertently collected information about a child under 16, please contact us at isroiljonrustamov25@gmail.com.

Waitframe is based in the United States. If you access our Services from outside the United States, your information may be transferred to and processed in the United States or other countries where our service providers operate.

For users in the European Economic Area (EEA), United Kingdom, or Switzerland, we rely on standard contractual clauses approved by the European Commission as the legal mechanism for transferring personal data to countries outside these regions.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by posting a notice in the Services at least 14 days before the changes take effect. We encourage you to review this policy periodically.

Your continued use of the Services after the effective date of changes constitutes your acceptance of the revised Privacy Policy.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our privacy team: