Privacy Policy

Last Updated: February 3, 2026
Version: 2.1
Effective Date: February 3, 2026

1. Introduction

waitlist.ph (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains our approach to data collection and processing in our queue management system.

Key Point: waitlist.ph is designed as a privacy-first system. We collect ZERO personal data. We do not collect phone numbers, email addresses, names, or any other personally identifiable information.

2. Information We Collect

2.1 Queue Customers (Public Users)

When you join a queue as a customer, we collect ZERO personal data:

  • Anonymous Queue Tokens: 8-digit codes used for queue management
  • Queue Position: Your position in the queue
  • Timestamps: When you joined and were served
  • Location ID: The business location where you joined the queue
  • Browser Push Subscription (Optional): Anonymous browser notification endpoint

2.1.1 QR Code Scan Analytics (Zero PII)

To improve the enrollment experience, we collect completely anonymous analytics when you scan a QR code:

What we collect:

  • Location ID: Which business location you scanned (business only, not you)
  • Token Validity: Whether the QR token was valid or expired (true/false only)
  • Conversion Status: Whether you successfully joined the queue
  • Time to Join: How long the enrollment process took (to measure form friction)

What we DO NOT collect:

  • IP Address: Not stored, not hashed, not logged
  • Browser/Device Information: No user agent collected
  • Referrer: Not collected
  • Any Personal Information: Zero PII whatsoever

Privacy protections:

  • Raw scan data automatically deleted after 7 days
  • Only aggregated statistics kept for 30-day analytics window
  • Cannot identify or track individual users
  • Data used solely to identify where users have trouble joining queues

2.2 Business Users (Management Console)

When you create a business account to manage queues, we collect:

  • Email Address: Used for authentication (magic link login) and account recovery
  • User ID (UUID): Randomly generated identifier that references your account
  • Authentication Timestamps: When you log in and out
  • Business Information: Business name, location details (only what you provide)
  • IP Address: Encrypted with rotating hash, only logged for suspicious activity, auto-deleted after 24 hours

Legal Basis for Email Processing: Contract (GDPR Article 6.1.b) - Your email is necessary to provide authentication services and fulfill our service agreement.

2.3 What We DO NOT Collect

  • Phone numbers
  • Names or government IDs (from queue customers)
  • Passwords (we use passwordless authentication)
  • Precise geolocation data
  • Biometric data
  • Browsing history or cookies for tracking
  • Payment card details (processed by third-party payment processors only)

3. How We Use Information

3.1 Queue Customer Data

We use the anonymous queue tokens and timestamps solely for:

  • Managing queue positions and calling customers
  • Sending optional browser push notifications when it's your turn
  • Generating aggregated, anonymous analytics (total customers per day, average wait time)
  • Improving our service quality

3.2 Business User Email Data

We use your email address exclusively for:

  • Authentication: Sending magic link login emails (passwordless authentication)
  • Account Recovery: Allowing you to regain access to your account
  • Service Communications: Critical system notifications (e.g., security alerts, account status changes)
  • Pseudonymization: Your email is stored in Supabase's auth.users table and referenced via UUID in our database

We will NEVER:

  • Sell your email to third parties
  • Send marketing emails without explicit opt-in consent
  • Share your email with advertisers
  • Use your email for purposes beyond authentication and essential service communications

4. Data Retention

4.1 Queue Customer Data (Anonymous Tokens)

  • Active Queue: Data retained until you are served (typically < 4 hours)
  • After Service: Queue entry data expires automatically after 24 hours
  • Analytics: Only aggregated, non-identifiable statistics retained indefinitely
  • QR Scan Data: Raw scan records deleted after 7 days; daily aggregates kept for 30 days

4.2 Business User Email Data

  • Active Accounts: Email stored as long as your account is active
  • Inactive Accounts: Accounts inactive for 24 months will receive deletion notice
  • Deleted Accounts: Email permanently deleted within 30 days of account deletion request
  • IP Hashes (Security): Automatically deleted after 24 hours (GDPR storage limitation)
  • Authentication Logs: Login timestamps retained for 90 days for security auditing

4.3 Backup Retention

Database backups containing emails are retained for 30 days for disaster recovery. After 30 days, backups are permanently deleted. When you delete your account, your email is removed from production immediately but may persist in backups for up to 30 days.

5. Data Sharing and Sub-Processors

We do not sell, trade, or share your data with third parties for marketing purposes.

5.1 Queue Customer Data

Since we collect no personal data from queue customers, there is nothing to share.

5.2 Business User Email Data - Sub-Processors

Your email is processed by the following GDPR-compliant sub-processors:

Sub-ProcessorPurposeData LocationGDPR Compliance
SupabaseAuthentication & DatabaseSingapore (Asia Pacific)✅ DPA Available
DigitalOceanApplication HostingSingapore✅ DPA Available

All sub-processors have signed Data Processing Agreements (DPA) compliant with GDPR Article 28. International data transfers use Standard Contractual Clauses (SCCs) approved by the European Commission.

6. Your Rights (GDPR & Philippines DPA)

6.1 Queue Customer Rights

Since we collect zero personal data from queue customers, most data subject rights are not applicable. The system is designed to exceed privacy requirements by not collecting personal information in the first place.

  • Right to Erasure: All queue data is automatically deleted within 24 hours
  • Right to Object: You can leave the queue at any time

6.2 Business User Rights (GDPR Articles 15-22)

As a business user with an email-based account, you have the following rights:

  • Right to Access (Article 15): Request a copy of all personal data we hold about you
    → Visit your account settings or email [email protected]
  • Right to Rectification (Article 16): Update your email address at any time
    → Update via account settings
  • Right to Erasure ("Right to be Forgotten") (Article 17): Delete your account and all associated data
    → Delete via account settings or email [email protected]
  • Right to Data Portability (Article 20): Export your data in machine-readable format (JSON)
    → Export via account settings
  • Right to Object (Article 21): Object to processing of your personal data
    → Contact [email protected]
  • Right to Withdraw Consent: Withdraw consent for email processing at any time (by deleting your account)
    → Delete account via settings
  • Right to Lodge a Complaint: File a complaint with the supervisory authority
    → Philippines National Privacy Commission (NPC): https://privacy.gov.ph

6.3 How to Exercise Your Rights

Self-Service Account Settings: Access your GDPR rights instantly through your account settings page (gear icon next to your name on the Team page):

  • View Data Summary: See all data we store about you
  • Export Data: Download your data in JSON format (Article 20)
  • Update Email: Change your email address with re-verification (Article 16)
  • Delete Account: Permanently delete your account and all data (Article 17)

Alternative: Email Us: [email protected]

Response Time: Self-service is instant; email requests within 30 days (GDPR Article 12.3)

No Fee: Exercising your rights is free of charge

7. Consent Management (GDPR Article 7)

We implement transparent consent tracking for all business users:

7.1 Consent Collection

  • First Login: When you first sign up and log in, you'll see a Welcome Agreement Modal that requires you to review and accept this Privacy Policy (v2.0) and Terms of Service before accessing the console
  • Explicit Consent: Two separate checkboxes must be checked to proceed (Privacy Policy and Terms of Service)
  • Informed Consent: Full text of terms displayed in modal with links to complete documents
  • Email Change: Updating your email requires re-consent to privacy terms

7.2 Consent Records

We maintain a complete audit trail of all consent events:

  • Version Tracking: Each consent record includes the policy version (e.g., v2.0)
  • Timestamp: Exact date and time of consent
  • Method: How consent was obtained (signup, settings, api)
  • Consent Type: Privacy policy, terms of service, or email authentication
  • Status: Whether consent is active or withdrawn

7.3 Withdrawing Consent

You can withdraw consent at any time by:

  • Deleting Your Account: Via account settings (instant)
  • Email Request: Contact [email protected]

Effect of Withdrawal: Withdrawing consent will result in account deletion, as we cannot provide authentication services without processing your email address (legal basis: Contract, GDPR Article 6.1.b).

8. Security

We implement industry-standard security measures including:

  • TLS 1.3 encryption for all data in transit
  • AES-256 encryption for data at rest
  • Regular security audits and vulnerability scanning
  • Access controls and audit logging

9. Cookies and Tracking

We use minimal essential cookies for:

  • Session management (to maintain your queue position)
  • Security (CSRF protection)

We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

10. International Data Transfers

10.1 Queue Customer Data

Since we collect no personal data from queue customers, cross-border data transfer regulations do not apply.

10.2 Business User Email Data

Your data is hosted in Singapore by our sub-processors (Supabase, DigitalOcean).

Data Protection Safeguards:

  • Data Processing Agreements: All sub-processors have signed DPAs compliant with GDPR Article 28
  • Encryption: All data encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Limited Access: Sub-processors have minimal access; cannot read your email without authorization

Your Data Location: Philippines → Singapore (Supabase & DigitalOcean Asia Pacific region)

11. Children's Privacy

Our service is available to all ages. Since we collect no personal data, there are no child-specific privacy concerns.

12. Changes to This Policy

We may update this Privacy Policy periodically. Changes will be posted on this page with an updated “Last Updated” date. Your continued use of the service after changes constitutes acceptance.

13. Contact Us

If you have questions about this Privacy Policy:

14. IP Address Handling (Security Only)

For security and abuse prevention, we implement privacy-first IP address handling:

  • Encryption: IP addresses are encrypted with a rotating hash (changes daily)
  • Minimal Logging: Only logged for suspicious activity
  • Auto-Deletion: Encrypted IPs are automatically deleted after 24 hours
  • Normal Use: Successful logins and queue joins do NOT result in IP logging

This approach complies with GDPR Article 5.1.c (data minimization), Article 5.1.e (storage limitation), and Article 32 (security of processing).

Privacy-First Approach

waitlist.ph is built with privacy as a core principle, not an afterthought:

  • Queue Customers: Zero PII collection - anonymous tokens only
  • QR Scan Analytics: Zero PII - no IP, no user agent, no referrer, no tracking
  • Business Users: Email-only authentication (minimal PII)
  • UUID Architecture: Emails never appear in URLs, logs, or application database tables
  • Pseudonymization by Design: UUIDs reference users instead of emails
  • Automatic Deletion: Queue data expires after 24 hours, QR scans after 7 days, IP hashes after 24 hours

You can use our service with complete confidence that your personal information is minimized, secured, and automatically deleted.

← Back to Home