WayncoreLegal
Back to site

Legal

Privacy Policy

Last updated: 7 June 2026

This policy describes how Wayncore collects, uses, and protects personal data in accordance with the General Data Protection Regulation (GDPR).

1. Data Controller

Wayncore (“we”, “us”, “our”) is the data controller for the personal data of brand account holders (our customers).

For personal data belonging to your end customers (submitted via warranty claim forms), Wayncore acts as a data processor on your behalf. You remain the data controller for your customers’ data.

2. Data We Collect

Account data: Brand name, email address, and password (hashed). Collected at registration.

Billing data: Managed by Stripe. We do not store card numbers. We retain subscription status and billing history for tax and accounting purposes.

Warranty case data: Customer names, email addresses, product descriptions, serial numbers, issue descriptions, invoice documents, photos, and videos submitted through your branded portal.

Usage data: Anonymized analytics on feature usage, page visits, and error rates. Not linked to individual identities.

3. Purpose and Legal Basis

  • Providing and operating the Wayncore service (contract performance, Article 6(1)(b) GDPR)
  • Managing subscriptions and billing (contract performance and legal obligation, Article 6(1)(b) and (c) GDPR)
  • Sending transactional notifications related to warranty cases (contract performance)
  • Improving the service through aggregated usage analysis (legitimate interest, Article 6(1)(f) GDPR)

4. Sub-processors

We use the following sub-processors to deliver the service:

  • Supabase — database and authentication hosting, EU region (Frankfurt, Germany)
  • Stripe — payment processing and subscription management
  • Resend — transactional email delivery
  • Anthropic — AI-assisted case summarization. Only anonymized technical issue descriptions are processed. No personally identifiable information is transmitted to Anthropic.
  • Vercel — front-end hosting and edge delivery

5. International Transfers

Core data is stored in the EU (Supabase, Frankfurt). Some sub-processors (Anthropic, Vercel) may process data outside the EU. Such transfers are governed by Standard Contractual Clauses (SCCs) in accordance with GDPR Article 46.

6. Retention Periods

  • Account data: retained for the duration of the subscription, plus 12 months after termination
  • Warranty case data: retained for 24 months from case closure
  • Billing records: retained for 10 years in accordance with French accounting law

7. Your Rights

Under the GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Request erasure of your data (subject to legal obligations)
  • Request data portability
  • Object to processing based on legitimate interest
  • Lodge a complaint with your national supervisory authority (in France: the CNIL at cnil.fr)

To exercise your rights: privacy@wayncore.eu

8. Cookies

Wayncore uses only strictly necessary cookies to maintain your authenticated session. No advertising or third-party tracking cookies are used. See our Cookie Policy for details.

9. Security

We implement technical and organizational measures to protect personal data, including encryption in transit (TLS), database-level Row Level Security (RLS) to ensure data isolation between brand accounts, and access controls limited to authorized personnel.

10. Contact

Data Protection contact: privacy@wayncore.eu