Privacy Policy

Last Updated: October 2025

This Privacy Policy (“Policy”) explains how WayFy Inc. (“WayFy,” “we,” “us,” or “our”) collects, uses, discloses, and protects your personal data when you use the WayFy App or Website (the “Service”). We comply with global data protection laws, including the EU General Data Protection Regulation (GDPR), Serbia’s Law on Personal Data Protection, Kenya’s Data Protection Act, Mexico’s LFPDPPP (2025), and the draft Bangladesh Personal Data Protection Act.

By using the Service, you consent to this Policy. If you do not agree, please do not use the Service.

1. Who We Are

WayFy Inc.
2301 Blake St, STE 100
Denver, CO 80205, USA
Email: hello@wayfy.co

2. Data We Collect

  • Account Data: Name, email, and login details (via Clerk).
  • Subscription Data: Subscription type, payment records, and billing metadata.
  • Device & Usage Data: Browser, OS, device type, language, approximate location.
  • Cookies & Analytics: PostHog tracking, session and event data for performance analysis.
  • Marketing Data: Newsletter opt-ins and preferences.

We do not collect sensitive data (such as health, political, or biometric data) or user-generated content.

3. Legal Bases for Processing

We process your personal data under one or more of the following lawful bases:

  • Consent – for analytics, marketing, and cookies.
  • Contract – to provide account features and subscriptions.
  • Legitimate Interest – for platform security and analytics.
  • Legal Obligation – to comply with tax and recordkeeping laws.

4. How We Use Your Data

  • • Provide, operate, and improve the Service.
  • • Manage authentication and accounts (via Clerk).
  • • Monitor and analyze performance (via PostHog).
  • • Communicate updates, respond to support requests, and send newsletters.
  • • Detect and prevent fraud or misuse.

5. Third-Party Processors

We share data only with trusted third-party service providers (“processors”) that help us operate, secure, and improve the WayFy platform. These providers process data solely on our behalf and under binding confidentiality and data protection agreements.

Heroku: Application hosting and infrastructure management. Data is processed on secure servers located in the U.S. and EU regions.

Clerk: User authentication and account management, including secure login, credential handling, and access control.

PostHog: Product analytics and usage tracking to help us improve app performance and user experience. PostHog only processes pseudonymized data and does not collect sensitive information.

Cloudinary: Media optimization and content delivery for static assets such as images and marketing materials. Cloudinary does not store or process user-uploaded personal content.

All third-party processors listed above comply with the EU Standard Contractual Clauses (SCCs) or equivalent international data transfer safeguards to ensure your information remains protected wherever it is processed.

6. Cookies & Tracking

We use cookies for authentication, analytics, and performance optimization. You may opt out of non-essential cookies at any time. Essential cookies are necessary for core site functionality.

7. International Data Transfers

When personal data is transferred outside your country (e.g., to the U.S.), we rely on recognized safeguards such as Standard Contractual Clauses (SCCs) or equivalent mechanisms under local laws.

8. Data Retention

  • • Account data – until deletion + 180 days.
  • • Transaction data – 7 years (legal/tax).
  • • Analytics – 24 months (then anonymized).
  • • Marketing data – until consent is withdrawn.

9. Security

We use encryption, secure servers, and access controls to protect your data. If a breach occurs that may risk your rights, we will notify affected users and relevant authorities within 72 hours as required by law.

10. Your Rights

  • • Access, correct, or delete your data.
  • • Restrict or object to processing.
  • • Withdraw consent at any time.
  • • Request data portability.
  • • Lodge a complaint with your national data authority.

To exercise your rights, contact us at hello@wayfy.co.

11. Regional Compliance

United States: WayFy complies with all applicable U.S. federal and state privacy laws, including the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). U.S. users may request access, correction, or deletion of their personal data and opt out of the sale or sharing of personal information by contacting hello@wayfy.co.

European Union (EU): We comply with the General Data Protection Regulation (GDPR). Data subjects may exercise their rights to access, rectification, erasure, restriction, portability, and objection by emailing us.
EU Representative (Article 27 GDPR): Brenden Huey
(Representative must be physically located in the EU – placeholder entry.)

United Kingdom (UK): We comply with the UK GDPR and Data Protection Act 2018. UK residents have rights equivalent to EU users and may contact us at hello@wayfy.coto exercise them.

Serbia: Our processing aligns with Serbia’s Law on Personal Data Protection (2019), which mirrors the GDPR. Serbian users enjoy full access, correction, deletion, and objection rights.

Kenya: We adhere to the Data Protection Act 2019 and its regulations. Kenyan users may request access, correction, or deletion of their data and may object to certain processing activities.

Mexico: Under the Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP 2025), users have ARCO rights (Access, Rectification, Cancellation, Opposition) and may object to automated processing. Requests can be made via:
hello@wayfy.co.

Bangladesh: We proactively align with the forthcoming Personal Data Protection Act (PDPA) to uphold transparency, fairness, and security in processing personal data.

Canada: We comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and provincial privacy statutes. Canadian users may withdraw consent or request access and correction of their personal information at any time.

Australia & New Zealand: We respect the Australian Privacy Principles (APPs) and New Zealand Privacy Act 2020. Users may contact us for access, correction, or deletion of their personal data or to raise a complaint with their national privacy regulator.

12. Children’s Privacy

The Service is not intended for children under 16 in the EU (or under 13 elsewhere). We do not knowingly collect data from minors. If you believe we have, please contact us and we will delete it promptly.

13. Updates to This Policy

We may update this Policy periodically. Material updates will be announced in the app or via email. The “Last Updated” date reflects the most recent version.

14. Contact Us

WayFy Inc.

2301 Blake St, STE 100

Denver, CO 80205, USA

Email: hello@wayfy.co