Side WhisperSide Whisper

Privacy Policy

Last updated: February 2026

1. Data Controller

Crăciun Cosmin Viorel PFA trading as Side Whisper, Romania.

Contact: privacy@sidewhisper.com

2. Data We Collect

During the early access waitlist phase, we collect the following personal data:

  • Email address (provided by you when joining the waitlist)
  • Consent flags (whether you opted in to updates and/or marketing)
  • Timestamps (when you signed up, confirmed, or were invited)
  • Source (which page you signed up from, e.g. "hero" or "footer")

We do not collect IP addresses, device fingerprints, or use tracking cookies.

3. Purpose & Legal Basis

  • Early access updates (required consent): To send you confirmation emails, waitlist status updates, and early access invitations. Legal basis: your explicit consent (GDPR Art. 6(1)(a)).
  • Product news and offers (optional consent): To send product announcements and promotional offers. Legal basis: your explicit opt-in consent (GDPR Art. 6(1)(a)).

4. Data Processors

We use the following third-party services to process your data:

  • Convex (USA, SOC 2 Type II, GDPR verified) — database storage
  • Resend (USA) — transactional email delivery
  • Vercel (USA) — website hosting
  • Clerk (USA) — authentication for admin access only (your email is not shared with Clerk)

5. Analytics

We use Vercel Web Analytics, which is cookieless and does not collect personally identifiable information. No consent is required for this type of analytics under GDPR.

6. Data Retention

Your data is retained until the end of the early access period plus 12 months, or until you unsubscribe — whichever comes first. After that, your data will be permanently deleted.

7. Your Rights (GDPR)

Under the General Data Protection Regulation, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Erase your data ("right to be forgotten")
  • Restrict processing
  • Data portability
  • Object to processing
  • Withdraw consent at any time

8. How to Withdraw Consent

You can withdraw your consent at any time by:

Withdrawal does not affect the lawfulness of processing before withdrawal (GDPR Art. 7(3)).

9. Complaints

You have the right to lodge a complaint with the Romanian data protection authority:

ANSPDCP
Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal
www.dataprotection.ro

10. Security

We implement appropriate technical and organizational measures to protect your data, including: hashed tokens (never stored in plain text), encrypted connections (HTTPS/TLS), rate limiting on form submissions, and strict access control for admin operations.