WaitQWaitQ

Privacy Policy

Last updated: 2/12/2026

WaitQ is owned by Azor Studio™, a Portuguese trademarked brand.

This Privacy Policy explains how we collect, use, share, and protect personal data when you use the Service, and what choices and rights you have.

Scope and key concepts

This policy applies to:

  • Visitors to our website
  • Users who create and use WaitQ accounts (“Account Users”)
  • Individuals who join a waitlist/queue operated by one of our business customers (“End Users”)

Because WaitQ is a B2B product that can also be used by individuals, our GDPR role depends on context:

  • WaitQ as controller: We act as a controller when we process personal data for our own purposes, such as operating our website, administering accounts, providing support, securing the Service, and measuring product performance.
  • WaitQ as processor (most waitlists): When a business uses WaitQ to run a waitlist/queue for its own customers, that business typically determines why and how End User personal data is used. In that scenario, the business is the controller and WaitQ is the processor processing personal data on the business’s behalf (under a Data Processing Agreement (“DPA”) where applicable).

If you are an End User (you joined a waitlist), the business you interacted with is the primary controller for your waitlist data and will have its own privacy notice and policies.

If you purchase a paid plan, payment processing is handled by Polar (Polar Software Inc.) acting as Merchant of Record and/or through Polar’s payment partners. Polar may collect and process additional personal data for payments, tax/VAT, invoicing, fraud prevention, and regulatory compliance. This payment processing is not under our control and is governed by Polar’s own privacy policy and terms.

Personal data we collect

We collect personal data in the categories below. Some data is collected directly from you; other data is collected automatically when you use the Service; and some data is provided by our business customers when End Users join their waitlists.

Account and customer support data (Account Users):

  • Name, email address, phone number (optional)
  • Company/organization name
  • Authentication data (e.g., password hash, login/session tokens, SSO identifiers)
  • Support communications (emails, chat messages) and information you provide during troubleshooting

Waitlist/queue data (End Users; Customer Data)

Depending on what the business requests and what you submit:

  • Name, phone number (optional), email address (optional)
  • Queue metadata (venue/list identifier, timestamps, position/status, party size, message delivery status)
  • Any fields the business configures (e.g., seating preferences), if enabled by that business

Usage, device, and log data:

  • IP address and approximate location derived from IP
  • Device/browser type and settings
  • Pages viewed, features used, events/actions taken, timestamps
  • Referrer URLs and basic diagnostics/performance data
  • Security/audit logs (e.g., sign-in events, admin actions)

Analytics data (PostHog and Google Analytics):

We use PostHog and Google Analytics to understand how the Service is used and to improve performance and user experience.

We aim to configure analytics in a privacy-preserving manner and do not intentionally send message contents or raw End User contact details (phone/email) into analytics tools. However, analytics tooling can sometimes capture identifiers depending on configuration, user inputs, and event design.

Messaging data (BulkGate and Resend):

When a business uses messaging features:

  • SMS delivery may be provided through BulkGate
  • Email delivery may be provided through Resend

To deliver messages, these providers may process End User contact details (e.g., phone number or email) and message metadata (e.g., delivery status, timestamps). The business customer is responsible for ensuring they have the right to contact End Users and for complying with applicable marketing/telecom rules.

Billing and payment data (Polar as Merchant of Record):

If you purchase a paid plan:

  • Polar may collect and process billing and payment-related data (e.g., name, billing address, tax/VAT details, payment method details, transaction identifiers, invoices/receipts, and fraud-prevention signals) as an independent controller.
  • WaitQ typically receives limited data from Polar necessary to provision and manage access (e.g., subscription status, plan, purchase timestamps, and transaction/subscription identifiers).

How we use personal data

We use personal data for the purposes below:

Provide and operate the Service:

  • Create and manage accounts
  • Provide queue/waitlist functionality and status pages
  • Enable integrations and basic platform operations

Send service communications and notifications:

  • Operational emails (security alerts, account notices)
  • Queue-related notifications (SMS/email), when enabled by a business customer

Support and customer service:

  • Respond to requests
  • Troubleshoot issues and resolve incidents

Security and abuse prevention:

  • Protect accounts and prevent fraud, misuse, or unauthorized access
  • Maintain audit logs and investigate security events

Analytics and improvement:

  • Understand product usage, performance, and reliability
  • Improve features, usability, and operational stability

Legal compliance and enforcement:

  • Comply with legal obligations
  • Enforce our Terms of Service and protect our rights

Legal bases (EEA/UK GDPR)

Where GDPR applies, our legal bases may include:

  • Contract: to provide the Service to customers and Account Users;
  • Legitimate interests: to secure, maintain, and improve the Service; prevent abuse; and perform basic analytics (balanced against user rights);
  • Consent: where required (e.g., non-essential cookies/analytics in certain jurisdictions, certain marketing communications);
  • Legal obligation: to meet accounting/tax record keeping and respond to lawful requests.
  • End User messaging: In most cases, the business customer (controller) is responsible for determining the lawful basis and obtaining any necessary consent to contact End Users by SMS/email.

Cookies and similar technologies

We may use cookies and similar technologies for:

  • Essential functions (authentication, security, session management)
  • Analytics (PostHog and Google Analytics), where enabled

Where required, we present a cookie banner or settings mechanism to manage non-essential cookies/analytics.

Data retention

We keep personal data only as long as necessary for the purposes described above, unless a longer retention period is required by law.

End User waitlist data

End User waitlist/queue data is retained for up to 90 days after the End User adds themselves to a list, for analytics purposes only, unless:

  • The relevant business customer deletes it earlier, or
  • Retention is required to comply with legal obligations, resolve disputes, or enforce agreements

Account data

We retain account data while an account is active and for a reasonable period after closure for support, security, and compliance.

Billing records

Billing and tax records are retained as required by applicable laws. Payment details are primarily handled by Polar as Merchant of Record.

How we share personal data

We share personal data only as needed to operate the Service and for the purposes described.

**With business customers (controllers): **If you are an End User joining a waitlist, your data is shared with the business operating that waitlist. That business determines how your waitlist data is used.

**With service providers (processors/sub-processors): **We use trusted vendors to provide parts of the Service. Depending on your usage, this may include:

  • BulkGate (SMS delivery)
  • Resend (email delivery)
  • PostHog (product analytics)
  • Google Analytics (web/product analytics)
  • Hosting/infrastructure, monitoring, error tracking, and support tooling: [list key vendors if desired]

These providers process personal data under contractual protections appropriate to their role.

Payments (Polar as independent controller)

For paid subscriptions, checkout and payment processing are handled by Polar. We may share minimal identifiers necessary to create/maintain your subscription, and Polar may share back subscription and purchase status so we can provision access. Polar’s collection and processing of payment-related personal data is governed by Polar’s own privacy policy and terms.

Legal and safety

We may disclose information if we believe it is reasonably necessary to:

  • Comply with law, regulation, or legal process
  • Protect the rights, safety, and security of WaitQ, our users, End Users, or the public
  • Prevent fraud or abuse

Business transfers

If we are involved in a merger, acquisition, restructuring, or sale of assets, personal data may be transferred as part of that transaction, subject to appropriate safeguards.

International data transfers

Our vendors and infrastructure may process personal data outside Portugal or the European Economic Area (EEA). Where required, we use appropriate safeguards such as adequacy decisions and/or Standard Contractual Clauses (SCCs), and we assess whether supplementary measures are needed.

Because Polar operates its own payments platform and may use payment processors, payment-related personal data may be processed in multiple jurisdictions under Polar’s policies.

Security

We implement reasonable technical and organizational measures designed to protect personal data (e.g., access controls, least-privilege practices, encryption in transit, monitoring). No method of transmission or storage is completely secure, and you are responsible for keeping your credentials secure.

Your rights and choices

Depending on your location, you may have rights to:

  • Access your personal data
  • Correct inaccurate or incomplete data
  • Request deletion (in certain cases)
  • Restrict or object to processing (in certain cases)
  • Data portability (where applicable)
  • Withdraw consent (where processing is based on consent)

How to exercise rights: please send an e-mail to joao@azor.studio with your request.

End Users (waitlists run by businesses)

If you joined a waitlist run by a business, that business is typically the controller. We may refer your request to that business, or support them in fulfilling it, depending on the request and applicable law.

Complaints

If you are in the EEA/UK, you may have the right to lodge a complaint with your local data protection authority. In Portugal, the supervisory authority is the CNPD.

Children

The Service is not directed to children, and we do not knowingly collect personal data from children. If you believe a child has provided personal data, contact us so we can take appropriate action.

Privacy Policy - WaitQ