Privacy Policy
Last updated: [DATE — to be set by solicitor]
This privacy policy is currently being finalised by our legal team. The full policy will be published before Wonting launches. If you have questions, contact hello@wonting.co.uk.
1. Who we are
Wonting is operated by [LEGAL ENTITY NAME — to be confirmed]. We are the data controller for the personal data processed through the Wonting app and website. Our contact email is hello@wonting.co.uk.
2. What data we collect
When you create an account, we collect your university email address and a password (stored securely using industry-standard hashing). We also collect content you create (posts, comments, votes, poll responses), device information for push notifications, and usage data to improve the app.
3. Why we process your data
We process your data to provide the Wonting service, verify your university affiliation, moderate content for safety, deliver push notifications you have opted into, and comply with legal obligations. Our lawful basis for processing is [consent / legitimate interest — to be confirmed by solicitor].
4. How we store your data
Your data is stored on Supabase infrastructure in the [EU-West region — to be confirmed]. Data is encrypted in transit and at rest. We retain your data for as long as your account is active. Our full data retention schedule is available on request.
5. Who we share data with
We do not sell your personal data. We share data only with service providers necessary to operate Wonting: Supabase (database hosting), Cloudflare (website hosting), and Resend (transactional email). Post and comment content may also be processed by third-party AI services for safety and moderation purposes — no personal identifiers are shared with these services. We may disclose data if required by law or to protect the safety of users.
6. Your rights under UK GDPR
You have the right to: access your data, rectify inaccurate data, erase your data (right to be forgotten), restrict processing, data portability, and object to processing. To exercise any of these rights, use the "Request My Data" or "Delete Account" options in the app, or email hello@wonting.co.uk. We will respond within 30 days.
7. Account deletion
You can delete your account at any time from Settings in the app. Deletion is permanent and removes all your data from our systems, including posts, comments, votes, and profile information. A record that a deletion occurred is kept for compliance purposes, but contains no personal data.
8. Cookies and tracking
The Wonting website (wonting.co.uk) does not use tracking cookies or third-party analytics. The app does not contain any advertising SDKs or tracking pixels.
9. Children and age restriction
Wonting is only available to users aged 18 or over. We verify this through a self-declaration at signup. If we become aware that a user under 18 has created an account, we will delete it immediately.
10. Changes to this policy
We may update this policy from time to time. We will notify users of significant changes through the app. The "last updated" date at the top of this page will always reflect the most recent version.
11. Contact and complaints
If you have concerns about how we handle your data, please contact us at hello@wonting.co.uk. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.