Privacy Policy
Last updated: 1 May 2026
1. Controller
Wagoe, registered in the Netherlands, is the data controller for personal data processed through Wagoe Blueprint. Contact: privacy@wagoe.com.
2. Data We Collect
- Account data: email address, hashed password, role, organisation name.
- Usage data: request logs (IP address, timestamp, HTTP method, URI) retained for 30 days.
- Payment data: processed exclusively by Stripe. We receive a customer ID and subscription status; we never store card numbers.
- Templates: DOCX files you upload, stored on our servers until deleted.
3. Legal Basis (GDPR)
- Contract performance (Art. 6(1)(b)) — operating your account and delivering conversions.
- Legitimate interest (Art. 6(1)(f)) — security logging and fraud prevention.
- Legal obligation (Art. 6(1)(c)) — tax and invoicing records.
4. How We Use Data
- Provide and improve the Service
- Send transactional emails (account creation, password reset)
- Detect and prevent abuse
- Comply with legal obligations
5. Data Sharing
We do not sell personal data. Sub-processors with access to personal data:
- Stripe — payment processing (US, Standard Contractual Clauses)
- Sentry / GlitchTip — error monitoring (EU option available)
- Hetzner / Fly.io — infrastructure (EU data centres)
6. Retention
- Account data: until account deletion, then purged within 30 days.
- Access logs: 30 days rolling.
- Invoices: 7 years (Dutch tax law).
7. Your Rights (GDPR)
EU/EEA residents have the right to:
- Access — download a copy of your data from Account → Export my data.
- Erasure — delete your account from Account → Delete account. Data is purged within 30 days.
- Portability — export provided in JSON format.
- Rectification — update your email in account settings.
- Objection — contact privacy@wagoe.com.
If you believe we are processing your data unlawfully you have the right to lodge a complaint with the Dutch DPA (Autoriteit Persoonsgegevens): autoriteitpersoonsgegevens.nl.
8. Cookies
We use one session cookie (HTTP-only, Secure, SameSite=Strict) to maintain your logged-in state. No tracking or advertising cookies are used.
9. Security
Passwords are stored as bcrypt hashes. All traffic is encrypted via TLS. Multi-factor authentication (TOTP) is available and required for admin accounts.
10. Changes
We will notify you by email at least 14 days before material changes take effect.
11. Contact
Data protection enquiries: privacy@wagoe.com