Privacy Policy

Last updated: April 2, 2026

What we collect

When you create an account, we collect your email address and name (or the profile information provided by Google if you sign in with Google OAuth). When you use Wayloft, we store the data you enter — your card portfolio, spending amounts, payment dates, loyalty balances, and quiz responses. This data is stored in our database hosted by Supabase (US servers).

How we use your data

  • Provide the service: Your card and spending data powers your dashboard, optimizer, recommendations, and alerts.
  • Improve the product: We use aggregate, anonymized usage patterns to improve features. We never sell your individual data.
  • Affiliate tracking: When you click an affiliate link to a card issuer, we log the click (card, page, timestamp) to measure which content is useful. This works for both logged-in and anonymous visitors.

Cookies and sessions

We use essential cookies to maintain your login session via Supabase Auth. We do not use advertising cookies or third-party tracking cookies. We may add privacy-respecting analytics (such as PostHog) in the future — if we do, this policy will be updated.

Third-party services

We use the following services to operate Wayloft:

  • Supabase — database and authentication (US servers)
  • Vercel — hosting and deployment (US servers)
  • Google — OAuth sign-in (if you choose Google login)

Each service has its own privacy policy. We do not share your personal data with any other third parties.

Data retention and deletion

Your data is retained as long as your account is active. You can request deletion of your account and all associated data by emailing us. Upon deletion, your data is permanently removed from our database.

Your rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Export your data in a portable format

If you are a California resident, you have additional rights under the CCPA, including the right to know what personal information we collect and the right to opt out of the sale of personal information. We do not sell personal information.

Children

Wayloft is not intended for users under 13 years of age. We do not knowingly collect data from children.

Changes to this policy

We may update this policy from time to time. If we make material changes, we will notify you by updating the date at the top of this page.

Contact

Questions about this policy? Email annabelfilippini@wayloft.app.