Privacy Policy

Last Updated: November 20, 2025

1. Introduction

Wyndo ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our tunneling service.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Email address, password (hashed), and account preferences
  • Payment Information: Processed securely through Stripe. We do not store full credit card details
  • Communications: Information you provide when contacting support or providing feedback

2.2 Automatically Collected Information

  • Usage Data: Tunnel connection timestamps, tunnel names, data transferred, request counts
  • Technical Data: IP addresses, browser type, operating system, device information
  • Log Data: Server logs including access times and errors for troubleshooting

2.3 Information We Do Not Collect

We do not inspect, log, or store the content of data passing through your tunnels. Your tunneled traffic is encrypted and private.

3. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the Service
  • Process payments and manage subscriptions
  • Send account-related notifications and service updates
  • Respond to your support requests
  • Monitor usage for security and abuse prevention
  • Comply with legal obligations
  • Analyze usage patterns to improve our Service

4. Data Sharing and Disclosure

4.1 Third-Party Service Providers

We share information with trusted service providers who assist us in operating our Service:

  • Stripe: Payment processing (see Stripe's Privacy Policy)
  • Email Service Provider: Transactional emails and notifications
  • Hosting Provider: Infrastructure and data storage

4.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities.

4.3 Business Transfers

If Wyndo is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

4.4 With Your Consent

We may share your information for any other purpose with your explicit consent.

5. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • All tunnel connections use TLS encryption
  • Passwords are hashed using bcrypt
  • API tokens are stored as SHA-256 hashes
  • Database connections use SSL/TLS
  • Regular security updates and monitoring

However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

6. Data Retention

  • Active Accounts: We retain your data for as long as your account is active
  • Deleted Accounts: Data is permanently deleted within 30 days of account deletion
  • Logs: Server logs are retained for 30 days for troubleshooting
  • Payment Records: Retained as required by law for tax and accounting purposes

7. Your Rights

7.1 Access and Portability

You can access and export your account data through your dashboard at any time.

7.2 Correction

You can update your account information through your account settings.

7.3 Deletion

You can delete your account at any time. This will permanently erase all your data from our systems.

7.4 Data Portability

You can export your usage data in machine-readable format.

7.5 Objection and Restriction

You may object to or request restriction of certain data processing activities by contacting us.

8. Cookies and Tracking

We use essential cookies to:

  • Maintain your session after login
  • Remember your preferences
  • Ensure security (CSRF protection)

We do not use third-party advertising or analytics cookies.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.

10. Children's Privacy

Our Service is not intended for users under the age of 13. We do not knowingly collect information from children under 13. If we become aware of such collection, we will delete the information immediately.

11. California Privacy Rights

California residents have specific rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected
  • Right to know if personal information is sold or disclosed
  • Right to opt-out of the sale of personal information
  • Right to deletion of personal information
  • Right to non-discrimination for exercising CCPA rights

We do not sell your personal information.

12. GDPR Compliance (EEA Users)

If you are in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

  • Right to access your data
  • Right to rectification
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object
  • Rights related to automated decision-making

Our legal basis for processing your data is:

  • Performance of a contract (providing the Service)
  • Legitimate interests (improving and securing the Service)
  • Consent (where explicitly obtained)
  • Legal compliance

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated policy with a new "Last Updated" date
  • Sending an email notification to your registered email address
  • Displaying a prominent notice on our Service

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Support: support@wyndo.com

By using Wyndo, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.