winlogs

Privacy Policy

Effective date: May 9, 2026  ·  Last updated: May 14, 2026

Plain-English summary: We store your account info and the wins you log so the app works. We use Supabase to store data, Anthropic to power AI generation, PostHog for anonymous usage analytics, and Stripe for payments. We don't sell your data. Ever.

1. Who We Are

WinLogs ("we," "us," or "our") is operated by WinLogs. This Privacy Policy explains how we collect, use, and protect your personal information when you use WinLogs at winlogs.app and any other sites we own and operate.

Your privacy is important to us. It is our policy to respect your privacy and comply with any applicable law and regulation regarding any personal information we may collect about you.

Personal information is any information about you which can be used to identify you. This includes information about you as a person (such as name and email address), your devices, payment details, and information about how you use a website or online service.

In the event our site contains links to third-party sites and services, please be aware that those sites and services have their own privacy policies. After following a link to any third-party content, you should read their posted privacy policy. This Privacy Policy does not apply to any of your activities after you leave our site.

Questions? Email us at nilobuilds@gmail.com.

2. Information We Collect

Information we collect falls into one of two categories: voluntarily provided information and automatically collected information.

"Voluntarily provided" information refers to any information you knowingly and actively provide us when using or participating in any of our services. "Automatically collected" information refers to any information automatically sent by your devices in the course of accessing our products and services.

Voluntarily Provided

Account information: When you sign up, we collect your email address and optionally your display name. If you sign up via Google, we receive your email and name from Google.

User content: The wins, achievements, notes, and tags you log in the app. This is the core data the Service stores on your behalf.

Payment information: If you purchase credits, payment is processed by Stripe. We never see or store your full card number. We receive a confirmation of your transaction and your Stripe customer ID.

Feedback: If you submit feedback through the in-app widget, we store your user ID (linked to your account email), your mood rating (an emoji reaction), and your message so we can respond and improve the Service.

Waitlist: If you submit your email address to join the WinLogs Pro waitlist, we store that email address solely to notify you when Pro features launch. You may request removal at any time by emailing us.

Automatically Collected

Log data: When you visit our website, our servers may automatically log the standard data provided by your web browser. This may include your device's Internet Protocol (IP) address, browser type and version, the pages you visit, the time and date of your visit, time spent on each page, and other details about your visit. If you encounter errors while using the site, we may also collect data about the error and the circumstances surrounding it.

Device data: We may automatically collect data about your device, including your operating system, browser type and version, screen resolution, and general location derived from your IP address (country/region level only). This data is collected via PostHog. The specific data collected depends on your device and software settings.

Usage data: We use PostHog to collect anonymized analytics (pages visited, features used, session duration, button clicks). This data does not include the content of your entries. You can opt out by using a browser with tracking protection or a PostHog-blocking browser extension.

Transaction Data

Transaction data refers to data that accumulates over the normal course of operation on our platform. For WinLogs this includes your logged win entries, generated documents, credit balance and usage logs, and AI generation records (model used, token counts, cost). This data is created as you interact with the Service and is stored to provide the Service's core functionality.

Sensitive Information

WinLogs does not collect or ask for sensitive personal information such as racial or ethnic origin, political opinions, religion, health information, biometric data, or sexual orientation. Please do not include such information in your win entries or feedback. If you do, we will treat it with the same protections as all other data you provide, but we have no specific controls for sensitive data categories.

3. Legitimate Reasons for Processing

We only collect and use your personal information when we have a legitimate reason for doing so. We only collect personal information that is reasonably necessary to provide our services to you. We may collect personal information from you when you:

4. How We Use Your Information

We do not use your personal data or entry content to train AI models. We may combine voluntarily provided and automatically collected information with general information (such as regional usage trends) to improve our service, but we will not combine it in a way that identifies you personally beyond what is described in this policy.

5. Third-Party Services

We use the following sub-processors to operate WinLogs. Each has its own privacy policy governing how they handle your data:

Service Purpose Privacy Policy
Supabase Database (stores your entries and account data) and authentication supabase.com/privacy
Anthropic AI generation: your selected entries are sent to Claude to produce summaries anthropic.com/privacy
PostHog Anonymized product analytics and session insights posthog.com/privacy
Stripe Credit purchases and payment processing stripe.com/privacy
Google OAuth Optional sign-in with Google policies.google.com/privacy
Netlify Hosting and serverless functions netlify.com/privacy
Google Fonts Web font delivery; your IP address is sent to Google's servers when the page loads policies.google.com/privacy

6. Data Storage and Security

Your data is stored in Supabase's cloud infrastructure (AWS us-east-1). All data is encrypted in transit (TLS) and at rest.

Access to your data is restricted by row-level security policies. Only you can read or write your own entries.

Although we will do our best to protect the personal information you provide to us, no method of electronic transmission or storage is 100% secure and no one can guarantee absolute data security. You are responsible for selecting a strong password and maintaining its security. Please do not make your personal information publicly available via our platform.

7. Data Retention

We keep your personal information only for as long as we need to. Your data is retained for as long as your account is active. If you delete your account from Settings, your entries, generated documents, credit balance, feedback, and generation logs are permanently and immediately deleted from our systems, and your authentication record is removed at the same time. This deletion is irreversible.

Anonymized analytics data (PostHog) may be retained longer as it cannot be tied back to you individually.

Payment records are retained as required by law (typically 7 years for tax and accounting purposes). If your personal information is no longer required for its original purpose, we will delete it or make it anonymous by removing all details that identify you.

8. Your Rights and Controlling Your Personal Information

Your choice: By providing personal information to us, you understand we will collect, hold, use, and disclose your personal information in accordance with this privacy policy. You do not have to provide personal information to us, however, if you do not, it may affect your ability to use the Service.

Information from third parties: If we receive personal information about you from a third party (such as Google OAuth), we will protect it as set out in this privacy policy.

Depending on where you are located, you may have the following rights:

California residents have additional rights under the CCPA, including the right to know what personal information is sold or disclosed. We do not sell personal information.

Notification of data breaches: We will comply with laws applicable to us in respect of any data breach, including notifying affected users where required.

Complaints: If you believe that we have breached a relevant data protection law, please contact us using the details below with full details of the alleged breach. We will promptly investigate your complaint and respond in writing. You also have the right to contact a regulatory body or data protection authority.

To exercise any of these rights, email nilobuilds@gmail.com.

9. Cookies and Local Storage

WinLogs uses browser localStorage and sessionStorage, not traditional cookies, to remember your session and preferences (such as "stay signed in"). No third-party tracking cookies are set by us directly.

PostHog may set a cookie to identify anonymous sessions for analytics purposes. To opt out, use a browser extension that blocks PostHog's domain or enable your browser's built-in tracking protection.

10. Children's Privacy

WinLogs is not directed at children under 18. We do not knowingly collect personal information from anyone under 18. If you believe a minor has created an account, please contact us and we will delete it promptly.

11. Do Not Track

Some browsers offer a "Do Not Track" (DNT) signal. WinLogs does not currently respond to DNT signals, as there is no agreed-upon standard for how services should interpret them. PostHog, our analytics provider, may track activity across sessions. You can opt out as described in Section 9.

12. Law Enforcement and Legal Requests

We may disclose your personal information if required to do so by law or in response to a valid legal process, such as a court order, subpoena, or government request. We will notify you of such a request where permitted by law.

We may also disclose information when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

13. Business Transfers

If we or our assets are acquired, or in the unlikely event that we go out of business or enter bankruptcy, your data — including personal information — may be among the assets transferred to any parties who acquire us. You acknowledge that such transfers may occur. We will notify you via email or a prominent in-app notice before your data becomes subject to a different privacy policy, and you will have the opportunity to delete your account before that occurs.

14. International Data Transfers

WinLogs is operated from the United States. Your data is stored on servers in the US (AWS us-east-1 via Supabase). If you access the Service from outside the United States, your information will be transferred to and processed in the US, where data protection laws may differ from those in your country.

By using WinLogs, you consent to this transfer. We take reasonable steps to ensure your data is handled securely regardless of where it is processed.

15. Information for EU / EEA Users (GDPR)

If you are located in the European Union or European Economic Area, you have additional rights under the General Data Protection Regulation (GDPR).

Lawful basis for processing:

Additional GDPR rights: In addition to the rights in Section 8, you have the right to object to processing based on legitimate interests, request restriction of processing while a dispute is resolved, lodge a complaint with your local Data Protection Authority (DPA), and withdraw consent at any time without affecting prior processing.

To exercise any of these rights, email nilobuilds@gmail.com. We will respond within 30 days.

Note: WinLogs does not have an EU establishment and currently does not have a GDPR representative appointed in the EU. If you have concerns about cross-border data transfers, please contact us directly.

16. Limits of Our Policy

Our website may link to external sites that are not operated by us. Please be aware that we have no control over the content and policies of those sites, and cannot accept responsibility or liability for their respective privacy practices. This Privacy Policy does not apply to any of your activities after you leave our site.

17. Changes to This Policy

At our discretion, we may change our privacy policy to reflect updates to our business processes, current acceptable practices, or legislative or regulatory changes. If we decide to change this privacy policy, we will post the changes here at the same link by which you are accessing this privacy policy. The "Last updated" date at the top of this page always reflects the most recent version.

If required by law, we will get your permission or give you the opportunity to opt in to or opt out of any new uses of your personal information. For material changes we will notify you via email or an in-app notice.

18. Contact

For any questions, data requests, or concerns regarding your privacy:

WinLogs
Email: nilobuilds@gmail.com