WinDash

Privacy Policy

How WinDash collects, uses, and protects your information

Effective Date: [INSERT DATE] | Last Updated: [INSERT DATE]

www.windash.com

1. Introduction

Welcome to WinDash ("WinDash," "we," "our," or "us"). WinDash operates an innovative online auction platform based on the Scandinavian auction model, offering subscription-based and single-pass auction participation. We are committed to protecting your personal information and your right to privacy.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website www.windash.com, create an account, purchase a subscription, participate in auctions, or otherwise interact with our services (collectively, the "Services").

Please read this policy carefully. If you disagree with its terms, please discontinue use of our Services.

2. Information We Collect

2.1 Information You Provide Directly

When you register an account or use our Services, we collect:

• Account Registration: Full name, email address, username, password (encrypted), and date of birth (to verify age eligibility)
• Payment Information: Credit/debit card details, billing address, and payment history. Note: Full card numbers are processed by our payment provider (e.g., Stripe) and are not stored on our servers
• Subscription Data: Your chosen plan (Starter, Pro, or Power), billing cycle, and renewal history
• Auction Activity: Bids placed, auctions enrolled in, auctions won, bid balance history, bid rollover amounts, one-time pass purchases, Bid Booster purchases, enrolment fees paid, auction countdown notifications sent, and Active-Pending auction participation timestamps
• Ranking & Reward Data: Your current rank (Soldier, Sergeant, Captain, Major, Colonel, or General), stars accumulated, and rewards earned through referrals, reviews, and social actions
• User-Generated Content: Photo or video reviews you submit, referral information, and communications with our support team
• Communications: Emails, chat messages, or support tickets you send us

2.2 Information Collected Automatically

When you use our Services, we automatically collect:

• Device & Browser Information: IP address, browser type, operating system, device identifiers
• Usage Data: Pages visited, features used, auction pages viewed, time spent, clicks, and navigation paths
• Cookies & Tracking Technologies: Session cookies, persistent cookies, and similar technologies (see Section 7)
• Log Data: Server logs including access times, error reports, and referring URLs
• Location Data: General geographic location derived from your IP address

2.3 Information From Third Parties

We may receive information about you from:

• Payment processors (e.g., Stripe) confirming transaction status
• Social media platforms if you follow our pages or share content (limited to publicly available interaction data)
• Referral partners when you are referred to WinDash by an existing user
• Fraud prevention and identity verification services

3. How We Use Your Information

We use the information we collect to:

3.1 Provide and Operate the Services

• Create and manage your account
• Process subscription payments and one-time pass fees
• Manage your bid balance, including adding subscription bids monthly, tracking bids used in auctions, and returning unused bids to your balance at auction end (subscription users)
• Administer your auction enrolments and participation
• Track and display your ranking level, stars, and unlock appropriate auction tiers
• Apply applicable rank discounts to enrolment fees (Captain: 10%, Major: 20%, Colonel: 30%, General: 40%)
• Manage one-time pass purchases and ensure unused bids expire correctly after an auction ends
• Operate the demo auction and issue complimentary gift card auctions to first-time users
• Send 24-hour countdown notifications when an auction pool is filled and the auction is about to begin
• Send notifications when a pool-based auction enters Active-Pending state (countdown reaches zero) so enrolled participants know the auction is ready to activate
• Send enrollment closing notifications when 1 hour remains on the 24-hour countdown
• Calculate and apply monthly bid rollovers at the end of each billing cycle (Starter: 30%, Pro: 40%, Power: 70%)
• Manage Bid Booster eligibility per billing cycle, including reset upon mid-cycle plan upgrades
• Display or hide one-time pass options based on each user's current subscription status and remaining bid balance

3.2 Improve and Develop the Services

• Analyze platform usage to improve features and fix issues
• Monitor for fraudulent activity, multi-account abuse, or unfair auction behavior
• Conduct internal research and analytics

3.3 Communicate With You

• Send transactional emails (bid confirmations, enrolment confirmations, auction start alerts, win notifications, subscription renewals)
• Send promotional communications about new auctions, features, or offers (you may opt out at any time)
• Respond to your support inquiries

3.4 Legal and Safety Purposes

• Comply with applicable laws and regulations
• Enforce our Terms and Conditions
• Protect the rights, property, and safety of WinDash, our users, and the public

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, we process your personal data under the following legal bases:

• Contract Performance: Processing necessary to provide the Services you signed up for, including managing subscriptions, bid balances, and auction participation
• Legitimate Interests: Fraud prevention, platform security, improving our services, and running our referral and ranking programs
• Legal Obligation: Compliance with applicable laws
• Consent: For marketing communications and non-essential cookies (you may withdraw consent at any time)

5. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

5.1 Service Providers

We share information with trusted third-party vendors who assist us in operating the platform, including:

• Payment processors (e.g., Stripe) for billing and fraud prevention
• Cloud hosting providers (e.g., AWS, Google Cloud) for infrastructure
• Email service providers for transactional and marketing emails
• Analytics providers (e.g., Google Analytics) for platform usage insights
• Customer support software providers

5.2 Publicly Visible Information

The following information may be visible to other users on the platform:

• Your username and rank level
• Your auction win history (if you choose to display it)
• Reviews or testimonials you submit publicly

5.3 Legal Requirements

We may disclose your information if required by law, court order, or government authority, or if we believe disclosure is necessary to protect rights, safety, or investigate fraud.

5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our website.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Services. Specifically:

• Account data: Retained while your account is open and for up to 3 years after account closure for legal and dispute resolution purposes
• Transaction and bid records: Retained for 7 years for financial and legal compliance
• Auction participation history: Retained for 5 years
• Support communications: Retained for 3 years
• Marketing opt-in data: Retained until you opt out, then deleted within 30 days

7. Cookies and Tracking Technologies

We use cookies and similar technologies to operate and improve our Services. Types of cookies we use:

• Essential Cookies: Required for core platform functionality (login sessions, bid balance display, auction enrollment status). Cannot be disabled.
• Performance Cookies: Collect anonymous usage statistics to help us improve the platform
• Functional Cookies: Remember your preferences (e.g., notification settings)
• Marketing Cookies: Used to deliver relevant promotional content. Require your consent.

You can manage cookie preferences through your browser settings or our cookie consent tool. Disabling non-essential cookies will not prevent you from using the core Services.

8. Your Privacy Rights

8.1 All Users

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data (subject to legal retention requirements)
• Opt-Out of Marketing: Unsubscribe from marketing emails at any time via the unsubscribe link or your account settings
• Data Portability: Request your data in a portable format

8.2 EEA / UK Users (GDPR Rights)

In addition to the above, you have the right to:

• Restrict processing of your data in certain circumstances
• Object to processing based on legitimate interests
• Lodge a complaint with your local data protection authority

8.3 California Residents (CCPA Rights)

California residents have the right to:

• Know what personal information is collected about them
• Know whether their personal information is sold or disclosed and to whom
• Opt out of the sale of personal information (note: we do not sell personal information)
• Request deletion of personal information
• Not be discriminated against for exercising these rights

To exercise any of these rights, contact us at: privacy@windash.com

9. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

• SSL/TLS encryption for all data transmitted between your browser and our servers
• Encrypted storage of passwords and sensitive data
• Payment data processed exclusively through PCI-DSS compliant payment providers
• Access controls limiting employee access to personal data on a need-to-know basis
• Regular security audits and vulnerability assessments

No method of transmission or storage is 100% secure. In the event of a data breach that affects your rights and freedoms, we will notify you and relevant authorities as required by law.

10. Children's Privacy

WinDash is not intended for users under the age of 18. We do not knowingly collect personal information from minors. If we become aware that a user is under 18, we will promptly suspend their account and delete their personal data. If you believe a minor has created an account, please contact us at privacy@windash.com.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your own. Where we transfer data outside the EEA or UK, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission or equivalent mechanisms.

12. Third-Party Links

Our Services may contain links to third-party websites or social media pages. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and sending an email notification to your registered address at least 14 days before the changes take effect. Your continued use of the Services after the effective date constitutes your acceptance of the updated policy.

14. Contact Us

For any privacy-related questions, requests, or concerns, please contact:

WinDash – Privacy Team

Email: privacy@windash.com

Website: www.windash.com

Mailing Address: [INSERT COMPANY ADDRESS]

Note to WinDash: Please insert your registered business address, jurisdiction of incorporation, and the name of your Data Protection Officer (if applicable under GDPR) before publishing this document.