This Privacy Policy describes how Wingman (“we”, “us”) collects, uses, and protects information when you use our service. By using Wingman you consent to the practices described here.
1. Information we collect
Account information
When you create an account we collect your name, email address, password (hashed), business name, and billing information. For paid plans we collect payment data via our payment processor (Stripe); we do not store full card numbers.
Usage data
We log how you use Wingman, including pages visited, features used, AI chat interactions, API calls, and timestamps. This includes IP address, browser type, and device information.
Contact data
Wingman stores contact information you add to your account — names, email addresses, phone numbers, company information, notes, and tags. This data is associated with your account and used only to operate the service on your behalf.
Email content and metadata
We process the content, recipients, and delivery metadata of emails sent and received through Wingman. This data is stored encrypted at rest and is used to provide threading, AI replies, suppression list management, and reporting.
2. How we use information
- To provide and operate the Wingman service
- To send transactional emails (account notifications, billing receipts)
- To detect and prevent abuse, fraud, and spam
- To improve the service and develop new features
- To respond to support requests
- To comply with legal obligations
3. Sharing your information
We do not sell your data. We share information only with:
- Service providers (subprocessors) who help operate the service: Supabase (database hosting), Vercel (web hosting), Amazon Web Services (email infrastructure), Anthropic (AI processing), and payment processors.
- Recipients of email you send through the service — they receive your email content as you composed it.
- Law enforcement or authorities when legally required (subpoena, court order, etc.).
4. Email recipient data and CAN-SPAM compliance
When you send an email through Wingman, Wingman processes the recipient’s email address solely to deliver the message and to maintain the suppression list (unsubscribes, bounces, complaints).
If a recipient unsubscribes, replies with STOP/UNSUBSCRIBE, hard bounces, or files a complaint, their address is automatically added to your organization’s permanent suppression list and will not receive further email from your account.
Recipients may request removal of their data by emailing privacy@trywingman.app or using the unsubscribe link in any email they received from us.
5. Data retention
We retain account and usage data for as long as your account is active. After account closure, we retain limited data (billing records, suppression lists for compliance) for up to 7 years as required by applicable law. You can request deletion at any time, subject to legal retention obligations.
6. Security
We use industry-standard security practices including encryption in transit (TLS), encryption at rest, secure password hashing, and access controls. No system is perfectly secure; in the event of a data breach we will notify affected users in accordance with applicable law.
7. Your rights
Depending on your jurisdiction, you may have rights to access, correct, delete, export, or restrict processing of your personal data. To exercise these rights, contact privacy@trywingman.app.
For users in the EU/EEA: we process your data under the legal basis of contract performance and legitimate interest. You may object to processing or lodge a complaint with your local data protection authority.
8. Cookies
Wingman uses essential cookies for authentication and session management. We do not use advertising or tracking cookies.
9. Changes to this policy
We may update this Privacy Policy periodically. Material changes will be communicated via email or in-app notification.
10. Contact
Questions about this Privacy Policy? Email privacy@trywingman.app.