privacy policy

for the audience data your team broadcasts to, wupf is a data processor: we process subscriber data only on the instructions of the team that invited them, who is the data controller. the team owns that data; we minimize and protect it. for the account data of owners and staff (the people who run wupf workspaces), Clover Lab Solutions is the controller.

we collect only what the service needs to function:

• account data — owner name, work email, organization, role, intended use case, expected audience size, and region, captured at sign-up.
• subscriber endpoints — the destinations a subscriber verifies (email address, phone number, telegram chat id, push token) and their channel preferences and priority.
• message metadata — recipient, channel, timestamp, delivery status, provider message id, and opt-out state. this is small, mostly non-sensitive, and operationally required.
• message bodies — the content of broadcasts, treated as sensitive (see §4).
• consent records — the opt-in method and timestamp for each verified endpoint, kept as compliance evidence.
• billing data — handled by stripe; we store identifiers and plan status, not full card numbers.

we do not ask tenants for an EIN or carrier vetting — sms rides our single platform registration, so that paperwork is ours, not yours.

we process data to deliver broadcasts on each recipient's chosen channel, confirm delivery, honour opt-outs, meter usage and bill plans, secure the service, and meet legal obligations as the registered sms sender. for subscriber data we act on the controller's instructions and lawful basis; for account data our basis is performing our contract with you and our legitimate interest in running the service.

message bodies are encrypted at rest and kept only briefly. each tenant sets a retention policy: purge-on-delivery (the body is removed once delivery is confirmed) or a short configurable TTL of a set number of days. after that, the body is purged while non-sensitive metadata and delivery status are retained for audit and billing. a no-logs product would not even deliver privacy — sms is not end-to-end encrypted, and carriers and handsets already hold copies — so we focus on keeping as little as possible for as short as possible.

every endpoint is verified before it is activated, forming the opt-in record. STOP and HELP are honoured on every messaging channel; opt-out is stored at the endpoint level and is permanent — an opted-out endpoint is never messaged again. subscribers can pause channels, reprioritize them, or leave at any time from their personal manage link (embedded in every message) or, where they have an email on file, via a one-time emailed code.

we share data only with the sub-processors that make delivery work, and only what each one needs:

• resend — email delivery and inbound email routing;
• twilio — sms, voice and whatsapp delivery;
• telegram — telegram delivery;
• firebase cloud messaging — push delivery;
• stripe — billing and payments;
• railway — hosting and managed database / infrastructure.

we do not sell personal data or share it for advertising. we may disclose data where required by law.

the system is passwordless — there is no password store to leak. message bodies are encrypted at rest, inbound webhooks are signature-verified and idempotent, every query is tenant-isolated, and privileged staff actions are audit-logged. no system is perfectly secure, but we design to keep the sensitive surface small.

depending on where you live, you may have rights to access, correct, export, or delete your personal data, or to object to or restrict processing. if you are a subscriber, the fastest route is your personal manage link, or you can contact the team that invited you (the controller). for account data, or to reach us as a processor, email [email protected] — we will route controller requests to the responsible tenant.

Clover Lab Solutions is the operator of wupf and the point of contact for this policy. we may update it as the service evolves; material changes will be notified in-app or by email. questions or data requests: [email protected].