Privacy Policy

Last Updated: November 10, 2025

1. Introduction

Welcome to Wishport. This platform is operated as a one-person project. We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, and protect your information when you use our Service.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Email address, username, name, password (encrypted)
  • Profile Information: Bio, avatar URL (if provided)
  • Content: Wishes, comments, project descriptions, progress updates
  • Communications: Messages sent to support or through the platform

2.2 Automatically Collected Information

  • Usage Data: Pages visited, features used, time spent on the Service
  • Device Information: IP address, browser type, operating system
  • Cookies: Session cookies, preference cookies, analytics cookies
  • Authentication: Login timestamps, session information

2.3 Information from Third Parties

  • OAuth Providers: If you sign in with Google or GitHub, we receive basic profile information (name, email, profile picture)
  • Email Service: Delivery status and engagement metrics from our email service provider (Resend)

3. How We Use Your Information

3.1 Service Delivery

  • Create and manage your account
  • Authenticate your identity
  • Display your content (wishes, projects, comments)
  • Enable communication between users
  • Process upvotes and engagement metrics

3.2 Communications

  • Send email verification and password reset emails
  • Send welcome emails to new users
  • Notify you of important platform updates
  • Send notifications about your content (when enabled)
  • Communicate beta exit and subscription information

3.3 Platform Improvement

  • Analyze usage patterns to improve features
  • Monitor performance and fix bugs
  • Detect and prevent abuse, spam, and fraud
  • Conduct AI-powered content moderation

3.4 Legal Compliance

  • Comply with legal obligations
  • Respond to law enforcement requests
  • Enforce our Terms of Service
  • Protect our rights and property

4. Data Sharing and Disclosure

4.1 Public Information

The following information is publicly visible to all users:

  • Username, name, avatar, and bio
  • Wishes, comments, and project descriptions you post
  • Your role (Wisher or Builder)
  • Project progress updates and milestones
  • Upvotes and engagement metrics

4.2 Service Providers

We share data with trusted third-party providers:

  • Hosting: Vercel (application hosting)
  • Database: Vercel Postgres or similar PostgreSQL provider
  • Email: Resend (transactional emails)
  • AI Moderation: Google Gemini API (content analysis)
  • Analytics: Vercel Analytics (performance monitoring)
  • Error Tracking: Sentry or similar (if configured)

4.3 Legal Requirements

We may disclose your information if required by law, court order, or to protect our rights, property, or safety.

4.4 Business Transfers

If we are acquired or merged with another company, your information may be transferred as part of that transaction.

4.5 We Never Sell Your Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

5. Cookies and Tracking

5.1 Essential Cookies

We use essential cookies to:

  • Maintain your login session
  • Remember your preferences
  • Enable core functionality

These cookies are necessary for the Service to function and cannot be disabled.

5.2 Analytics Cookies

We use analytics cookies to understand how users interact with the Service. This helps us improve performance and user experience.

5.3 Managing Cookies

You can control cookies through your browser settings. Note that disabling essential cookies may prevent the Service from functioning properly.

6. Data Security

6.1 Security Measures

  • Encryption: Passwords are hashed using bcrypt
  • HTTPS: All data transmitted over secure connections
  • Authentication: Secure session management with NextAuth.js
  • Access Control: Role-based permissions system
  • Rate Limiting: Protection against brute force attacks
  • Input Sanitization: Protection against XSS attacks

6.2 Data Breaches

In the event of a data breach affecting your personal information, we will notify you via email within 72 hours of discovery, as required by law.

7. Data Retention

7.1 Account Data

We retain your account information as long as your account is active.

7.2 Content Data

User-generated content (wishes, comments, projects) is retained indefinitely unless deleted by you or removed for violations.

7.3 Logs and Analytics

Server logs and analytics data are retained for 90 days.

7.4 Deleted Accounts

When you delete your account, personal information is removed within 30 days. Public content (wishes, comments) may remain visible but will be anonymized.

8. Your Rights (GDPR & CCPA)

8.1 Access

You have the right to access your personal data. Contact us to request a copy.

8.2 Correction

You can update your profile information directly through your account settings.

8.3 Deletion (Right to be Forgotten)

You can request account deletion by contacting us. We will delete your personal information within 30 days, though some anonymized data may be retained.

8.4 Data Portability

You can request a machine-readable copy of your data.

8.5 Opt-Out

You can opt out of marketing emails by clicking "unsubscribe" in any email. Note that you cannot opt out of essential transactional emails (password resets, etc.).

8.6 Objection

You can object to processing of your data for marketing or profiling purposes.

8.7 Exercising Your Rights

To exercise any of these rights, contact us at contact@wishport.io. We will respond within 30 days.

9. Children's Privacy

The Service is not intended for children under 13 years old. We do not knowingly collect information from children. If you believe a child has provided us with personal information, please contact us immediately.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers.

11. AI Moderation

We use AI (Google Gemini) to automatically review reported content for violations of our content policies. This processing is necessary to maintain platform safety. The AI analyzes text content only and does not profile users for marketing purposes.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be announced via email or prominent notice on the Service. The "Last Updated" date at the top indicates when changes were last made.

13. Contact Us

For privacy questions or to exercise your rights, contact us at:

Email: contact@wishport.io
Website: wishport.io

14. California Residents (CCPA)

California residents have additional rights under the CCPA:

  • Right to know what personal information is collected
  • Right to know if personal information is sold or disclosed
  • Right to say no to the sale of personal information (we don't sell data)
  • Right to delete personal information
  • Right to non-discrimination for exercising CCPA rights

15. EU Residents (GDPR)

EU residents have rights under the GDPR including:

  • Right to access your personal data
  • Right to rectification
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object
  • Rights related to automated decision-making

To exercise these rights, contact us at contact@wishport.io.

By using Wishport, you acknowledge that you have read and understood this Privacy Policy.