This Privacy Policy explains what information we collect through the Services, how we use and share it, and the choices you have. It should be read together with our Terms of Service.
1. Who we are
The Services are operated by HadalCore LLC, a limited liability company incorporated in the State of Tennessee, United States. WaitWHO is the trade name we use for the Services.
Contact: info@waitwho.app
2. Scope
This policy applies to information collected through the WaitWHO iOS application, our website at https://waitwho.app, and related communications (for example, support email). It does not apply to third-party websites, apps, or services that we link to or that appear in search results.
3. Information we collect
We collect information in the following categories, depending on how you use the Services.
3.1 Account and authentication
If you choose to sign in (for example, with Apple), our authentication providers process credentials on our behalf. We may receive a stable account identifier associated with your sign-in and, if you grant it, limited profile information such as name or email as provided by the sign-in provider. Session tokens may be stored on your device so you can stay signed in.
3.2 Device and anti-abuse signals
We collect a persistent device identifier generated on your device and technical signals used for fraud prevention, rate limiting, and service integrity (for example, device model, operating system version, screen parameters, locale, and timezone). These are sent to our servers with certain requests so we can enforce subscription and free-tier limits fairly.
3.3 Photos, scans, and search results
When you run a scan, you submit a facial image (or cropped face image) and related metadata (such as a content fingerprint or hash, consent timestamp, and the device and abuse-prevention fields above). We process the image to perform a visual similarity search and to deliver results and in-app interpretations to you.
Reference images and model training. We do not use your uploaded photos to train, fine-tune, or improve machine learning models for ourselves or for sale to others. Third-party face-search providers process images under their own policies; see Section 7.
After processing, we purge reference photos from our active systems when the scan completes (your app may display a purge receipt with a timestamp). We may retain non-image scan metadata and results as described in Section 9.
3.4 Premium monitoring and watchlist
If you use optional premium monitoring (for example, periodic rescans or alerts), we may store one encrypted reference image per active watchlist entry in private cloud storage so scheduled searches can run without you re-uploading each time. That image is deleted when you remove the watchlist entry or delete your account, subject to short backup cycles described in Section 9. We may also store a snapshot of match URLs we have already shown or notified you about so we can detect genuinely new appearances.
3.5 Purchases and subscriptions
Purchases made through Apple are processed by Apple. We receive subscription status, transaction identifiers, and related entitlement information from Apple or our servers so we can unlock paid features and credits. We do not receive your full payment card number from Apple for App Store purchases.
3.6 Push notifications
If you enable notifications, Apple provides a device token that we store and use to send alerts (for example, watchlist or scan-related messages). You can turn off notifications in iOS Settings.
3.7 Support, safety, and integrity
If you contact us, we collect the information you provide (such as email content). If you submit abuse or moderation reports about a result, we collect the details you submit (such as categories, notes, and URLs) so we can review reports and protect users.
3.8 Diagnostics and analytics
We use diagnostics tools to measure stability and performance (for example, crash reports and error logs). Where configurable, we disable sending highly sensitive personal data by default and apply redaction to URLs or identifiers when feasible. We may log product analytics events (such as paywall or scan lifecycle events) tied to pseudonymous identifiers rather than your name.
4. How we use information
We use the information above to:
- provide, operate, maintain, and improve the Services;
- authenticate users, sync entitlements, and manage accounts;
- perform visual similarity searches and deliver results and in-app summaries;
- operate optional monitoring, rescans, and notifications;
- enforce our Terms of Service, prevent abuse, and protect security;
- process payments and subscription state through Apple;
- communicate with you about the Services, including support responses;
- comply with law and respond to lawful requests; and
- generate aggregated or de-identified statistics that do not identify you.
5. Legal bases (where applicable)
If laws such as the GDPR or UK GDPR apply to you, we rely on appropriate bases such as performance of a contract (providing the Services you request), legitimate interests (security, anti-abuse, product improvement, and communications that are not marketing), consent where required (for example, certain notifications or optional processing you explicitly agree to), and legal obligation where the law requires us to process data.
6. How we share information
We share information only as needed to operate the Services, including with:
- Service providers who host our databases, authentication, storage, email, analytics, crash reporting, or infrastructure, bound by contractual obligations;
- Face search and indexing providers that perform similarity matching on our behalf (see Section 7);
- Apple, for sign-in with Apple, App Store purchases, and push notifications, under Apple’s policies; and
- Professional advisers or authorities if required to comply with law, enforce our terms, or protect rights, safety, and security.
We do not sell your personal information for money. We do not share photos with advertisers for ad targeting.
7. Third-party face search and indexing
Visual similarity matching relies on third-party technologies that may process your uploaded image outside our direct control. Those providers may retain, delete, or reprocess images according to their own privacy policies and retention schedules, and may operate indexes of publicly available web content.
We select providers whose published practices are compatible with our product commitments, but we do not control their databases, crawling, ranking, or opt-out and removal processes. You should review their terms before using the Services if this matters to you.
8. Cookies and similar technologies
Our website may use minimal cookies or local storage necessary for basic functionality. The iOS app does not use browser cookies; it uses app storage and secure tokens as described above.
9. Retention
We retain information only as long as needed for the purposes described in this policy, unless a longer period is required by law. Scan reference images are purged from our systems after processing completes, except for the optional encrypted watchlist image described in Section 3.4, which is retained only while the feature is active.
We may retain scan metadata (such as scan identifiers, timestamps, result summaries, and moderation annotations) for operational, safety, accounting, and legal reasons. Backup systems may retain deleted data for a limited period before being overwritten.
10. Security
We use administrative, technical, and organizational measures designed to protect information against unauthorized access, loss, or alteration. No method of transmission or storage is completely secure; we cannot guarantee absolute security.
11. Your choices and rights
Depending on your location, you may have rights to:
- access or receive a copy of certain personal information;
- correct inaccurate information;
- delete certain information, subject to legal exceptions;
- object to or restrict certain processing;
- withdraw consent where processing is consent-based; or
- lodge a complaint with a supervisory authority (EEA/UK users).
To submit a request, email info@waitwho.app. We may need to verify your identity before responding. Authenticated users can also use in-app account or support flows where available.
12. U.S. state privacy notices
Residents of certain U.S. states may have additional rights under local privacy laws (including rights to know, delete, correct, and opt out of certain “sales” or “sharing” as defined by those laws). WaitWHO is not directed at children, and we do not knowingly sell personal information of minors under 16.
California Shine the Light. California residents may request certain information about disclosures of personal information to third parties for their direct marketing purposes. We do not knowingly disclose personal information to third parties for their direct marketing purposes in the traditional sense described by that law.
California Consumer Protection. If you are a California resident, you may contact the Complaint Assistance Unit of the Division of Consumer Services of the California Department of Consumer Affairs in writing at 1625 North Market Blvd., Suite N 112, Sacramento, CA 95834, or by telephone at (800) 952-5210 or (916) 445-1254.
13. International users
We are based in the United States. If you access the Services from other countries, your information may be transferred to, stored in, and processed in the United States or other jurisdictions where we or our providers operate. Those jurisdictions may have different data protection laws than your home country. Where required, we use appropriate safeguards for international transfers.
14. Children’s privacy
The Services are intended for users who are at least 18 years old. We do not knowingly collect personal information from anyone under 18. If you believe we have collected information from a minor, contact us and we will take appropriate steps to delete it.
15. Changes to this policy
We may update this Privacy Policy from time to time. We will revise the “Last updated” date above when we do and, where appropriate, provide additional notice (such as an in-app message or email). Your continued use of the Services after the effective date of an update constitutes your acknowledgment of the revised policy, unless applicable law requires additional consent.
16. Contact
Questions about this Privacy Policy or our data practices: info@waitwho.app