This Privacy Policy describes how WHY NOT SIA ("we", "us", "our"), operating the Wiring Studio website (wiring.studio) and web application (app.wiring.studio), collectively referred to as the "Service", collects, uses, and shares information about you when you use our Service. By using the Service, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Information You Provide

• Account Information: When you create an account, your email address is collected and managed by our authentication provider, Clerk. We do not collect or store passwords — authentication is handled via email-based one-time passcodes. On our servers, we only store your Clerk user identifier and organization tokens to associate your account with your data.
• Payment Information: When you subscribe to a paid plan, payment details (such as credit card number and billing address) are collected and processed by our payment processor, Stripe. We do not store your full payment card details on our servers.
• User Content: Wiring harness designs, projects, and other content you create and store within the Service.
• Communications: Information you provide when you contact us for support or otherwise communicate with us.

1.2 Information Collected Automatically

• Usage Data: We collect information about how you interact with the Service, including pages visited, features used, actions taken, and the date and time of your activity.
• Device and Browser Data: IP address, browser type and version, operating system, device type, screen resolution, and language preferences.
• Error and Performance Data: Crash reports, error logs, and performance metrics collected through our error monitoring service (Sentry) to help us identify and fix issues.

1.3 Information from Third-Party Services

Authentication is provided by Clerk. When you sign in, Clerk manages your email address, authentication tokens, and session data. We receive a user identifier and organization tokens from Clerk to link your account to your data within the Service. For details on how Clerk handles your information, see Clerk's Privacy Policy.

2. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Service, including storing your wiring harness designs and project data.
• Process payments and manage your subscription through Stripe.
• Send you transactional communications such as account confirmations, billing notices, and support responses.
• Analyze usage patterns to improve the Service's functionality, performance, and user experience.
• Monitor and fix errors and performance issues via Sentry.
• Detect, prevent, and address fraud, abuse, and security issues.
• Comply with legal obligations and enforce our Terms of Service.

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, we process your personal data on the following legal bases:

• Contract: Processing necessary to perform our contract with you (e.g., providing the Service, processing payments).
• Legitimate Interests: Processing necessary for our legitimate interests, such as improving the Service, ensuring security, and preventing fraud, provided these interests are not overridden by your rights.
• Consent: Where you have given consent, such as for analytics tracking. You may withdraw consent at any time.
• Legal Obligation: Processing necessary to comply with applicable laws and regulations.

4. Cookies and Tracking Technologies

We use cookies and similar tracking technologies through our third-party service providers. The Service itself does not set first-party tracking cookies beyond what is necessary for authentication and session management.

Third-Party Cookies

• Google Analytics: Used on our marketing website to understand traffic sources and visitor behavior. Google Analytics may set cookies to distinguish users and throttle request rates. See Google's Privacy Policy.
• PostHog: Used within the application for product analytics to understand feature usage and improve the user experience. See PostHog's Privacy Policy.
• Clerk: Sets cookies for authentication and session management. See Clerk's Privacy Policy.
• Stripe: May set cookies as part of payment processing and fraud prevention. See Stripe's Privacy Policy.

You can control cookies through your browser settings. Disabling cookies may affect the functionality of the Service.

5. Third-Party Services

We use the following third-party services that may receive or process your data:

• Clerk — Authentication, user identity management, and session handling.
• Stripe — Payment processing and subscription management.
• Convex — Cloud database for storing your account data and user-created content.
• Cloudflare — Website hosting, content delivery, and security.
• Google Analytics — Website traffic analytics (marketing website).
• PostHog — Product analytics (application).
• Sentry — Error monitoring and performance tracking.

These providers process your data in accordance with their own privacy policies and applicable data protection agreements. We do not sell, rent, or trade your personal information to any third parties.

6. Data Storage and Security

Your data is stored on cloud infrastructure provided by Convex and Cloudflare. We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit using TLS/SSL.
• Secure authentication and access controls for user accounts.
• Regular review of data collection, storage, and processing practices.

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide you with the Service. Specifically:

• Account data and user content are retained for the duration of your account. Upon account deletion, your data will be permanently deleted within 30 days, except where retention is required by law.
• Payment records are retained as required by applicable tax and accounting regulations.
• Analytics data is retained in accordance with the retention policies of our analytics providers.
• Error and performance logs are retained for up to 90 days.

8. International Data Transfers

WHY NOT SIA is based in Latvia (European Union). Your data may be transferred to and processed in countries outside the EEA where our third-party service providers operate, including the United States. When such transfers occur, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission or the service provider's participation in recognized data protection frameworks.

9. Your Rights

9.1 Rights Under GDPR (EEA, UK, Switzerland)

If you are located in the EEA, the United Kingdom, or Switzerland, you have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Request correction of inaccurate or incomplete personal data.
• Erasure: Request deletion of your personal data, subject to legal retention requirements.
• Restriction: Request restriction of processing of your personal data in certain circumstances.
• Data Portability: Request a copy of your data in a structured, machine-readable format.
• Objection: Object to processing of your personal data based on legitimate interests.
• Withdraw Consent: Where processing is based on consent, withdraw your consent at any time.

You also have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or place of the alleged infringement.

9.2 Rights Under CCPA (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to Know: Request information about the categories and specific pieces of personal information we have collected about you.
• Right to Delete: Request deletion of your personal information, subject to certain exceptions.
• Right to Opt-Out: We do not sell or share your personal information for cross-context behavioral advertising.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

9.3 Exercising Your Rights

To exercise any of these rights, please contact us at info@whynot.agency. We will respond to your request within 30 days (or within the timeframe required by applicable law). We may ask you to verify your identity before processing your request.

10. Children's Privacy

The Service is not intended for children under the age of 16. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at info@whynot.agency and we will take steps to delete such information.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. If we make material changes, we will notify you by email or by posting a prominent notice on the Service prior to the change becoming effective. We encourage you to review this Privacy Policy periodically.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

• Company: WHY NOT SIA (registration number: 40103918314)
• Address: Dzelzavas 74/1 - 79, Riga, Latvia, LV-1082
• VAT Number: LV40103918314
• Email: info@whynot.agency