1. What We Collect
When you create a Waypoints account, we collect:
- Email address — used for account authentication and login
- Username — chosen by you, used for your public journey page
- Session data — what you shipped, what is next, blockers, and session duration. This is content you create and choose to log
- Project data — project names and descriptions you create
2. Third-Party Services
Waypoints uses the following third-party services to operate:
- Supabase — authentication and database hosting. Your email, password (hashed), and all app data are stored securely on Supabase infrastructure. See Supabase Privacy Policy
- Vercel — application hosting and analytics. We use Vercel Web Analytics to collect anonymous page view data (no cookies, no personal data). See Vercel Privacy Policy
- Twitter/X — if you connect your Twitter/X account, we store an OAuth access token and refresh token to post on your behalf. We store your Twitter username. We do not access your DMs, followers, or any other Twitter data. You can disconnect at any time
3. How We Use Your Data
- To provide and maintain the Waypoints service
- To authenticate you and keep your account secure
- To display your public journey page at waypoints.fyi/username
- To post to Twitter/X on your behalf when you click "Post to X"
- To calculate and display your stats (waypoints, time shipped, streak)
4. Public Data
The following data is publicly visible by design:
- Your username
- Your project names and descriptions
- Your session logs (what you shipped, next steps, blockers, duration)
- Your stats (total waypoints, time shipped, streak)
This is the core feature of Waypoints — building in public. If you do not want this data to be public, do not log it in Waypoints.
5. What We Do Not Do
- We do not sell your data to anyone
- We do not use your data for advertising
- We do not share your email with third parties
- We do not track you across other websites
- We do not use cookies for tracking (Vercel Analytics is cookie-free)
6. Data Retention
Your data is stored for as long as you have an active Waypoints account. If you want your data deleted, contact us and we will remove your account and all associated data.
7. Security
Passwords are hashed and never stored in plain text. All data is transmitted over HTTPS. OAuth tokens for Twitter/X are stored securely in our database with row-level security ensuring only you can access your own tokens.
8. Children
Waypoints is not intended for use by anyone under the age of 13. We do not knowingly collect data from children.
9. Changes
We may update this privacy policy from time to time. If we make significant changes, we will notify users through the app. Continued use of Waypoints after changes constitutes acceptance.
10. Contact
If you have questions about this privacy policy or want to request data deletion, email us at WaypointsFYI@yahoo.com.