Last updated: April 5, 2026

Privacy Policy

We built wait who? to help you make the most of your LinkedIn network. This policy explains what data we collect, how we use it, and your rights — in plain English, not legalese.

What we collect

When you sign up and use wait who?, we collect:

  • Account info — your name and email address, provided via Auth0 when you sign in.
  • LinkedIn data — when you connect your LinkedIn account, we access your connections, posts, and engagement data (who liked and commented on your posts) through Unipile's authorized API integration. We use this to score your network and surface reconnection opportunities.
  • Payment info — your subscription and billing details are processed by Stripe. We never see or store your full card number. Stripe handles all payment data securely.
  • Usage data — basic logs of actions you take in the app (e.g., viewing a connection profile, drafting a message) to help us improve the product.

How we use it

We use your data to provide the service — nothing else. Specifically:

  • Score and rank your LinkedIn connections based on relationship signals
  • Surface connections you may want to reconnect with
  • Draft personalized outreach messages using AI
  • Track engagement (who interacts with your posts)
  • Process your subscription payment
  • Send you product updates and account notifications

We do not use your data for advertising. We do not sell your data. Ever.

LinkedIn data

We access your LinkedIn data through authorized third-party APIs. Here is exactly what we do and do not do:

  • We read your connections list, post history, and post engagement data
  • We never post to LinkedIn on your behalf
  • We never access your private LinkedIn messages
  • We never store your LinkedIn credentials — authentication happens through Unipile's secure OAuth flow

Your LinkedIn data is used only to power the features you see in the app. It is not shared with other users, sold, or used for any purpose outside the service.

AI processing

When you draft a message, we send relevant context (such as your connection's name, role, and how you're connected) to Anthropic's Claude AI to generate a draft. This data is sent to Anthropic solely for processing your request. Anthropic does not store this data beyond the duration of the API request, and it is not used to train their models. You can read Anthropic's privacy policy at anthropic.com/privacy.

Where your data is stored

Your account data is stored in a PostgreSQL database hosted on Google Cloud Platform in Europe (region: europe-west). All data is encrypted at rest and in transit. Google Cloud's infrastructure is ISO 27001, SOC 2, and GDPR compliant.

Third parties we work with

We share data with the following third parties only as necessary to provide the service:

  • Auth0 — handles authentication. Stores your email and login credentials securely.
  • Stripe — processes payments. Receives your billing info; we receive only a token and subscription status.
  • Unipile — provides the API integration for accessing LinkedIn data through your connected account.
  • Anthropic — powers AI message drafting. Data is not retained beyond the request.
  • Google Cloud — hosts our database and backend infrastructure in Europe.

We do not share your data with advertisers, data brokers, or any other third parties.

Cookies and local storage

We use Auth0 session tokens stored in your browser's localStorage to keep you logged in. We do not use tracking cookies or advertising pixels. We do not currently use any analytics tools — if we add analytics in the future, we will update this policy and notify you.

How long we keep your data

We keep your account data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days. Some anonymized or aggregated data may be retained longer for product improvement purposes, but it cannot be linked back to you.

Your GDPR rights

If you are in the European Union or European Economic Area, you have the following rights under GDPR:

  • Access — request a copy of the personal data we hold about you
  • Rectification — ask us to correct inaccurate data
  • Erasure — ask us to delete your personal data ("right to be forgotten")
  • Portability — receive your data in a structured, machine-readable format
  • Objection — object to processing of your data in certain circumstances
  • Restriction — ask us to restrict processing while a dispute is resolved

To exercise any of these rights, email us at hello@onboardly.tech. We will respond within 30 days.

Children

wait who? is not intended for users under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at hello@onboardly.tech and we will delete it promptly.

Changes to this policy

If we make material changes to this privacy policy, we will notify you by email before the changes take effect. Minor clarifications may be made without notice. The "last updated" date at the top of this page reflects the most recent revision.

Contact

Questions about this policy or your data? Email us at hello@onboardly.tech. We're a small team and we read every email.

wait who? B.V.
Amsterdam, Netherlands