WristBook
Back home
Privacy

How we handle your data

WristBook is the operating platform for luxury watch and jewelry dealers. We collect what we need to run the product and nothing else. We don’t sell your data, we don’t share it with advertisers, and we don’t train AI on your customers’ details. Here’s the full picture, in plain English.

What we collect

Account information. When you sign up: your name, business name, email, and a password (stored hashed, never in plaintext). When you invite team members: their name, email, and role.

Business profile. Logo, tagline, and any brand details you upload for your dealership.

Inventory data. Every watch and jewelry piece you log — brand, reference, model, cost basis, asking price, photos, notes, condition, provenance, serial numbers, jewelry attributes (material, weight, gemstones), and consignor links.

Customer and buyer data. Names, emails, phone numbers, Instagram handles, preferred contact channels, wishlists, budgets, and notes — whatever you enter about the buyers you serve.

Deal and accounting data. Sale prices, cost basis, fees, commissions, payment methods, taxes collected, expense entries, invoice records, and payment history.

Payment metadata. Subscription status, plan tier, billing email, and Stripe customer/subscription IDs. We do not see or store your card number — Stripe handles that directly.

Usage and operational logs. Standard server logs (IP, timestamp, request URL), email delivery status from Resend, and a brief log of AI scan calls (timestamp, dealer id, type, cost). No deep behavioral profiling.

How we use it

To provide the product. Render your dashboard, match inventory against buyer wishlists, deliver email, process payments, and run the AI features you trigger.

To improve the product, in aggregate. We may look at anonymized, aggregated usage signals to decide what to build next — like “X% of dealers used the bulk-add flow this month.” No individual customer details surface in that analysis.

To contact you about your account. Transactional email (welcome, receipts, invoice send confirmations), product updates if you opt in, and direct outreach if your account needs attention. You can unsubscribe from product updates anytime; transactional email is required.

For security and abuse prevention. Rate limiting, fraud detection, and incident response.

We do not sell your data, share it with advertisers, train third-party AI models on it, or use your customers’ details for any purpose beyond running WristBook for you.

Who we share data with

We use a small number of trusted vendors to run the product. Each one only sees the data they need to do their specific job, and each one is bound by their own privacy and security terms.

VendorWhat they doData they see
SupabaseDatabase, auth, file storageAll structured data + uploaded photos (US region)
VercelApplication hostingServer logs, no persistent customer data
StripeSubscription billing + payment processingBilling email, plan, payment method (Stripe-tokenized)
ResendTransactional email deliveryRecipient email, subject, delivery status
AnthropicAI watch identification + invoice extractionPhotos you submit for analysis, no account data

We don’t share data with any other third parties. If that ever changes — for example, when we add Shopify or Chrono24 sync — we’ll update this page and notify you before turning the new integration on.

Where your data lives

Primary storage: Supabase US region (Postgres + S3-equivalent object storage for photos).

Application servers: Vercel US.

Email delivery: Resend (US).

Payment processing: Stripe (US, with global card-network routing).

AI scans: Anthropic API endpoints. Photos submitted for analysis are not retained for model training per Anthropic’s API terms.

Your rights over your data

Access. You can see all your data in the app. Need a structured export of everything? support@wristbook.io and we’ll send you a JSON dump.

Correction. Most fields are editable in the app directly. Anything you can’t edit — like a historical payment record — email us and we’ll fix it.

Deletion. You can delete buyers, inventory, and deals in the app. To delete your entire account and all data, email us — we’ll process the request within 30 days and confirm in writing once it’s complete.

Portability. Your data is yours. We’ll hand it over in a structured format (JSON, CSV) anytime you ask, with no exit fee and no time limit.

If you’re a California or EU resident, you have additional statutory rights under the CCPA and GDPR respectively — access, correction, deletion, portability, and the right to object to certain processing. The same email address gets you those too.

How long we keep data

While your account is active: Indefinitely, so you have full history.

After cancellation: 30 days, then permanent deletion. You can re-subscribe within that window and everything comes back. After 30 days it’s gone.

Financial records we’re required to retain for tax or accounting purposes (invoices, payment records) may be kept longer where law requires.

Backups: Encrypted Supabase backups for disaster recovery. Backups roll off on a 30-day cycle.

Cookies and tracking

What we set: A session cookie when you’re signed in (required for the app to work), and that’s the entire list. No advertising cookies, no cross-site tracking pixels, no Facebook Pixel, no Google Analytics on the app side.

The marketing site (get.wristbook.io) may include privacy-respecting analytics in the future. If we add it, it’ll be a single cookie-less aggregator (Plausible-style) and this page will say so.

Children

WristBook is a business tool for licensed dealers and is not directed at anyone under 16. We don’t knowingly collect data from minors. If you believe we have, email us and we will delete it promptly.

Changes to this policy

When we change something material — adding a sub-processor, changing how we use data — we’ll email account holders at least 30 days before it takes effect, and update the “last updated” date at the bottom of this page. Cosmetic edits (typos, formatting) we’ll just push.

Contact

Privacy or data questions: support@wristbook.io. We answer within 2 business days, faster for anything urgent.

Security issues specifically: see /security for our disclosure process.

Last updated May 24, 2026 · We’ll update this page whenever our practices change.

This policy was drafted in plain English by the WristBook team. It accurately reflects how the product handles data today, but it has not yet been reviewed by outside counsel. We plan to commission a formal legal review before adding enterprise customers or operating in jurisdictions with heavier data-protection regimes.