WinLog
Sign in
Your data, your control

Privacy Policy

Last updated: January 6, 2026

TL;DR

  • • Your wins are yours alone — we never share, sell, or train on your data
  • • Passive capture is opt-in and you choose which channels
  • • You can export or delete all your data anytime
  • • We use industry-standard encryption and security practices

1. Information We Collect

Account Information

When you create an account, we collect your email address and name through our authentication provider (Clerk). We do not store passwords directly.

Win Data

We store the wins you log, including the original text you enter and the AI-polished version. If you log wins via Slack, we store the connection between your WinLog account and your Slack user ID.

Passive Capture Data

If you enable passive capture, we scan messages only in channels you explicitly select. We store:

  • Channel ID and message timestamp (for deduplication)
  • A 500-character snippet of the message text
  • The author's Slack user ID

Important: Nothing from passive capture is saved as a "win" until you explicitly approve it. Unconfirmed candidates are automatically deleted after 30 days.

Usage & Analytics

We use PostHog for product analytics to understand how features are used and improve the product. This includes page views, feature usage, and anonymized interaction data. You can opt out via your browser's Do Not Track setting.

2. How We Use Your Information

  • Provide the service: Store and display your wins, generate summaries, power AI rewriting
  • Improve the product: Analyze usage patterns to build better features
  • Communicate with you: Send Slack DMs for digests and 1:1 prep (if enabled)
  • Process payments: Manage your subscription via Stripe

3. What We Never Do

  • ❌ Sell your data to third parties
  • ❌ Use your wins to train AI models
  • ❌ Share your data with your employer
  • ❌ Access Slack channels you haven't explicitly enabled
  • ❌ Store full message history (only 500-char snippets for candidates)

4. Data Sharing

We share data only with service providers essential to running WinLog:

  • OpenAI: Processes your win text for AI rewriting and summary generation
  • Clerk: Handles authentication
  • Stripe: Processes payments
  • Railway: Hosts our infrastructure
  • Sentry: Error monitoring (no personal data)
  • PostHog: Product analytics

5. Data Security

We implement industry-standard security measures:

  • All data encrypted in transit (TLS) and at rest
  • Database hosted on isolated, secure infrastructure
  • Webhook signatures verified for all external integrations
  • Rate limiting on all API endpoints
  • Regular security audits and monitoring

6. Your Rights

You have full control over your data:

  • Export: Download all your data anytime from Settings
  • Delete: Permanently delete your account and all data from Settings
  • Opt out: Disable passive capture or any notifications at any time
  • Access: View all data we have about you in the app

7. Data Retention

  • Active accounts: Data retained while your account is active
  • Unconfirmed candidates: Automatically deleted after 30 days
  • Deleted accounts: All data permanently deleted within 30 days
  • Canceled subscriptions: Data retained (read-only access) unless you delete your account

8. Changes to This Policy

We may update this privacy policy from time to time. We'll notify you of significant changes via email or in-app notification. Continued use of WinLog after changes constitutes acceptance of the updated policy.

9. Contact Us

Questions about this privacy policy or your data? Email us at privacy@winlog.dev