Data processing summary
This page explains WOPA's intended processor posture for business users. A fuller Data Processing Agreement should replace or supplement this page before paid production use.
Roles
For invoice and customer data entered by a tradesperson, the tradesperson is generally the controller and WOPA acts as a processor. For WOPA's own waitlist, analytics, security, and account administration, WOPA acts as controller.
Data categories
- Seller business details, contact details, and bank payment details.
- Customer names, email addresses, job addresses, and invoice details.
- Invoice PDFs, payment status, reminder settings, and message metadata.
- Support messages and operational logs needed to run the service.
Processing purposes
WOPA processes data to create invoice drafts, generate PDFs, send invoice emails, schedule reminders, maintain customer records, show outstanding invoice summaries, provide support, prevent abuse, and operate the service.
Subprocessors
The public landing page currently uses Cloudflare for hosting and waitlist storage, Resend for email delivery, and PostHog for consented analytics. Product subprocessors for chat delivery, database hosting, email delivery, AI assistance, logging, and analytics may change as the product develops and should be listed before broader production rollout.
Security measures
- Encrypted HTTPS connections for the public site and API.
- Access limited to people who need it to operate or support WOPA.
- Approval gates before customer-facing invoices and firm reminders are sent.
- Operational logs for troubleshooting and abuse prevention where needed.
Retention and deletion
Waitlist records can be deleted on request. Product records should be retained only as long as needed to provide WOPA, meet legal obligations, resolve disputes, maintain security, or support user-requested exports and deletion.