Privacy policy

DotWin Holdings LLC ("DotWin", "we", "us") operates the .win platform, including the front doors at entrepreneurs.win, businesses.win, ceos.win, and the agency site at dotwin.win. This policy explains what we collect when you visit those sites, sign up for an account, or buy a product.

Account data: email address, name, your declared business focus, and the role and permissions granted to you on a DotWin account.

Usage data: pages viewed, modules opened, events your actions emit on the platform event bus, and aggregated metrics about how the platform is used.

Billing data: when you buy, we hand payment details directly to Stripe. We never store full card numbers. We do store the customer id Stripe returns, the products and subscriptions tied to it, and the receipts.

Communications: emails and SMS we send through our notification providers, plus your replies and the support history that builds up against your account.

Cookies and similar: a session cookie for authentication, a front-door cookie for theme resolution, and short-lived analytics cookies for first-party usage measurement.

To run the platform: serve you the right modules, deliver the products and subscriptions you bought, and enforce the access tiers tied to your account.

To communicate: transactional email and SMS about your account, sales, refunds, build status, and product updates. We send marketing email only with your explicit opt-in.

To improve the platform: usage data drives product decisions and helps us spot defects faster. We do not sell this data to third parties.

To meet legal obligations: tax records, payment processor audits, and lawful requests we are required to respond to.

Service providers we trust to run the stack: Supabase (database and auth), Vercel (hosting), Stripe (payments), Resend (transactional email), OpenPhone (SMS), and any provider we list in the platform settings page.

Members of your DotWin account: people you invite into your account see what their role allows them to see. Owners and admins can see everything in the account they own.

Successors in interest: if DotWin is acquired or merged, your data moves with the platform under the same protections.

We do not sell your personal data.

Active account data lives as long as the account is active. Billing records are retained for as long as tax and accounting rules require, generally seven years. Audit logs are retained for two years. You can request earlier deletion by writing to privacy@dotwin.win, subject to legal retention rules.

You can access, correct, export, or delete your account data at any time. Most of that is available inside the platform under Settings. For anything you cannot do yourself, write to privacy@dotwin.win and we will respond within thirty days.

If you are in a jurisdiction with specific privacy laws (GDPR, CCPA, and similar), those rights apply on top of what is above.

The platform runs row-level isolation at the database, encrypts data in transit, and encrypts data at rest at the storage layer. Webhooks are HMAC-verified. We store no secrets in client code. Engineering access is scoped to a small team and audited.

The platform is built for adults running businesses. We do not knowingly collect data from children under 16. If you believe a child has signed up, write to privacy@dotwin.win and we will remove the account.

When this policy changes in a material way, we will email account owners and post a banner on the site. The effective date below is updated each time.

privacy@dotwin.win · DotWin Holdings LLC