Witdrim Legal
Witdrim Privacy Policy
How Witdrim processes account, authentication, rewards, support, security, and ecosystem service data.
Replace provider names, registered office, registry code, and final retention values before broad public launch.
1. Controller
Witdrim OÜ, an Estonian private limited company, with registry code, VAT number, and registered office pending final incorporation records, is the controller for the core Witdrim Account, Auth, Web, API, WDRIM Rewards, support, and shared ecosystem identity infrastructure.
For privacy questions, contact privacy@witdrim.com. We do not currently name a Data Protection Officer unless one is formally appointed.
2. Scope
This Policy covers Witdrim Account, Witdrim Auth, Witdrim Web, Witdrim API, WDRIM Rewards, and shared ecosystem services infrastructure. Homineed and InstaReplAI maintain their own privacy notices for service-specific processing.
When a connected service uses the shared Witdrim identity or rewards layer, Witdrim may receive limited account, service, reward, support, and security events from that service where needed to operate the ecosystem.
3. Personal Data We Process
| Category | Examples | Typical purpose |
|---|---|---|
| Account identity | Email, display name, country, date of birth, user id | Create and manage the Witdrim Account |
| Authentication and security | Password hash, passkeys, MFA metadata, sessions, device id, IP, user agent, login events | Login, recovery, fraud prevention, account security |
| WDRIM Rewards | Rewards ledger, pending and mature rewards, reversals, referrals, service events | Operate rewards, eligibility, anti-abuse, account history |
| Ecosystem links | Connected service identifiers, service access status, reward source events | Connect current and future ecosystem services |
| Support and contact | Messages, categories, attachments if enabled, support status | Respond to requests and keep support records |
| Projects and participation | Project submissions, votes, reports, moderation data | Operate community and builder features |
| Payment and membership metadata | Payment provider ids, invoices, subscription state if enabled | Paid Witdrim membership, billing, accounting, disputes |
| Technical data | Logs, request metadata, rate-limit and abuse signals | Reliability, security, diagnostics, legal compliance |
| Cookies and preferences | Session cookies, device cookies, preferences, analytics choices | Keep the service working and remember settings |
4. Legal Bases
- Contract: to create your account, authenticate you, provide connected account features, operate rewards, and provide paid services.
- Legitimate interests: security, fraud prevention, abuse detection, service improvement, support operations, and admin audit controls.
- Legal obligation: tax, accounting, consumer, corporate, sanctions, and dispute records where required.
- Consent: non-essential cookies, marketing communications, or optional data uses where consent is required.
5. Ecosystem Account And Future Services
Your Witdrim Account is designed to work across current and future ecosystem services. We keep an updated Ecosystem Services page describing which services use the shared account or rewards layer.
We do not use a single signup acceptance as blanket permission for unrelated future data processing. If a future service materially changes the purposes, categories of data, legal basis, tracking, payments, regulated activity, or user rights, we will provide updated notice and request consent or acceptance where required.
7. International Transfers
Witdrim is planned as an Estonia-based EU company. We prefer EU or EEA hosting for core account and rewards data where practical.
If personal data is transferred outside the EEA, including to US providers, we use an available transfer mechanism such as an adequacy decision, the EU-US Data Privacy Framework where applicable, Standard Contractual Clauses, and supplementary measures where needed.
8. Retention
| Data | Default retention |
|---|---|
| Account profile | Account lifetime, then deletion or anonymization unless retention is legally or security justified |
| OTP and reset records | Short operational period, typically 30-90 days after expiry or use |
| Refresh/session metadata | Active session lifetime plus 90-180 days for security review |
| Security audit logs | Typically 12-24 months, longer for active incidents or legal needs |
| Support tickets | Typically 24 months after closure unless a shorter period is appropriate |
| Rewards ledger and membership records | Account lifetime plus tax, accounting, fraud, and dispute retention where required |
| Accounting and invoice records | Generally 7 years from the relevant financial year under Estonian accounting retention rules |
| Backups | Rolling backup period, typically 30-90 days |
9. Your Rights
Depending on your location, you may have rights to access, correct, delete, export, restrict, object, withdraw consent, opt out of targeted advertising or sale/share, and appeal certain decisions.
Use the Data Rights Request page or contact privacy@witdrim.com. We may need to verify your identity before acting on a request.
10. Children
Witdrim is not directed to children or minors. We do not knowingly collect personal data from children under 13, and we set the default eligibility threshold at 18+.
11. Changes
We may update this Policy as the ecosystem, providers, laws, and product surfaces change. Material changes will be highlighted where legally required.
Related documents