Wah! SmartDeals — Vendor Privacy Policy
Effective date: June 12, 2026
This policy describes how WahSmartDeals LLC ("Wah!", "we", "us") collects, uses, shares, and protects personal information related to vendors and authorized vendor users. It should be read with the Vendor Terms & Conditions, Cookie Policy, and Disclaimer. Much of the information we hold about a vendor is business information; this policy focuses on personal information about the individuals who register and operate a vendor account.
1. Information we collect
| Category | Examples | Source |
|---|---|---|
| Business profile | Legal business details, DBA, branches, addresses (including map/place data via Google Maps/Places), hours, contact persons and branch managers, operational data. | You, during onboarding and profile edits. |
| Authorized-user identity | Name, phone, email, and role of the people who register or manage the account. | You. |
| Verification & compliance | Business license, tax identification, food permit (food vendors), insurance evidence, and related metadata. | You; verification providers. |
| Uploaded documents & media | Verification documents and any logo, listing, or proof-of-work / marketing photos you upload, stored in our cloud storage. | You. |
| Authentication & security | One-time-passcode events, session/device identifiers, role permissions, audit logs. Optional biometric login uses a credential stored locally on your device; Wah! does not store biometric data on its servers. | Automatically. |
| Commercial activity | Deal configurations, coupon/redemption records, reviews and ratings customers leave on your deals, and fee/wallet ledger entries (which may include a customer's display name for a redeemed coupon). | Your use of the Platform. |
| Payment & Stripe metadata | Stripe Connect account IDs, payout status, reserve/hold events, auto-top-up card metadata, reconciliation records. Wah! does not store full bank or card numbers. | Stripe and our systems. |
| Support & communications | Support chats/tickets, notifications, moderation and policy-enforcement records, and — where enabled — coupon-scoped messaging between you and a customer. | You and Wah!. |
| Technical usage | App/browser telemetry, diagnostics, logs, and cookie/tracking signals (see Cookie Policy). | Automatically, from your device. |
2. Customer data you access — by deal type
Depending on the deal type, you may access limited customer data strictly required to deliver a deal. This mirrors the disclosure in the Customer Privacy Policy (Section 3), and your use of it is governed by the Vendor Terms (Sections 11–12):
| Deal type | What you receive |
|---|---|
| Retail and Entertainment | Operational fulfilment: to validate and honor a coupon, you may see the name associated with the coupon (shown in shortened form, such as "First L.", in lists) at claim or redemption. Analytics: otherwise aggregate redemption counts and revenue totals, and aggregate community counts. You do not receive the customer's phone, email, or address for these deal types. Entertainment tickets may be transferable. |
| Non-Recurring and Recurring services | The customer's name, contact details, and service address, as needed to schedule and deliver the service. |
| Consultation | When a customer directs us to connect you, the customer's name, contact details, service address, and project details, so you can contact the customer directly. You are solely responsible for TCPA and marketing-law compliance when contacting customers (Vendor Terms Section 12). |
You may use customer data only to fulfil the specific transaction; you act as an independent controller of any customer data you retain; and unauthorized marketing, profiling, resale, or sharing is prohibited.
3. How we use vendor data
- Onboarding, identity verification (KYC/KYB), and legal/compliance checks.
- Operating deal publication, coupon lifecycle, wallet accounting, fee collection, and notifications.
- Administering reward programs, including verification of customer-submitted external-review screenshots and related vendor fees.
- Fraud detection, abuse prevention, quality assurance, and dispute handling.
- Regulatory reporting, legal compliance, and security monitoring.
4. Service providers and subprocessors
We use trusted service providers strictly to operate, secure, and improve the Platform:
| Purpose | Provider |
|---|---|
| Web hosting and content delivery | Vercel |
| Database, authentication, storage, realtime | Supabase |
| Payments, payouts, and identity verification (KYC/KYB) | Stripe (Connect) |
| SMS and one-time passcodes | Twilio |
| Transactional and account email | Amazon Web Services (SES) |
| Mobile push notifications | Google Firebase Cloud Messaging |
| Maps and address lookup | Google Maps / Places |
| Error and performance monitoring | Sentry |
| Automated content / review verification (AI) | Anthropic (Claude) |
We also disclose information for regulatory/legal requirements (law, subpoena, court order, or safety) and in corporate transactions (mergers, reorganizations, financing, due diligence, or asset transfers). We do not sell vendor personal information for monetary consideration.
5. Automated processing and AI
We use automated tools to detect fraud and abuse, assess risk, and verify content — for example, an automated vision model that checks customer-submitted external-review screenshots. These tools support — and do not solely determine — decisions that significantly affect you; you may contact us to request human review of an adverse decision. We do not permit our AI service providers to use your information to train their models for their own purposes.
6. Payments, Stripe, and tax reporting
Payouts and identity verification run through Stripe Connect under Stripe's own terms. Wah! does not store your full bank or card numbers. Information reporting such as IRS Form 1099-K may be provided by Stripe based on your payout activity; you are responsible for your own taxes, as described in the Vendor Terms.
7. Legal basis and consent
Where required by law, we rely on lawful bases including contract performance, legitimate interests, legal compliance, and consent. You may withdraw consent where legally allowed.
8. Data retention
| Category | Typical retention |
|---|---|
| Business, verification & financial records | For the life of the account and as required by tax, accounting, anti-fraud, and legal obligations (often up to 7 years or longer where required). |
| Support & communications | Retained on a long-term, append-only basis for audit, safety, and dispute resolution. |
| Security, audit, and coupon-lifecycle logs | Long-term, append-only, for security, fraud prevention, and compliance. |
Certain records may be retained beyond account termination where the law requires.
9. Security and incident response
We apply reasonable technical and organizational safeguards and maintain incident-response controls; no method of storage or transmission can be guaranteed as fully secure. If a breach affecting your personal information occurs, we will notify you and the relevant authorities as required by applicable law.
10. International transfers
We primarily process data in the United States. Where data is processed in other countries by us or our service providers, we implement reasonable safeguards (such as standard contractual clauses) as required by applicable law.
11. Vendor account closure
Vendors cannot self-delete a vendor account. Closure is handled through an administrative process: your deals are deactivated, outstanding coupons are handled per the Vendor Terms, your wallet is settled, and your account is marked as removed. We retain business, financial, audit, and compliance records after closure as described in Section 8 and as required by law.
12. Your rights and requests
Subject to law, vendor users may request access, correction, or deletion of certain personal data. Requests may be limited where retention is required for compliance, fraud prevention, payment obligations, or active disputes. Many U.S. state privacy laws exempt business-to-business and commercial information, but they may apply to personal information about individual authorized users. You may submit a request by emailing admin@wahsmartdeals.com or through your in-app account settings; we may require verification and supporting documents. Where required by law, we will treat a recognized opt-out preference signal, such as Global Privacy Control, as a valid opt-out of sale/share to the extent we engage in such activity and as we implement support for it.
13. Jurisdiction-specific override
Where mandatory local law grants additional rights or imposes stricter obligations, those mandatory provisions apply to the limited extent required by law.
14. Policy updates
We may revise this policy from time to time and will post the revised version with an updated effective date. For material changes, we will provide reasonable notice.
15. Contact
WahSmartDeals LLC
13235 Affirmed Avenue
Frisco, TX 75035
United States
Privacy and legal: admin@wahsmartdeals.com
Vendor support: contact@wahsmartdeals.com