Privacy Policy
Last updated: March 16, 2026
Baitlist (“we”, “us”, “our”) is operated by Dennis Petri. This policy explains what data we collect, why we collect it, and how we protect it.
1. What we collect
When you sign up for a waitlist on Baitlist, we collect:
- Contact info — name, email address
- Company info (optional) — company name, role, team size
- Questionnaire responses — your answers to the five waitlist questions
- Intent score — an AI-generated score based on your responses
When you create an account as a waitlist owner, we additionally collect:
- Authentication data — email address and session tokens via magic link
- Billing data — processed by Stripe; we store your Stripe customer ID but never your payment card details
2. How we use your data
- Intent scoring — your questionnaire responses are sent to OpenAI’s API to generate an intent score. Responses are processed in real time and are not used to train AI models.
- Waitlist management — waitlist owners see your name, email, score, and responses so they can decide who to admit.
- Transactional emails — we send magic link emails for authentication and waitlist status updates.
- Analytics — we use Google Analytics to understand how people use our site. This collects anonymized usage data.
3. Third-party services
We share data with these services only as necessary to operate Baitlist:
| Service | Purpose | Data shared |
|---|---|---|
| Supabase | Database & auth | All account and signup data |
| OpenAI | Intent scoring | Questionnaire responses only |
| Stripe | Payments | Email, plan tier |
| Vercel | Hosting | IP address, request logs |
| Google Analytics | Usage analytics | Anonymized browsing data |
4. Data storage & security
- All data is stored in Supabase (PostgreSQL) with row-level security enabled.
- Data is encrypted at rest and in transit (TLS).
- Authentication uses PKCE-based magic links — no passwords are stored.
- We use service-role keys only server-side for webhook processing.
5. Data retention
- Signup data is retained for as long as the waitlist exists. Waitlist owners can delete individual signups or entire waitlists at any time.
- Account data is retained until you delete your account.
- Billing data is retained by Stripe according to their retention policy.
6. Your rights
You can request to:
- Access your personal data
- Correct inaccurate data
- Delete your data (“right to be forgotten”)
- Export your data in a portable format
Email us at hi@baitlist.com and we’ll respond within 30 days.
7. Cookies
We use essential cookies for authentication (Supabase session tokens). Google Analytics sets its own cookies for anonymized usage tracking. We do not use advertising or tracking cookies.
8. Changes to this policy
We may update this policy from time to time. Material changes will be communicated via email to registered users. The “last updated” date at the top reflects the most recent revision.
9. Contact
Questions about this policy? Email hi@baitlist.com.