Privacy Policy

Last updated: February 24, 2026

Data controller

Winotto OU, Registry code: 16823554, Estonia. Email: info@winotto.com.

What we collect and why

• Name, email — Account and communication. Retained until you delete your account.
• Password (hashed) — Authentication. Retained until account deletion.
• Database backups — Perform migration. Deleted immediately after migration.
• Migration results — Download by you. Auto-deleted within 72 hours.
• Migration metadata — Filename, versions, status. Retained until account deletion.
• Billing info — Invoicing and tax compliance. Retained 7 years (accounting law).
• IP address — Rate limiting. Transient (minutes in Redis).

Uploaded databases

Your database backups may contain personal data. We process this data solely to perform the migration. We do not access, read, analyze, or share the contents.

Third-party services

• Google OAuth — for sign-in.
• Stripe — for payments.

Neither has access to your uploaded database files.

Analytics

We use Plausible Analytics, a privacy-focused, cookie-free analytics tool. No personal data collected.

Where your data is stored

All data stored and processed on servers in Finland (EU). No data transferred outside the EU/EEA.

Security

• HTTPS/TLS encryption on all connections.
• Passwords hashed with bcrypt.
• Database backups processed in ephemeral Docker containers, destroyed after each job.
• Files permanently deleted after 72 hours.

Your rights under GDPR

Access, rectify, erase, export your data, or lodge a complaint. Email info@winotto.com. We respond within 30 days.

Questions? Contact us at info@winotto.com.