Skip to main content

LEGAL

Privacy Policy

Effective April 25, 2026

Pre-launch — forward-looking

WinsAbove is in active development. Sections describing CRM data collection and platform usage describe how the platform will operate once it ships. Today the only personal data we hold is what you voluntarily provide via marketing forms (email for early-access updates, contact requests) and standard web analytics.

WinsAbove ("we", "our", or "the platform") provides a sales performance verification service that pulls closed-won deal data from Customer Relationship Management (CRM) systems, calculates a normalized performance score ("Alpha Score"), and presents it as a verified scorecard. This policy explains what data we collect, how we use it, who we share it with, and what rights you have over it.

1. Information we collect

We collect three categories of data:

  • Account information you provide directly: name, email address, password hash (when applicable), professional role, company, and the OAuth credentials you authorize at signup.
  • CRM data you authorize us to read via merge.dev: closed-won opportunity records, stage history, deal sizes, win/loss outcomes, and engagement signals (meetings, emails) used to compute the trust multiplier on your Alpha Score. Access is read-only — we never write to your CRM.
  • Usage data generated as you interact with the platform: page views, feature usage, error logs, IP address, browser/device metadata, and standard web telemetry.

2. How we use your information

  • To calculate your Alpha Score and render your verified scorecard.
  • To compare your performance against anonymized peer cohorts.
  • To authenticate sessions and prevent abuse.
  • To improve scoring accuracy and product quality.
  • To send transactional communications (account confirmations, security alerts) and, where you opt in, product updates.

We do not use your CRM data to train third-party AI models, and we do not sell, rent, or trade your customer lists, contact information, or performance data.

3. Subprocessors

We rely on the following third-party providers to operate the service:

  • Cloudflare — application hosting, edge caching, DDoS protection.
  • Merge.dev — unified CRM API for read-only Salesforce and HubSpot integrations.
  • Google Analytics — anonymized product usage telemetry.
  • Email service providers — transactional email delivery.

Each subprocessor is contractually bound to handle your data with at least the protections described in this policy. A current list is available on request to privacy@winsabove.com.

4. Data security

Data in transit is protected via TLS 1.3, terminated by Cloudflare. The marketing site is hosted behind Cloudflare WAF and DDoS protection, and production secrets are stored as Cloudflare Worker secrets rather than in source. Once the platform processes customer CRM data, that data will be stored on Cloudflare storage primitives (D1, R2, KV), which encrypt at rest by default; CRM access will be scoped to read-only OAuth and revocable from your CRM admin panel. WinsAbove holds no SOC 2, ISO 27001, or other third-party security attestations today — the full live-vs-target breakdown is on our security page.

5. Data location

Production data is stored in the United States. Edge caching and request routing operate globally via Cloudflare's network. EU/UK data subjects can request additional location restrictions by contacting privacy@winsabove.com.

6. Your rights

Subject to applicable law (including GDPR for EU/UK residents and CCPA for California residents), you have the right to:

  • Access the personal data we hold about you.
  • Export your data in a machine-readable format.
  • Request correction of inaccurate data.
  • Request deletion of your account and associated data.
  • Withdraw consent for processing at any time.
  • Object to or restrict certain processing activities.
  • Lodge a complaint with your local data protection authority.

To submit a rights request, email privacy@winsabove.com and we will respond within 30 days. Self-service export and deletion from the dashboard is on the roadmap.

7. Cookies

We use session cookies for authentication and analytics cookies (Google Analytics) to understand product usage. We do not use third-party advertising cookies. You can disable non-essential cookies in your browser settings without losing core functionality.

8. Children

WinsAbove is not directed to individuals under 18. We do not knowingly collect personal data from minors. If you believe we have collected such data in error, contact us and we will delete it.

9. Changes to this policy

We may update this policy from time to time. Material changes will be announced by email and via a banner on the platform at least 14 days before they take effect.

10. Contact

Privacy questions or rights requests: privacy@winsabove.com. For all other inquiries: hello@winsabove.com.