Reddit Sonar is operated by [Company legal name — fill before launch], registered at
[Registered address — fill before launch]. For the purposes of the EU/UK GDPR and other
applicable data-protection laws, this entity is the data controller responsible for the
personal information described in this policy. You can reach the controller about any privacy matter at
privacy@wholesaas.com.
2. Information We Collect
Information you provide
Account information: When you sign up, we collect your email address and name.
Access requests: If you request access through our contact form, we collect your email and any message you provide.
Information collected automatically
Machine fingerprint: A hardware-derived hash used to manage your account. This is computed locally and sent only during session verification.
Usage data: We track a small number of usage counters (such as searches, AI actions, and listener sessions) together with your machine fingerprint to enforce the 5-hour free-trial window and to validate your one-time license key (anti-sharing). These counters are not used to meter a subscription or apply daily plan quotas. This data is tied to your user account, not your browsing behavior.
Server logs: Our servers log IP addresses and request metadata for security and rate-limiting purposes. These logs are rotated and purged regularly.
Information we do NOT collect
Reddit credentials: Your Reddit login session stays entirely on your local machine. We never see your Reddit username, password, or cookies.
Search queries & leads: All searches, AI scoring results, and discovered leads are stored locally on your device. They are never uploaded to our servers.
Product profiles: Your product descriptions and profile configurations remain on your machine.
Comments & drafts: Any AI-drafted comments stay local until you choose to post them on Reddit directly.
3. How We Use Your Information
We use the information we collect for the following purposes:
Account management: To manage your account and validate your one-time license key.
Trial & license enforcement: To enforce the 5-hour free-trial window per machine and to prevent a single license key from being shared across multiple machines.
Security: To detect abuse, prevent key sharing, and protect against unauthorized access.
Communication: To respond to support requests and access inquiries.
Service improvement: Aggregated, anonymized usage patterns may be used to improve the product.
We do not use your data for advertising, profiling, or selling to third parties.
Legal basis for processing (GDPR)
Where the EU/UK GDPR applies, we rely on the following legal bases:
Performance of a contract: to create and manage your account, run the free trial, and validate your one-time license so we can provide the service you requested.
Legitimate interests: to keep the service secure, prevent trial abuse and license sharing, and improve the product using aggregated, anonymized data.
Consent: for any optional processing we may introduce in the future (for example, optional analytics), which would be off by default until you opt in.
4. Data Storage & Security
Local data: All sensitive data (Reddit session, leads, profiles, searches) is stored on your local machine in the app's data directory. You have full control over this data.
Account data: Our servers store user accounts, machine identifiers, and usage counters. This data is hosted on infrastructure we control.
Encryption: All communication between the app and our servers uses HTTPS. Sensitive tokens are hashed using SHA-256 before storage.
Cookies & local storage
Our website is deliberately light on client-side storage. We use only strictly-necessary
cookies and local storage. There are no advertising, cross-site, or third-party tracking
cookies, and no analytics or marketing scripts run on this site today.
Authentication (rlw_auth, rlw_admin_session cookies): set only after you sign in, to keep you logged in. They are HttpOnly, SameSite=Strict, and expire automatically.
Checkout continuity (rlw_checkout, local storage): preserves an in-progress purchase so your license key is never lost if the payment page reloads. It is cleared once checkout finishes.
Your cookie choice (rlw_cookie_consent, local storage): remembers the preference you set so we don't ask again on every visit.
Because these are essential to features you actively request (signing in and completing a purchase),
they are exempt from prior consent under the ePrivacy Directive and the GDPR. If we ever introduce
optional analytics, they will be off by default and load only after you opt in. You can review or
change your choice at any time:
.
5. Third-Party Services
Reddit Sonar integrates with the following third-party services:
OpenRouter or DeepSeek: AI requests (scoring, summarization, comment drafting) are sent directly to whichever provider you configure, using your own API key. We do not proxy or intercept these requests. See OpenRouter's privacy policy or DeepSeek's privacy policy.
Oxapay: When you purchase the one-time $199 license, payment is handled by Oxapay's crypto checkout. The data that flows during checkout (such as your email/order reference and the cryptocurrency transaction details) is processed by Oxapay to complete and confirm your payment. We never see or store your wallet keys. See Oxapay's privacy policy.
Reddit: The app interacts with Reddit through a browser you control. We do not access Reddit's API on your behalf.
Google Fonts: Our website uses Google Fonts for typography. This may transmit your IP address to Google. See Google's privacy policy.
6. Data Sharing
We do not sell, trade, or rent your personal information. We may share information only in these limited circumstances:
Legal compliance: If required by law, regulation, or legal process.
Safety: To protect the rights, safety, or property of our users or the public.
Business transfer: In the event of a merger, acquisition, or sale of assets, user data may be transferred as part of that transaction. You would be notified of any such change.
7. Your Rights (GDPR & CCPA)
Depending on your jurisdiction, you may have the following rights:
Access: Request a copy of the data we hold about you.
Correction: Request correction of inaccurate data.
Deletion: Request deletion of your account and associated data.
Portability: Request your data in a machine-readable format.
Objection: Object to our processing of your data.
To exercise any of these rights, contact us at privacy@wholesaas.com. We will respond within 30 days. If you are in the EU/UK, you also have the right to lodge a complaint with your local data protection authority.
California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have specific rights under the California Consumer Privacy Act, as amended by the CPRA. Over the past 12 months, the categories of personal information we may have collected are:
Identifiers: your name and email address.
Commercial information: records of your license purchase and trial status.
Internet/network activity & device data: your machine fingerprint, usage counters, IP address, and request metadata in server logs.
We do not sell or share your personal information as those terms are defined by the CCPA/CPRA,
and we have not done so in the preceding 12 months. As a California resident you have the right to know what
personal information we collect and how it is used, to request deletion of your personal information, to request
correction of inaccurate information, and to opt out of any sale or sharing (which we do not engage in). You also
have the right not to receive discriminatory treatment for exercising any of these rights. To make a request,
contact us at privacy@wholesaas.com.
8. International Data Transfers
Our servers and some of the third-party processors described above (for example, AI providers and our payment
processor) may store or process data in the United States and other countries. Where we transfer personal
information out of the EU/UK, we rely on appropriate safeguards such as Standard Contractual Clauses or an
equivalent lawful transfer mechanism to ensure your information continues to receive an adequate level of
protection.
9. Data Retention
Account data: Retained as long as your account is active. Deleted upon account deletion request.
Server logs: Rotated and purged after 30 days.
Local data: Under your control. Uninstalling the app removes all local data.
10. Children's Privacy
Reddit Sonar is not intended for use by individuals under the age of 18. We do not knowingly collect
personal information from children. If you believe a child has provided us with personal information, please
contact us and we will delete it.
11. Changes to This Policy
We may update this privacy policy from time to time. We will notify you of material changes by posting the new
policy on this page and updating the "Last updated" date. Your continued use of the service after changes
constitutes acceptance of the updated policy.
12. Contact Us
If you have questions about this privacy policy or our data practices, contact us at: