← Back to Waitless

Privacy Notice

Personal Data Protection Act 2010 (Malaysia) · Last updated: 8 May 2026

This notice tells you what personal data Waitless ("we", "us", "our") collects when you use the Waitless app or website (waitless.now), why we collect it, who we share it with, and the choices you have. It is issued in compliance with section 7 of the Personal Data Protection Act 2010 ("PDPA").

1. Who we are

Waitless is a restaurant queue management service operated in Malaysia. If you have any questions about this notice or your personal data, contact support@waitless.now.

2. What we collect

Data	Why	Source
Name	Identify you to the restaurant when your table is ready	You, at signup
Email address	Send the one-time login code; service notifications	You, at signup
Phone number	Optional fallback for the restaurant to reach you	You, at signup
Queue history	Show which restaurants you've joined; calculate estimated wait times	Generated when you tap "Join queue"
No-show count	Apply the 30-minute cool-off after two missed table calls (per our Terms)	Generated server-side
Approximate location	Sort restaurants by distance (only with your explicit permission)	Your device, only when granted

We do not collect: payment cards, IC numbers, biometric data, or precise location without permission.

3. How we use your data

• To run the queue: showing your spot, estimating waits, alerting you when your table is ready.
• To prevent abuse: tracking missed table calls so a small group of repeat no-shows doesn't ruin queues for everyone.
• To improve the service: aggregate, non-identifying analytics on queue lengths and wait accuracy.
• To communicate: occasional service announcements (account changes, scheduled downtime). We do not send marketing email.

4. Who we share it with

• Restaurants you join see your name, your party size, and your queue history at their venue (so they can call you in). They never see your email or phone unless you give it to them directly.
• Supabase Inc. (database + authentication, US/EU regions) — our infrastructure provider. Bound by their privacy policy.
• Resend, Inc. (transactional email) — sends the one-time login codes and service notifications. Bound by their privacy policy.
• Stripe, Inc. (payments, restaurant operators only) — when restaurant operators subscribe. Customers never interact with Stripe.

We never sell your personal data. We never share it with marketing networks or data brokers.

5. How long we keep it

• Account data: while your account is active. Deleted within 7 days of you closing your account.
• Queue history: 90 days after the queue closes, then aggregated and anonymised.
• One-time login codes: 24 hours.
• No-show records: 90 days, after which they auto-expire (the cool-off itself only lasts 30 minutes).

6. Your rights under PDPA

• Access — see what we have about you.
• Correct — fix anything wrong (you can update name/email/phone in the app).
• Withdraw consent / delete — close your account in the app's Profile screen, or email support@waitless.now.
• Limit processing — ask us to stop using your data for anything beyond running the queue.
• Complain — to the Personal Data Protection Commissioner of Malaysia (pdp.gov.my) if you believe we've mishandled your data.

7. Security

Login is passwordless: a one-time 6-digit code emailed to you. Codes expire in 10 minutes and can be used once. All data is encrypted in transit (TLS 1.3) and at rest. Servers are hosted by Supabase in compliance with SOC 2 Type II.

8. Cookies and local storage

We store your login session and a few preferences (e.g., which restaurant you're queued at) in your browser's localStorage. We do not use third-party advertising or analytics cookies.

9. Changes to this notice

If we update how we handle your data, we'll show a one-time notice in the app and email you if the change is material.

---

Singapore — Personal Data Protection Act 2012

For users in Singapore · Last updated: 16 May 2026

If you are accessing Waitless from Singapore, this section describes how the Singapore Personal Data Protection Act 2012 ("PDPA 2012") applies to your personal data. The rest of this notice continues to apply; this section sets out the Singapore-specific particulars.

S1. Who we are

Waitless is operated from Malaysia. Personal data of Singapore users is processed under the PDPA 2012. For data-related questions, contact support@waitless.now.

S2. What we collect

The same categories listed in section 2 above: name, email address, phone number (optional), queue history, no-show count, and approximate location (only with your explicit permission). We do not collect NRIC numbers, payment cards, or precise location without permission.

S3. How we use your data

Same as section 3 above — running the queue, preventing repeated no-show abuse, aggregate service-quality analytics, and occasional service announcements. We do not send marketing messages without your consent.

S4. Sub-processors

Personal data is processed by the same sub-processors named in section 4: Supabase Inc. (database + authentication, US/EU regions), Resend, Inc. (transactional email), and Stripe, Inc. (payments — restaurant operators only; customer accounts do not interact with Stripe). Each is bound by their own privacy policy and processes data on our instructions. We never sell your personal data and never share it with marketing networks.

S5. Retention

Same retention windows as section 5: active account data while your account is open and deleted within 7 days of closure; queue history 90 days then aggregated/anonymised; one-time login codes 24 hours; no-show records 90 days.

S6. Your rights under the PDPA 2012

• Access — ask for a copy of the personal data we hold about you.
• Correction — ask us to correct anything inaccurate (most fields are user-editable in the app).
• Withdrawal of consent — close your account in the app's Profile screen or email support@waitless.now. Withdrawing consent may mean we can no longer run the queue service for you.
• Complain — to the Personal Data Protection Commission (PDPC) at pdpc.gov.sg if you believe we have mishandled your data.

Requests under this section can be sent to support@waitless.now. We will respond within 30 days as required by the PDPA 2012.

---

Notis Privasi

Akta Perlindungan Data Peribadi 2010 · Kemas kini terakhir: 8 Mei 2026

Notis ini menerangkan data peribadi yang dikumpulkan oleh Waitless ("kami") apabila anda menggunakan aplikasi atau laman web Waitless (waitless.now), sebab kami mengumpulnya, dengan siapa kami berkongsi, dan pilihan yang anda ada. Ia dikeluarkan menurut seksyen 7 Akta Perlindungan Data Peribadi 2010 ("APDP").

1. Tentang kami

Waitless ialah perkhidmatan pengurusan giliran restoran yang dikendalikan di Malaysia. Hubungi support@waitless.now untuk sebarang pertanyaan.

2. Apa yang kami kumpul

• Nama — supaya restoran tahu siapa untuk dipanggil bila meja siap.
• Alamat e-mel — untuk menghantar kod log masuk satu kali; notifikasi perkhidmatan.
• Nombor telefon — pilihan, sebagai sandaran untuk restoran menghubungi anda.
• Sejarah giliran — restoran yang anda sertai, untuk anggaran masa menunggu.
• Bilangan tidak hadir — untuk mengenakan tempoh sejuk-bertenang 30 minit selepas dua kali tidak hadir.
• Lokasi anggaran — hanya jika anda berikan kebenaran, untuk susun restoran mengikut jarak.

Kami tidak mengumpul: kad pembayaran, nombor IC, data biometrik, atau lokasi tepat tanpa kebenaran.

3. Bagaimana data digunakan

• Menjalankan giliran: tunjuk tempat anda, anggar masa, beritahu bila meja sedia.
• Mencegah penyalahgunaan: catatkan tidak hadir supaya beberapa pengguna yang sentiasa cabut tidak rosakkan giliran orang lain.
• Menambah baik perkhidmatan: analitik tanpa pengenalan tentang panjang giliran dan ketepatan anggaran.
• Komunikasi: pengumuman perkhidmatan sahaja. Kami tidak menghantar e-mel pemasaran.

4. Dengan siapa kami berkongsi

• Restoran yang anda sertai nampak nama, saiz kumpulan dan sejarah giliran anda di restoran mereka. Mereka tidak nampak e-mel atau nombor telefon anda kecuali anda beri sendiri.
• Supabase Inc. (pangkalan data, AS/EU) — penyedia infrastruktur kami.
• Resend, Inc. (penghantaran e-mel) — menghantar kod log masuk.
• Stripe, Inc. (pembayaran, untuk operator restoran sahaja) — pelanggan tidak berinteraksi dengan Stripe.

Kami tidak menjual data peribadi anda dan tidak berkongsi dengan rangkaian pengiklanan atau pembrokerusan data.

5. Tempoh penyimpanan

• Data akaun: selagi akaun anda aktif. Dihapus dalam 7 hari selepas anda tutup akaun.
• Sejarah giliran: 90 hari selepas giliran ditutup, kemudian dijadikan tanpa nama.
• Kod log masuk satu kali: 24 jam.
• Rekod tidak hadir: 90 hari (tempoh sejuk-bertenang itu sendiri hanya 30 minit).

6. Hak anda di bawah APDP

• Akses — minta lihat data yang kami simpan tentang anda.
• Betulkan — pinda nama / e-mel / telefon dalam aplikasi.
• Tarik balik kebenaran / hapus — tutup akaun dari skrin Profil, atau e-mel support@waitless.now.
• Hadkan pemprosesan — minta kami berhenti menggunakan data anda untuk apa-apa selain menjalankan giliran.
• Aduan — kepada Pesuruhjaya Perlindungan Data Peribadi (pdp.gov.my) jika anda rasa data anda disalahurus.

7. Keselamatan

Log masuk tanpa kata laluan: kod 6-digit dihantar ke e-mel anda. Kod tamat dalam 10 minit dan hanya boleh guna sekali. Semua data disulitkan semasa penghantaran (TLS 1.3) dan semasa simpanan.

8. Cookie dan storan tempatan

Kami simpan sesi log masuk dan beberapa pilihan dalam localStorage pelayar anda. Kami tidak guna cookie pengiklanan pihak ketiga.

9. Perubahan notis

Jika kami ubah cara pengendalian data, kami akan papar notis sekali sahaja dalam aplikasi dan e-mel anda jika perubahan itu signifikan.