Privacy Policy

This Privacy Policy explains how We don't need name s.r.o. (CIN 10861718), doing business as "OvernightMVP" and/or "WDNN" ("we", "us", "our"), collects, uses, shares, and protects personal data when you visit our websites (including wdnn.com and any OvernightMVP-branded domains), contact us, subscribe to updates, purchase our services, or use the MVPs and related tooling we host for clients (the "Services").

If you are in the EEA/UK, we are the data controller for personal data we collect about you as a website visitor, prospect, or client. When we host or maintain an MVP for a client, we act as that client's data processor with respect to their end users' data.

1) What we collect

1.1 Information you provide directly

Identity & contact details: name, email address, company name, job title, billing address, and similar identifiers.
Project information: product name, descriptions, goals, features requested, branding assets, preferred timelines.
Account & communication content: messages you send us (e.g., support chat, emails), feedback you provide, newsletter preferences.
Payment information: we receive payment confirmation details from our payment provider (we do not store full card numbers).

1.2 Information collected automatically

Device & usage data: IP address, browser, operating system, pages viewed, time on page, clicks, referring/exit pages, and other analytics events.
Cookies and similar technologies to remember preferences, enable core features, measure performance, and (where permitted) support marketing.

1.3 Information from third parties

Vendors/partners (e.g., hosting, analytics, customer support, and payment providers) may supply data such as transaction statuses, deliverability, or limited profile/usage information when necessary to provide our Services.

2) Why we use your data (purposes & legal bases)

We process personal data for these purposes and, where GDPR applies, under these legal bases:

Provide and operate the Services (e.g., scope and build your MVP, deploy and host, handover code, support). Legal basis: performance of a contract; legitimate interests.
Handle payments, invoicing, and accounting. Legal basis: performance of a contract; legal obligations.
Customer communications (service emails, updates about your project, critical notices). Legal basis: performance of a contract; legitimate interests.
Support and troubleshooting (including chat/support tooling). Legal basis: legitimate interests; consent where required.
Analytics and product improvement. Legal basis: legitimate interests; consent where required.
Marketing with consent (e.g., newsletters, case-study announcements). Legal basis: consent; you may withdraw at any time.
Security, fraud prevention, and dispute handling. Legal basis: legitimate interests; legal obligations.

Where we rely on legitimate interests, we balance those interests against your rights and expectations and provide opt-out mechanisms where applicable.

3) Cookies & tracking

We use required cookies to operate the Sites and (with consent where required) may use functional, analytics, and marketing cookies. You can manage preferences via our cookie banner or your browser settings. If you disable certain cookies, parts of the Services may not function properly.

4) How we share information

We do not sell personal data. We share it only with:

Service providers / subprocessors who help us operate the Services (e.g., hosting, infrastructure, analytics, support, payments, email delivery). These providers may only process data under our instructions and must protect it appropriately.
Professional advisers (accountants, auditors, legal counsel), authorities when required by law, and acquirers in the event of a business transaction.
Client controllers when we act as a processor (e.g., end-user data in client MVPs we host) and only according to our contract with that client.

5) International transfers

Some providers may process personal data outside your country. Where applicable (e.g., transfers from the EEA/UK), we rely on approved transfer mechanisms such as adequacy decisions and/or the European Commission's Standard Contractual Clauses.

6) Data retention

We keep personal data only as long as necessary to provide the Services, comply with our legal obligations (e.g., tax and accounting), resolve disputes, and enforce agreements. Where feasible, we will anonymize or aggregate data rather than retain it in identifiable form. Specific retention periods can vary by data type and legal requirements.

7) Your rights

Where GDPR/UK GDPR applies, you can request to access, rectify, erase, or restrict processing of your personal data, ask for data portability, and object to processing based on legitimate interests. Where we rely on consent, you can withdraw it at any time without affecting the lawfulness of processing before withdrawal. You also have the right to lodge a complaint with your local supervisory authority.

To exercise these rights, contact us at legal@overnightmvp.com.

8) Children

Our Services are not directed to children and we do not knowingly collect personal data from anyone under 16 (or the age required by local law). If you believe a child has provided personal data to us, please contact us and we will take appropriate steps to delete it.

9) Security

We implement technical and organizational measures appropriate to the risk, including access controls, encryption in transit/at rest where applicable, environment isolation, least-privilege principles, and regular review of vendor security documentation. No online service can be 100% secure, but we work hard to protect your information.

10) Acting as a processor (client MVPs we host)

For any MVPs we host or maintain for clients, we process end‑user personal data on the client's instructions as their processor. We recommend clients publish their own privacy notices and cookie policies for their end users. Upon contract termination or at the client's written request, we will return or delete personal data in accordance with our agreement and applicable law.