Skip to main content
Sign inSign up
Sign in

Privacy Policy

Last updated: June 3, 2026

1. Information We Collect

WakeLink stores the following data to provide its service:

Account data

  • Username (unique identifier for your account)
  • Email address (used for account recovery and notifications)
  • Hashed password (bcrypt — the plaintext is never stored)
  • API token hash (SHA-256 — the raw token is never stored after issuance)
  • TOTP secret for two-factor authentication (encrypted at rest)
  • Login timestamps and lifetime login / failed-login counters

Device data

  • Device names and MAC addresses you register
  • Last known IP address of each device (updated on activity)
  • Lifetime wake-command and error counters per device
  • Timestamp of the last wake command sent to each device

Billing data (Pro plan only)

  • Stripe customer ID and subscription ID (no card numbers stored by us)
  • Subscription status (active / cancelled / past_due)

Integration data (optional, if enabled)

  • Telegram user ID (if you link Telegram for password reset)
  • ntfy push-notification topic (if you enable push notifications)

Session data

  • Web session tokens stored in PostgreSQL — expire automatically after the configured session TTL
  • Active WebSocket/relay sessions stored in Redis — ephemeral, not persisted to disk

2. How We Use Your Information

Your data is used exclusively to:

  • Authenticate and authorize your requests
  • Route Wake-on-LAN packets to your registered devices
  • Enforce per-plan device limits and feature access
  • Send push/Telegram notifications you have explicitly configured
  • Provide customer support
  • Detect and prevent abuse (rate limiting, login-failure tracking)

3. Data Storage and Security

All traffic between clients and the relay is encrypted with ChaCha20-Poly1305 (EWSP protocol) and TLS. Passwords are hashed with bcrypt and never stored in plaintext. TOTP secrets are encrypted at rest. API tokens are stored only as SHA-256 hashes — we cannot recover a token once issued.

Persistent data resides in a PostgreSQL database. We do not sell, rent, or share your personal information with third parties. Stripe handles all payment processing — WakeLink never receives or stores card details.

4. Data Retention

All account, device, and billing data is retained until you delete your account. Deleting your account permanently removes all associated records from our database. Web session tokens expire automatically; relay sessions in Redis are ephemeral and disappear when the connection closes.

We do not maintain a rolling log of individual wake commands or connection events. Usage is tracked as aggregate lifetime counters (total wakes, total logins) and the timestamp of the most recent event per device — not as a detailed event log.

5. Your Rights

You have the right to:

  • Access your personal data via the dashboard or API
  • Correct inaccurate data (username, email, device names)
  • Delete your account and all associated data at any time
  • Revoke API tokens and integration links independently of account deletion

6. Open Source & Self-Hosting

WakeLink is open-source software. You can self-host the entire stack — relay, dashboard, website, and all supporting services — and maintain complete control over your data. View our code on GitHub.

7. Contact Us

If you have questions about this Privacy Policy, contact us at [email protected]