This Privacy Policy describes how Noble Partners LLC, a Texas limited liability company doing business as WaterfallOne, together with its affiliated entities, individuals, officers, directors, managers, members, employees, agents, contractors, investors, licensors, and future parent, subsidiary, or successor organizations (collectively, "WaterfallOne," "we," "us," or "our"), collects, uses, discloses, and safeguards information when you use our websites, applications, application programming interfaces, chatbots, learn articles, documentation, and related services (collectively, the "Service"). This Privacy Policy is incorporated into the Terms of Service and applies to all users of the Service.
By using the Service, you consent to the practices described in this Privacy Policy. If you do not agree, please do not use the Service.
Summary (plain English). We collect only what's needed to run the Service: account info (email, name, company name), what you do inside the product, payment info (handled by Stripe), and support correspondence. We do not sell personal information. We use well-known vendors to operate the Service. You can request access, correction, or deletion of your data by emailing support@waterfallone.com.
Contents
- Information We Collect
- How We Use Information
- Legal Bases (GDPR)
- How We Share Information
- Subprocessors & Third-Party Services
- Cookies & Similar Technologies
- Data Retention
- Data Security
- International Data Transfers
- Your Rights & Choices
- U.S. State Privacy Rights
- Children's Privacy
- Do Not Track Signals
- Changes to This Policy
- Contact Us
1. Information We Collect
1.1 Information You Provide
| Category | Examples |
|---|---|
| Account information | First name, last name, email address, password (stored hashed), company/firm name, selected plan |
| Billing information | Stripe customer ID, subscription status and plan (actual payment card details are collected and stored by Stripe, not by us) |
| User Inputs | Asset details, investor names (first and last name only), waterfall configurations, distribution data, capital events, fee configurations, and any other data you enter or upload into the Service. We do not collect investor email addresses, Social Security numbers, tax identification numbers, banking details, or contact information — these are not stored in our Service. |
| Support correspondence | Messages, screenshots, and attachments you send through the support form, chat widget, or email |
| Feedback | Surveys, feature requests, comments you submit |
1.2 Information Collected Automatically
| Category | Examples |
|---|---|
| Usage data | Pages viewed, features used, buttons clicked, session duration, referrer URLs, timestamps |
| Device & technical data | Browser type and version, operating system, device type, screen size, IP address, language preference |
| Log data | Server logs, error reports, performance metrics |
| Cookies & identifiers | See Section 6 |
1.3 Information from Third Parties
We may receive information about you from third-party services you authorize (for example, Stripe confirming your payment, or Google Analytics reporting aggregate site traffic). We may also obtain publicly available business information (such as firm headcount or AUM range) from commercial data providers to enrich our internal records.
1.4 About Investors You Add to the Service
The Service allows you, as the account holder, to add investor records associated with your assets. The only information we collect and store for these investor records is first name and last name. We do not collect investor email addresses, phone numbers, mailing addresses, Social Security numbers, tax identification numbers, banking details, wire instructions, or any other personally identifying or financial information about your investors.
Investors you add are not users of the Service, do not have accounts with WaterfallOne, and do not receive communications from us. For purposes of applicable data protection laws (including GDPR and CCPA), you are the data controller with respect to any investor-related information, and WaterfallOne acts as a data processor handling only the minimal identifying information (first and last name) you choose to enter. You are responsible for any notice, consent, or other privacy obligations owed to your investors under applicable law.
2. How We Use Information
We use the information we collect to:
- create, authenticate, and manage your Account;
- provide, operate, maintain, and improve the Service;
- process calculations and generate Outputs based on your User Inputs;
- process payments, manage subscriptions, and send billing notices;
- communicate with you about the Service, including transactional emails, security alerts, trial-nurture emails, and product updates (you may opt out of non-transactional email at any time);
- respond to support requests and provide customer service;
- detect, investigate, and prevent fraud, abuse, and security incidents;
- measure and analyze usage of the Service in aggregate to understand product performance;
- comply with legal obligations, enforce our Terms of Service, and protect our legal rights;
- train our support and product team to better serve users (using de-identified data where feasible).
We do not sell your personal information. We do not rent your personal information. We do not use your User Inputs to train third-party AI models without your consent.
3. Legal Bases (GDPR)
If you are located in the European Economic Area, United Kingdom, or Switzerland, we process your personal information under the following legal bases:
- Contract: to provide the Service and perform our obligations under the Terms of Service;
- Consent: where you have given consent, such as for non-essential cookies or marketing communications (you may withdraw consent at any time);
- Legitimate interests: to operate, secure, improve, and market the Service, prevent fraud, and exercise legal rights, provided these interests are not overridden by your rights;
- Legal obligation: to comply with applicable law, regulation, court order, or governmental request.
4. How We Share Information
We share information only as necessary to operate the Service and as described here. We do not sell personal information.
4.1 Service Providers & Subprocessors
We share information with third-party vendors who process data on our behalf to deliver the Service. These vendors are contractually bound to safeguard information and use it only for the purposes we specify. See Section 5 for the current list.
4.2 Legal Disclosures
We may disclose information when we believe in good faith that disclosure is necessary to: (a) comply with applicable law, subpoena, court order, or governmental request; (b) enforce our Terms of Service; (c) protect the rights, property, or safety of WaterfallOne, our users, or the public; (d) investigate or prevent fraud, security incidents, or illegal activity; or (e) in connection with legal proceedings.
4.3 Business Transfers
If WaterfallOne is involved in a merger, acquisition, financing, reorganization, bankruptcy, receivership, or sale of assets, information may be transferred as part of that transaction. The acquirer will remain bound by this Privacy Policy unless we notify you and you consent otherwise.
4.4 With Your Consent
We may share information with other parties when you direct us to do so.
5. Subprocessors & Third-Party Services
We use the following subprocessors to operate the Service. Each is bound by its own privacy and security commitments.
| Subprocessor | Purpose | Data Categories |
|---|---|---|
| Supabase, Inc. | Database, authentication, storage | Account info, User Inputs, usage data |
| Vercel, Inc. | Application hosting, edge delivery | Log data, IP addresses, traffic metadata |
| Stripe, Inc. | Payment processing, billing, tax | Billing information, payment card details (held by Stripe) |
| Resend | Transactional email delivery, inbound email | Email addresses, email content |
| PostHog, Inc. | Product analytics | Usage data, device data, IP addresses |
| Sentry | Error tracking, performance monitoring | Error stacks, device and browser metadata |
| Anthropic, PBC | Conversational AI ("Cal") support assistant | Chat messages sent to Cal |
| Zapier, Inc. | Internal workflow automation | Account info, billing events, support metadata |
| Notion Labs, Inc. | Internal CRM, support ticket tracking | Account info, support correspondence metadata |
| Google LLC | Website analytics, business email | Aggregated usage, email correspondence |
We may update this list from time to time. Material changes will be announced in accordance with Section 14.
6. Cookies & Similar Technologies
We use cookies and similar technologies (pixels, local storage, device identifiers) to operate the Service, remember your preferences, analyze usage, and improve the experience. Types of cookies we use:
- Strictly necessary: required for authentication, security, and core functionality;
- Analytics: help us understand how users interact with the Service (Google Analytics, PostHog);
- Functional: remember your preferences and settings.
You can control cookies through your browser settings. Blocking strictly necessary cookies may disable parts of the Service.
7. Data Retention
We retain personal information for as long as needed to:
- provide the Service while your Account is active;
- comply with legal, regulatory, tax, accounting, or audit requirements;
- resolve disputes, enforce our agreements, and prevent fraud;
- maintain business records and historical financial integrity.
Typical retention windows: Account data for the life of the Account plus 90 days after termination; billing records for seven (7) years; security and audit logs for 365 days; support correspondence for three (3) years. After applicable retention periods, we delete or anonymize data in accordance with our data retention procedures.
8. Data Security
We implement technical and organizational measures designed to protect personal information, including encryption of data in transit (TLS), encryption of data at rest for databases that support it, access controls, authentication requirements, database row-level security policies, audit logging, and secure software development practices. No security measure, system, or service is perfectly secure, and we cannot and do not guarantee the absolute security of any information. You acknowledge that you transmit information to and through the Service at your own risk. If you believe your Account has been compromised, please contact us immediately at support@waterfallone.com. In the event of a personal-data breach that triggers a legal obligation to notify, we will provide notice in accordance with applicable law; no other notice obligation is created or implied by this Privacy Policy.
9. International Data Transfers
We are based in the United States, and our service providers may process data in the United States or other countries. If you are located outside the United States, your information will be transferred to, stored, and processed in the United States. Where required (such as for personal data originating in the EEA or UK), we rely on appropriate safeguards (including Standard Contractual Clauses) for such transfers.
10. Your Rights & Choices
Subject to applicable law, you have the right to:
- Access personal information we hold about you;
- Correct inaccurate or incomplete information;
- Delete your Account and associated personal information;
- Export a portable copy of your information;
- Object to certain processing, including direct marketing;
- Restrict processing in certain circumstances;
- Withdraw consent where processing is based on consent;
- Lodge a complaint with your local data protection authority.
To exercise any of these rights, email support@waterfallone.com with your request. We may need to verify your identity before responding and will respond within the timeframe required by applicable law.
You may also unsubscribe from marketing emails via the unsubscribe link in any such email. Transactional emails (security alerts, billing, support responses) cannot be opted out of while you have an active Account.
11. U.S. State Privacy Rights
Residents of California, Virginia, Colorado, Connecticut, Utah, and other U.S. states with comprehensive privacy laws have additional rights, including:
- the right to know what personal information we collect and how we use it;
- the right to access and delete personal information;
- the right to opt out of the "sale" or "sharing" of personal information (we do not sell personal information);
- the right to non-discrimination for exercising these rights;
- the right to correct inaccurate personal information;
- the right to limit the use of "sensitive personal information" (we do not use sensitive categories beyond what's necessary for the Service).
Submit requests to support@waterfallone.com. Authorized agents may submit requests on your behalf with verifiable written authorization.
12. Children's Privacy
The Service is not directed to children under the age of eighteen (18), and we do not knowingly collect personal information from children under 18. If we learn we have collected personal information from a child under 18, we will delete it promptly. If you believe we have information about a child under 18, please contact support@waterfallone.com.
13. Do Not Track Signals
Some browsers transmit "Do Not Track" ("DNT") signals. There is no industry standard for how DNT signals should be interpreted, and we currently do not respond to DNT signals. We will provide notice here if this changes.
14. Changes to This Policy
We may update this Privacy Policy from time to time. The "Effective" date and version number at the top of this document indicate when the current version took effect. For material changes, we will provide reasonable notice by posting the updated policy, sending an email to your Account's email address, or displaying a notice within the Service. Continued use of the Service after changes become effective constitutes acceptance.
15. Contact Us
Questions about this Privacy Policy or our data practices may be sent to support@waterfallone.com.
WaterfallOne is operated by Noble Partners LLC, a Texas limited liability company (Texas Secretary of State File No. 0806561351, formed April 22, 2026). Legal and formal privacy notices may be sent to the registered agent of Noble Partners LLC in the State of Texas: Northwest Registered Agent, LLC, 5900 Balcones Drive Ste 100, Austin, TX 78731.