Privacy Policy

WMYW Global Advisory ("WMYW", "we", "us") is operated by WMYW Global Advisory LLC (Florida, USA) together with Viktoriia Volynets PA, a Florida-licensed Real Estate Sales Associate (#SL3474750) in association with LoKation Real Estate.

Data controller contact: viktoriia@withmeyouwin.com.

We collect personal data through the following surfaces:

• Contact form: name, email, phone, message, area of interest.
• Rental enquiry form: name, email, target area, budget range, move-in timeline.
• Newsletter subscription: email address, locale, the page that triggered the signup.
• The Curator AI concierge: full conversation transcripts. The last 20 messages are cached on your device for instant resume; a server-side copy is retained on Supabase to maintain context across devices and visits.
• Approximate IP-based country (used for language detection and OFAC sanctions routing).
• Sanctions-screening records: country code, normalized name hash, screening verdict — kept for audit traceability.
• Booking metadata when you reserve a consultation. Cal.com hosts the booking calendar and the Stripe-powered checkout for paid tiers; we receive a webhook with the booking + payment metadata for our records (we never see your card data).

Each processing purpose is mapped to a GDPR Art 6 lawful basis:

• Respond to your inquiry and arrange consultations — Art 6(1)(b) pre-contractual measures + 6(1)(f) legitimate interest.
• Deliver the strategic advisory service you booked — Art 6(1)(b) contract.
• Comply with Florida real-estate record-keeping (FREC Rule 61J2-14.012(1) requires retention of transactional documents for at least 5 years from the date of execution by any party) — for EU/EEA subjects we treat this as Art 6(1)(f) legitimate interest, balanced against your rights.
• Newsletter subscriptions — Art 6(1)(a) consent; you can withdraw at any time via the unsubscribe link in every email.
• OFAC sanctions screening — Art 6(1)(c) legal obligation under U.S. economic sanctions law; for EU subjects also Art 49(1)(d) public-interest derogation for the related transfer.

OFAC screening is automated (Art 22 GDPR). If you are routed away from online card payment because of sanctions screening, you have the right to obtain human review and contest the decision by emailing viktoriia@withmeyouwin.com.

We share necessary data with the following processors:

• Vercel (USA, with EU edge regions) — site hosting + serverless edge.
• Supabase (USA / EU regions) — database for Curator transcripts, conversations, screening records, newsletter subscribers.
• Anthropic via Vercel AI Gateway (USA) — language model that powers The Curator. Conversations are processed but not retained for training (zero-retention contract).
• Cal.com (EU) — calendar booking widget AND payment-checkout host. The diagnostic-tier checkout is hosted on Cal.com, which uses Stripe under the hood as the underlying card processor.
• Stripe (USA / EU) — card processor under the Cal.com Connected Account. PCI-DSS compliant; we never see your card data.
• Make.com (EU) — webhook orchestration for cross-channel routing (Telegram, WhatsApp).
• Attio (USA, with EU residency option) — CRM.

Where we transfer personal data of EEA / UK residents to the United States or another country without an EU adequacy decision, we rely on the EU Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914) executed with each processor, supplemented by our zero-retention contract with Anthropic. Vercel, Stripe, and Supabase are also self-certified under the EU-U.S. Data Privacy Framework where applicable. SCC copies are available on request from viktoriia@withmeyouwin.com.

• Inquiry-only data (no transaction): 24 months from last contact, then deleted.
• Transaction-related data: at least 5 years from the date of execution of any related document, per FREC Rule 61J2-14.012(1).
• Curator conversation transcripts: 12 months rolling on Supabase, plus the local-device cache you can clear at any time via the chat widget.
• Newsletter subscribers: until you unsubscribe.
• Sanctions-screening records: 5 years for OFAC audit trail.
• Server-side IP and access logs: maximum 30 days unless tied to a transaction or security incident.

If you are in the EEA, UK, or another GDPR-equivalent jurisdiction, you have rights to access, correct, delete, restrict, port, object to processing, and withdraw consent at any time without affecting prior lawful processing. You may also lodge a complaint with your local supervisory authority. To exercise any right, email viktoriia@withmeyouwin.com — we respond within one month (extendable by two further months for complex requests, with notice given within the first month).

Note: deletion may be limited where Florida real-estate, tax, or audit law requires us to retain a record (see §5). In those cases we restrict processing instead of deleting.

To stop marketing emails, click the unsubscribe link at the foot of any newsletter. To stop WhatsApp or Telegram outreach, reply STOP. For all other marketing-objection requests, email viktoriia@withmeyouwin.com with the subject "unsubscribe".

EU/EEA consumers: by booking and paying for a Diagnostic Session within 14 days of purchase, you expressly consent to immediate performance and acknowledge that you lose your right of withdrawal under Art 16(a) of Directive 2011/83/EU once performance has begun.

See our Cookie Policy for the full inventory of cookies we set ourselves, the third-party cookies triggered by Cal.com and Stripe when you book or pay, and the controls available to you.

We update this policy when the service or applicable law changes. Material changes are highlighted on the site and reflected in the "Last updated" date above.

If you are a California resident, you have additional rights under the California Consumer Privacy Act as amended by CPRA: the right to know what personal information we collect, use, disclose, or share; the right to delete personal information; the right to correct inaccurate personal information; the right to opt out of any sale or sharing of personal information for cross-context behavioral advertising; and the right to limit our use of sensitive personal information. We do not sell your personal information and do not engage in cross-context behavioral advertising. To exercise any of these rights, email viktoriia@withmeyouwin.com — we verify the request and respond within 45 days. You may also designate an authorized agent.

WMYW services are intended for adults age 18 or over making real-estate decisions. We do not knowingly collect personal information from anyone under 18. If we learn we have collected information from a minor, we delete it. If you believe we hold data on a minor, contact viktoriia@withmeyouwin.com.

We do not engage in cross-site behavioral advertising, do not embed remarketing pixels, and do not sell or share personal information for advertising purposes. We do not currently respond to browser Do-Not-Track signals because there is no industry consensus on how to interpret them; however, our practice is equivalent to honoring DNT — no cross-site tracking occurs regardless. Site analytics are processed server-side via Vercel using a salted IP hash; no cross-site profiling.

We apply industry-standard safeguards: TLS for all data in transit; encrypted database storage at our processors (Supabase AES-256); access scoped on a need-to-know basis; zero-retention contract with the language-model provider that powers The Curator; pre-commit secret-leak scans + signature-verified webhook endpoints. No transmission over the internet is fully secure; if we become aware of a breach likely to result in risk to your rights, we notify affected individuals and the applicable supervisory authorities within 72 hours, per GDPR Art 33–34.