Last Updated: January 9, 2025
1. Introduction
This Privacy Policy explains how Waveloom ("we," "our," or "us") collects, uses, and protects your personal information when you use our AI workflow orchestration platform and related services (the "Services").
2. Information We Collect
2.1 Information You Provide
- Account information (name, email, password)
- Billing information
- Company information (optional)
- Communication preferences
- Support requests and correspondence
2.2 Automatically Collected Information
- Usage data and analytics
- Log data and performance metrics
- Device information
- IP addresses
- Cookies and similar technologies
2.3 Workflow Data
- AI workflow configurations
- Processing results and outputs (transient unless saved by user)
- Performance metrics
- Integration settings and credentials (managed securely, not stored plaintext)
- Generated content metadata (e.g., for CDN storage)
3. Third-Party Services and Data Processing
3.1 AI Service Providers
- We facilitate access to third-party AI services (e.g., OpenAI, Anthropic).
- Data is processed according to their respective privacy policies.
- We transmit necessary input data to these services for processing.
- Generated content may be stored temporarily or persistently (if saved by user) on our CDN.
3.2 Service Providers
We share data with trusted service providers for:
- Payment processing (e.g., Stripe)
- Infrastructure and hosting (e.g., AWS, Cloudflare)
- Analytics and monitoring
- Customer support tools
- Email communications
4. How We Use Your Information
We use collected information to:
- Provide, operate, and maintain our Services.
- Process payments and manage subscriptions.
- Send administrative communications (updates, security alerts, support messages).
- Provide customer support and respond to inquiries.
- Improve and optimize our Services based on usage patterns.
- Detect and prevent fraud, abuse, and security incidents.
- Comply with legal obligations and enforce our terms.
- Monitor for compliance with our Acceptable Use Policy.
5. Data Storage and Security
5.1 Data Storage
- We store data in secure cloud environments.
- User-generated content (if saved) is stored on Cloudflare R2 CDN.
- Data is retained only as long as necessary for service provision or legal requirements.
- You can request data deletion subject to legal and operational constraints.
5.2 Security Measures
We implement appropriate technical and organizational security measures:
- Encryption of data in transit (TLS/SSL) and at rest.
- Strict access controls and authentication mechanisms.
- Regular security assessments and vulnerability scanning.
- Incident response procedures.
- Secure management of API keys and credentials (never stored plaintext).
6. AI Data Processing
6.1 Collection and Use
- Inputs and outputs for AI models processed via third parties are subject to their policies. We act as a conduit.
- We may log metadata about AI interactions (e.g., model used, tokens processed) for billing and monitoring.
- Data used for internal model fine-tuning (if any) is anonymized.
- Usage patterns are analyzed primarily for abuse detection and service optimization.
- We minimize the collection and retention of personal data within AI processing flows.
6.2 Data Retention
- AI interaction logs are retained according to operational needs and legal requirements.
- Data explicitly saved by the user (e.g., saved conversations) is retained until deleted by the user.
- Anonymized or aggregated data may be retained longer for analytics.
- Data necessary for abuse prevention or legal compliance may be retained as required.
6.3 AI Safety Measures
- We rely on the safety measures implemented by the third-party AI providers.
- We monitor usage for patterns indicative of misuse against our Acceptable Use Policy.
- Outputs may be subject to filtering based on third-party provider policies.
- We have incident response procedures for potential AI-related security or safety issues.
7. Your Rights and Choices
Depending on your location, you may have the right to:
- Access the personal information we hold about you.
- Correct inaccurate personal data.
- Request deletion of your personal data.
- Object to certain types of data processing.
- Request data portability (receive your data in a structured format).
- Opt-out of non-essential marketing communications.
To exercise these rights, please contact us at privacy@waveloom.dev
.
8. International Data Transfers
- Your information may be transferred to and processed in countries other than your own, including the United States.
- We use appropriate safeguards (e.g., Standard Contractual Clauses where applicable) for international data transfers.
- We ensure that data transferred internationally receives adequate protection according to applicable data protection laws.
9. Cookie Policy
- We use cookies and similar technologies (e.g., local storage) to:
- Maintain user sessions and authentication.
- Remember user preferences and settings.
- Analyze usage patterns for service improvement.
- Enhance user experience.
- Prevent abuse and ensure security.
- You can manage cookie preferences through your browser settings.
10. Children's Privacy
- Our Services are not intended for individuals under the age of 13.
- We do not knowingly collect personal data from children under 13.
- If we become aware that we have inadvertently collected such data, we will take steps to delete it.
- Users between 13 and 18 must have parent or guardian consent to use the Services.
11. Legal Compliance
11.1 GDPR Compliance (For EU/UK Residents)
- Lawful Basis: We process personal data based on contract necessity, legitimate interests, consent (where applicable), and legal obligations.
- Your Rights: You have rights under GDPR, including access, rectification, erasure, restriction, objection, and portability.
- Data Protection Officer: Contact
privacy@waveloom.dev
for GDPR-related inquiries.
11.2 CCPA Compliance (For California Residents)
- Your Rights: You have rights under CCPA, including the right to know, delete, and opt-out of the "sale" (as defined by CCPA) of personal information. Waveloom does not "sell" personal information in the traditional sense.
- Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
12. Changes to Privacy Policy
- We may update this Privacy Policy periodically.
- Changes will be posted on our website with an updated "Last Updated" date.
- For material changes, we may provide additional notice (e.g., via email).
- Your continued use of the Services after changes constitutes acceptance of the revised Policy.
13. Contact Information
For privacy-related inquiries or to exercise your rights:
- Privacy Concerns:
privacy@waveloom.dev
- General Questions:
hello@waveloom.dev
- Website:
waveloom.dev/pages/privacy-policy