Privacy Policy

1. Information We Collect

We collect only the information necessary to provide and improve the Services.

1.1 Information You Provide

• Account Information: Name, email address, password (hashed), and other registration details.
• Profile Information: Job title, preferences, and optional workflow details.
• Support Communications: Messages or attachments sent to our support team.

1.2 Information from Connected Tools

When you connect a service (e.g., Gmail, Outlook, Slack, Teams, Jira, calendar providers), we access limited data through official APIs, subject to the permissions you grant.

This may include:

• Email metadata and relevant message content
• Slack or Teams messages and notifications relevant to prioritization
• Calendar events and metadata
• Jira or task system updates and ticket metadata

We do not download or permanently store your entire inbox or chat history, and we access only the data needed to identify tasks, commitments, and priorities.

1.3 Automatically Collected Information

• Device identifiers and operating system information
• IP address and general location
• Usage analytics, timestamps, and performance data
• Crash reports

This information helps us improve stability and performance.

1.4 Sensitive Personal Data

Waffl AI does not intentionally collect sensitive personal data (e.g., health information, biometric data, racial/ethnic origin).

Any incidental exposure is processed only to provide the Service and not stored unless necessary.

2. How We Use Your Information

We use personal information to:

1. Provide, maintain, and improve the Services
2. Authenticate users and secure accounts
3. Generate daily briefs, recommendations, and priority lists
4. Detect follow-up needs and deadlines
5. Integrate with third-party tools
6. Provide customer support
7. Conduct analytics to improve user experience
8. Comply with legal obligations

We never use your identifiable data to train public AI models.

3. Legal Bases for Processing (GDPR)

If you are located in the European Economic Area (EEA), the UK, or Switzerland, we process your personal data under these lawful bases:

• Performance of a Contract: To provide the Services you request.
• Consent: When you connect third-party tools or opt into specific features.
• Legitimate Interests: To improve and secure our Services.
• Legal Obligation: When required by law.

4. How We Share Information

We do not sell your personal information and never share data for advertising purposes.

We may share information with:

4.1 Service Providers

Trusted vendors who assist with:

• Cloud hosting
• Error tracking
• Analytics
• Authentication

These providers have contractual obligations to protect your data.

4.2 Third-Party Integrations You Approve

If you connect a service (e.g., Slack or Gmail), we use that provider's secure API to obtain relevant data.

We do not share your data with those providers beyond what is necessary for the integration.

4.3 Legal Requirements

We may share data when required to comply with:

• Law enforcement requests
• Court orders
• Regulatory obligations

We challenge overbroad or inappropriate requests whenever permitted.

4.4 Business Transfers

If Waffl AI is acquired or merges with another company, user data may be transferred as part of the transaction. You will be notified of any material changes.

5. International Data Transfers

Your data may be stored or processed in the United States or other countries where we operate.

We use legally approved transfer mechanisms such as:

• Standard Contractual Clauses (SCCs)
• Equivalent safeguards for international transfers

6. Data Retention

We retain personal information only as long as necessary to:

• Provide the Services
• Comply with legal obligations
• Resolve disputes
• Enforce agreements

When you disconnect an integration, Waffl AI deletes data associated with that integration unless required for security or compliance.

When you delete your account, we delete all associated information except where retention is legally required.

7. Security

We implement industry-standard safeguards, including:

• Encryption in transit (TLS 1.2+)
• Encryption at rest (AES-256)
• Strict access controls per user account
• Zero-trust access policies
• Strict role-based access controls
• Regular security reviews and penetration testing

No security system is perfect, but we are committed to protecting your data with best-in-class practices.

8. Your Rights

8.1 Rights Under GDPR

Users in the EEA/UK/Switzerland have the right to:

• Access your personal data
• Correct inaccurate data
• Delete your data ("right to be forgotten")
• Restrict processing
• Data portability
• Object to processing
• Withdraw consent at any time
• Lodge a complaint with a supervisory authority

8.2 Rights Under CCPA/CPRA (California Residents)

California residents may request:

• Disclosure of categories and specific pieces of personal information collected
• Deletion of personal information
• Correction of inaccurate information
• Opt-out of "selling" or "sharing" personal information (Waffl AI does neither)
• Information on data use and disclosure metrics

We do not discriminate against users who exercise their privacy rights.

9. Children's Privacy

Waffl AI is not intended for children under 16, and we do not knowingly collect information from minors.

If you believe a child has provided information to us, contact us and we will delete it promptly.

10. Third-Party Links

The Services may contain links to external websites or tools.

We are not responsible for the privacy practices or content of those third parties.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes by:

• Email
• In-app notice
• Updated effective date

Continued use of the Services after changes constitutes acceptance.

12. Contact Us

If you have questions or requests regarding this Privacy Policy or your data, contact us: