Security & Privacy

Your work is sensitive. Waffl AI treats it that way.

Waffl AI is designed from day one to behave like a trusted executive assistant—not a data vacuum. Everything we build starts with a simple principle:

Your data is yours. Waffl AI only uses it to help you, and you stay fully in control.

Below is a clear overview of how Waffl AI keeps your information private, protected, and secured at every level of the system.

Our Security Principles

🔒

1. Privacy by Design

Waffl AI is architected so your information is always handled with the least access necessary. We never ingest more than we need, never store raw data unnecessarily, and never use your information to train public models.

🔑

2. You Control Your Data

You choose which accounts Waffl AI can see—email, Slack, Teams, Jira, calendar, and others. You can disconnect them anytime, and all associated data is deleted from our systems.

🧠

3. Secure Data Architecture

Waffl AI enforces strict access controls per user account. No shared embeddings, no shared vector stores, and no shared indexing pipelines. This reduces risk and ensures your information is never blended with anyone else's.

☁️

4. No Human Access

Waffl AI team members cannot see your messages, tasks, or account contents. Support interactions require explicit user approval and temporary access tokens—never unrestricted visibility.

🚫

5. No Selling or Sharing Data

We do not sell, rent, or share your data with third parties. We only use your data to provide your Waffl AI experience. Nothing more.

How Waffl AI Handles Data

Selective Ingestion Only

Waffl AI does not copy your entire inbox or Slack history. Instead, it ingests only the signals required to:

Identify tasks and commitments
Detect urgency and deadlines
Provide summaries and daily briefs
Surface what matters most

We avoid unnecessary retention by default.

Encryption Everywhere

Data in Transit

All communication between Waffl AI and your connected tools uses TLS 1.2+ encryption.

Data at Rest

All information stored by Waffl AI—including embeddings, metadata, and logs—is encrypted using industry-standard 256-bit AES.

Key Management

Encryption keys are rotated regularly and never stored in plaintext.

Third-Party Integrations

Waffl AI uses official, secure APIs for all integrations:

Gmail & Outlook
Slack
Microsoft Teams
Jira
Calendar providers
Zoom (future)

These APIs enforce granular scopes. You approve exactly what Waffl AI can access—and nothing more.

AI Model Handling & Privacy

Secure Processing

AI processing happens within Waffl AI's secure environment, using your data store with strict access controls per user account and your private embeddings.

We do not send your identifiable work content to public, shared, or non-enterprise AI models.

Model Training

Your data is never used to train global or public models. Your queries and summaries remain private to your account.

User Transparency & Control

Easily Disconnect Any Integration

Removing access from Waffl AI immediately revokes all future data flow and schedules deletion of associated stored data.

Export & Deletion

You may request:

A complete export of all Waffl AI-stored data
Permanent deletion of your account and all stored content

No delays. No questions. No hidden caches.

Compliance & Roadmap

Waffl AI is built with a clear enterprise roadmap:

Current Practices

Encrypted storage with strict access controls
Zero-trust service design
Monthly security reviews
Vulnerability scanning
API-level least-privilege access

Planned Compliance

SOC 2 Type II Certification
SSO/SAML Integration
Audit logs for enterprise teams
Automated data lifecycle policies
Regional data residency options