Privacy Policy

1. Data we collect

When you use Wauldo, we collect:

• Documents you upload — text files, PDFs, and other content submitted for retrieval-augmented processing.
• Queries — the questions you ask against your uploaded documents or against /v1/fact-check.
• Usage metrics — request counts, response times, and error rates for service-quality purposes.
• Account identifiers — authentication tokens and tenant identifiers provided by RapidAPI or by our direct-issue API key system.

We do not collect personal information beyond what is necessary to provide the service.

1.b Lawful basis for processing (GDPR Art. 6)

We process your data on the following bases:

• Contract (Art. 6(1)(b)) — processing your queries, indexing your uploaded documents, and returning verdicts is required to deliver the service you requested.
• Consent (Art. 6(1)(a)) — Studio sign-in via magic-link email is processed only after you submit your address. You can withdraw consent at any time by deleting your account at /studio/settings or emailing privacy@wauldo.com.
• Legitimate interest (Art. 6(1)(f)) — aggregate quality monitoring, abuse detection, and security logging. You can object via privacy@wauldo.com.

2. How we use your data

• Service delivery — processing your documents, indexing them for search, and generating AI-grounded answers with a support_score.
• Quality improvement — monitoring aggregate performance metrics, retrieval accuracy, and fact-check calibration.
• Security — detecting abuse, enforcing rate limits, and maintaining tenant isolation.
• Email digest delivery (opt-in) — if you subscribe in Studio Settings, we process your email and weekly activity counts to compile and send a recap every Monday around 13:00 UTC. We never send a digest if you had no runs that week. Unsubscribe in one click from any digest, or revoke consent any time in Studio Settings.

We do not use your uploaded documents to train AI models. Your content is used solely to answer your queries.

3. Data retention

Uploaded documents and their indexed chunks are stored for as long as your tenant collection exists. When you delete a collection via the API, all associated documents, chunks, and embeddings are removed.

Usage logs are retained for up to 90 days for debugging and quality monitoring, then automatically purged.

4. Third-party services (subprocessors)

To provide the service, the following subprocessors handle your data on our behalf. None train AI models on your content.

• OpenRouter — routes queries to language models (Google Gemini, OpenAI GPT, Qwen, etc.). Only the query and relevant excerpts are sent, not your full uploaded files.
• RapidAPI — handles billing, subscription management, and API-key authentication for marketplace users.
• Amazon Web Services (us-east-1, USA) — infrastructure host for api.wauldo.com. Cross-border transfer covered by Standard Contractual Clauses.
• Upstash Redis — managed cache for Studio sessions, quota counters, magic-link consume list, webhook configurations.
• Vercel — infrastructure host for wauldo.com marketing surface and Studio Edge functions.
• Resend — transactional email delivery for Studio magic-link sign-in. Email body and recipient retained per Resend retention policy.
• Stripe (if subscribed) — billing, subscription state, and customer record. Stripe stores its own data per its privacy policy.
• Google Analytics 4 — aggregate pageview metrics on the marketing site only (not the API or Studio runtime). IP anonymization enabled.

We select providers that offer data-processing agreements (DPA) and do not use your data for model training. To request the list of active DPAs, email privacy@wauldo.com.

5. Data security

• Encryption in transit — all API communication uses TLS (HTTPS).
• Tenant isolation — every user's documents are scoped to their tenant. No cross-tenant data access is possible; tenant identifiers are validated at every request boundary.
• Authentication — JWT- and Bearer-based auth with brute-force protection and rate limiting.
• Infrastructure — managed cloud hosting with security, monitoring, and a fail-closed posture on quota enforcement.

See our security page for a fuller account of the stack controls.

6. We do not sell your data

We do not sell, rent, or share your data with third parties for advertising or marketing purposes. Your documents and queries are never monetized beyond providing the service you pay for.

7. Cookies & analytics consent

Wauldo is an API service and does not use tracking cookies on its API surface. The marketing website (wauldo.com) optionally loads Google Analytics 4 for aggregate pageview metrics — but only after you accept via the consent banner shown on first visit. If you decline, no GA scripts are loaded and no _ga cookie is set. No personally identifiable information is collected, and no profile is built across third-party sites. Your choice is stored locally for 6 months.

You can change your choice at any time: Accept analytics Reject analytics Reset choice

8. Your rights (GDPR)

If you are located in the European Economic Area, you have the right to:

• Access — request a copy of the data we hold about you.
• Deletion — request that we delete your data (collections can be deleted via API, or contact us for full account deletion).
• Portability — request your data in a machine-readable format.
• Rectification — request correction of inaccurate data.
• Objection — object to processing on legitimate-interest grounds.

To exercise any of these rights, email privacy@wauldo.com. We will respond within 30 days.

Studio users can self-serve the most common requests directly:

• Export — /studio/settings → "Download my data (JSON)".
• Delete — /studio/settings → "Permanently delete my account" (irreversible, includes all agents and settings).

You may also lodge a complaint with the supervisory authority — for users in France, the Commission Nationale de l'Informatique et des Libertés (CNIL) at cnil.fr. For other EEA member states, contact your national authority.

9. Changes to this policy

We may update this privacy policy from time to time. Material changes will be communicated via email (to customers with an active subscription) or a notice on our website. Continued use of the service after changes constitutes acceptance.

10. Contact

For privacy-related questions or data requests, contact us at privacy@wauldo.com.

See also our mentions légales for editor identity, hosting information, and regulatory disclosures required under French law (LCEN).