Skip to content

Privacy Policy

Last updated: March 30, 2026

1. Data We Collect

When you use Wauldo, we collect:

  • Documents you upload — text files, PDFs, and other content submitted for RAG processing
  • Queries — the questions you ask against your uploaded documents
  • Usage metrics — request counts, response times, and error rates (for service quality)
  • Account information — authentication tokens and tenant identifiers provided by RapidAPI

We do not collect personal information beyond what is necessary to provide the service.

2. How We Use Your Data

  • Service delivery — processing your documents, indexing them for search, and generating AI-powered answers
  • Quality improvement — monitoring aggregate performance metrics, retrieval accuracy, and response quality
  • Security — detecting abuse, enforcing rate limits, and maintaining tenant isolation

We do not use your uploaded documents to train AI models. Your content is used solely to answer your queries.

3. Data Retention

Uploaded documents and their indexed chunks are stored for as long as your collection exists. When you delete a collection via the API, all associated documents, chunks, and embeddings are removed.

Usage logs are retained for up to 90 days for debugging and quality monitoring, then automatically purged.

4. Third-Party Services

To provide the service, your queries (not your full documents) are sent to LLM providers for answer generation:

  • OpenRouter — routes queries to language models (Google Gemini, OpenAI GPT, Qwen). Only the query and relevant document excerpts are sent, not your full uploaded files.
  • RapidAPI — handles billing, subscription management, and API key authentication.

We select providers that offer data processing agreements and do not use your data for model training.

5. Data Security

  • Encryption in transit — all API communication uses TLS (HTTPS)
  • Tenant isolation — every user's documents are scoped to their tenant. No cross-tenant data access is possible.
  • Authentication — JWT-based auth with brute-force protection and rate limiting
  • Infrastructure — hosted on Fly.io with managed security and monitoring

6. We Do Not Sell Your Data

We do not sell, rent, or share your data with third parties for advertising or marketing purposes. Your documents and queries are never monetized beyond providing the service you pay for.

7. Cookies

Wauldo is an API service and does not use tracking cookies. The only client-side tokens used are authentication tokens (JWT) required for API access. Our marketing website uses no third-party analytics or tracking scripts.

8. Your Rights (GDPR)

If you are located in the European Economic Area, you have the right to:

  • Access — request a copy of the data we hold about you
  • Deletion — request that we delete your data (collections can be deleted via API, or contact us for full account deletion)
  • Portability — request your data in a machine-readable format
  • Rectification — request correction of inaccurate data

To exercise any of these rights, email privacy@wauldo.com. We will respond within 30 days.

9. Changes to This Policy

We may update this privacy policy from time to time. Material changes will be communicated via email or a notice on our website. Continued use of the service after changes constitutes acceptance.

10. Contact

For privacy-related questions or data requests, contact us at privacy@wauldo.com.