Privacy Policy

1. Who we are

TODO: Legal entity name, contact email, mailing address.

2. Your writing and AI — our promises

Your writing belongs to you, and we treat it accordingly. When you use Waggle’s AI-assisted features (Pollen search and assistance, Nectar spell-check and writing lints, the continuity checker), the following commitments are absolute:

• We will never use your writing to train AI models. Not ours, not any provider’s. Your prose, manuscripts, lore, and notes are not training data, and we will not make them so.
• No member of our team reads your writing. Not engineers, not support, not contractors. The only people with access to your content are you and anyone you explicitly invite into your workspace.
• AI features only act when you ask them to. Pollen runs a search when you query it. The continuity checker runs against folders you have opted in. Nectar lints text on the page you are actively editing. Nothing reads your work in the background.
• You can disable any or all AI features at any time. Doing so removes Pollen Search, Nectar lints, and the continuity checker without affecting the rest of Waggle.
• We use the following AI providers, each of whom commits in their default API policy to not training their models on the data we send them: OpenAI (GPT-4o mini, plus embeddings), Anthropic (Claude Haiku), Cohere (search rerank), and OpenRouter (routing layer). These providers may retain API request data for up to 30 days for automated abuse and safety monitoring, after which it is deleted. A small percentage of flagged requests may be reviewed by the provider’s own trust-and-safety team under that program — providers do not use that data to train their models, and Waggle staff never see your content.
• If we materially change providers or the data-handling commitments above, we will give you at least 30 days’ notice and you may disable AI features or close your account before changes take effect.

3. What data we collect

TODO: Split into four subsections: (a) Account data (email, name, password hash). (b) Workspace data (content you create in tables, graphs, dashboards, never read by Waggle). (c) Product analytics events (abstract feature-usage events: screen opened, feature used; never your content, never row identifiers). (d) Workspace time tracking (when a workspace owner enables tracking, we record session start, end, and active time on behalf of the employer).

4. What employers can see

TODO: When a workspace owner enables time tracking, they can see: total hours per employee per day/week/month, session start and end times, and an aggregate engagement heatmap for the workspace. They cannot see: what you typed, which rows you opened, or any content-level activity. Employees can view their own full data at any time.

5. What Waggle can see

TODO: For product optimization, we collect abstract feature-usage events (e.g., "dashboard opened", "table row created") with no content, no row identifiers, and no workspace data. We also see aggregated session counts to find dormant users for re-engagement emails. We never read the contents of your workspaces.

6. Your consent and how to change it

TODO: On first sign-in you are asked whether to allow product analytics. You can change this any time in Settings → Analytics. Turning it off immediately halts event collection. Workspace time tracking is controlled separately by the workspace owner; employees are notified when it is enabled.

7. Data retention

TODO: Product analytics events are retained for 90 days. Workspace time-tracking records are retained as long as required for payroll or per your workspace owner's retention policy. You can export your own data from Settings at any time.

8. Sharing and subprocessors

TODO: Waggle uses the following subprocessors to operate the service: Supabase (database + auth hosting), Resend (transactional email), Vercel (application hosting), Stripe (payment processing), OpenRouter (AI features when used). We do not sell your data.

9. Your rights

TODO: You can request access to, correction of, or deletion of your personal data at any time by emailing the address in section 1. You can also export your data directly from the app (Settings → Analytics → Export my data).

10. Children

TODO: Waggle is not intended for users under 13 years of age. We do not knowingly collect data from children. If you believe a child has provided personal information, contact us and we will delete it.

11. Changes to this policy

TODO: We will notify users of material changes to this policy by in-app notification and email at least 14 days before the changes take effect. Continued use after that constitutes acceptance.

12. Contact

TODO: Questions about this policy? Email hello@getwaggle.app.