Privacy Policy
WALD INC. PRIVACY POLICY
Updated and effective: August, 2024
Wald is committed to protecting your privacy and personal information as a data sanitization company. This Privacy Policy outlines our commitment to safeguarding the privacy and security of your sensitive information processed by our services ("Services"). Our practices are designed to protect your data while ensuring Services are effective for compliance with applicable data privacy laws. You are subject to our Terms of use to use our Services.
TABLE OF CONTENTS
- Our Commitment
- Sources of Personal Information
- Information We Collect
- How We Use Your Information
- Use of Google Workspace APIs and AI/ML Model Development Policy
- How We Share Information
- How We Sanitize Prompts
- Data Retention and Deletion
- Your Rights and Choices
- Nondiscrimination
- No Children
- Changes to this Policy
- Contact
Our Commitment
At Wald, securing your privacy and security is critical to our mission. We prioritize data privacy and security with utmost seriousness. Our proprietary, multi-tiered security system attentively sanitizes sensitive data in your prompts before sending to external large language models (LLMs) to generate outputs. We do not have visibility to your original prompts and after sanitization, we lose access to your prompts as we store them for your access only. In other words, we interact solely with the sanitized versions of your queries. Your sensitive information within the stored prompts remains exclusively visible and accessible to you or your organization's administrator.
We adhere to industry-leading technical and organizational protocols to protect information against loss, misuse, unauthorized access, or disclosure.Sources of Personal Information
There are three primary sources of personal information that we collect to provide you with our Services:
- You: We collect the information you provide to us when you use our Services, including when you sign up. We also collect information about how you browse through our apps and sites.
- Your device(s): We collect information from and about the devices you use, including computers, phones, and other web-connected devices you use to access our apps or Services, and we combine this information across different devices you use.
- Third parties: In our effort to enhance user experience, conduct market research, or improve our Services, we may receive your personal information from our analytics providers, cookie providers, email providers, service providers, and/or subprocessors. For more information on cookies, please read our Cookie Policy. Please note that we may also use authentication tools to streamline our customers' access to our Services. If you opt in to use our authentication tools and consent to the sharing of certain personal data with us, such as name or profile picture, we may collect such information for the purpose of authenticating your identity to facilitate a convenient sign-in process and to ensure the integrity of your account. If you prefer not to share your personal data through our authentication service provider, you have the right to withdraw your consent at any time. You hereby acknowledge that once you opt out, your access to certain convenient features of our Services may be affected.
We may also combine the personal information we have about you with information that we may obtain from other sources, including publicly available sources such as search engines, and from databases operated by other third parties such as vendors or business partners.
Information We Collect
We collect and process the following types of data to provide our Services:
Types of Data Details Identity and Contact Data We collect identifiers, such as your name and email address, when you sign up for an account, subscribe to receive information about our Services, or browse our website. Payment Information We collect your payment information if you choose to purchase our Services. Inputs and Outputs Our Services allow you to prompt the Services in a variety of media including to the format of text, files and documents, along with the metadata and other information contained therein ("Inputs"), which generate responses ("Outputs") based on your Inputs.
We do not collect personal data in your Inputs unless you choose to share with us.Feedback We appreciate feedback, including ideas and suggestions for improvement, rating the accuracy of Outputs in response to Inputs, or reporting any issues to us ("Feedback"). We will store and may choose to use your Feedback. Communication Information If you communicate with us, including via our social media accounts or other channels, we collect your name, contact information, and the contents of any messages you send through those channels. Technical Information When you use the Services, we also receive certain technical data automatically, such as (1) device or browser information (e.g. device type, operating system information, browser information and web page referrers, mobile network, connection information); (2) usage information (e.g. dates and times of access, information about the links you click); and (3) troubleshooting information (e.g. error, the time the error occurred, content provided at the time of the error). Cookies We may use cookies, scripts, or similar technologies ("Cookies") to manage Services and to collect information about you, your interactions with our website, and your use of the Services. These technologies are meant to help us personalize your experience by recognizing you and analyzing the use of our Services to make our Services more useful to you. How We Use Your Information
We use your personal data for the purposes summarized in the table below. The lawful bases for processing personal data are:
- contract – we process your data to provide you with Services pursuant to a contract;
- compliance – we are required to comply with legal or regulatory obligations;
- consent – we process your data when you give us your consent; and/or
- legitimate interests – we need to investigate, prevent or enforce violations of our Terms of useincluding misuse of our Services, fraud, or abuse.
Types of Data Business Purpose - Identity and Contact Data
- Payment Information
- Feedback
To create and administer your account, and facilitate payments for Services - Identity and Contact Data
- Payment Information
- Feedback
- Sanitized Inputs and Outputs
To provide, maintain, facilitate, and enhance any Services offered to you with respect to your account, which are also subject to our Terms of use - Identity and Contact Data
- Communication Information
To communicate with you for non-marketing purposes including sending you services-related emails, push notifications, and other messages - Identity and Contact Data
To send you marketing communications if you sign up to receive them - Identity and Contact Data
- Payment Information
- Inputs and Outputs
- Technical Information
- Cookies
To prevent and investigate fraud, abuse, violations of our Terms of use, unlawful or criminal activity, unauthorized access to personal data, or misuse of our systems and networks - Identity and Contact Data
- Inputs and Outputs
- Feedback
To investigate and resolve any disputes - Identity and Contact Data
- Feedback
- Technical Information
- Cookies
- Inputs and Outputs
To investigate and resolve any security issues - Identity and Contact Data
- Feedback
- Technical Information
- Cookies
To improve our Services and conduct research - Sanitized Inputs and Outputs
- Feedback
- Technical Information
Use sanitized Inputs and Outputs during the term of your subscription to train our AI model Use of Google Workspace APIs and AI/ML Model Development Policy
- Compliance with Google Workspace API Usage: We affirm that the Google Workspace APIs accessed through our services are not used for developing, improving, or training generalized artificial intelligence (AI) or machine learning (ML) models.
- Data Handling and Processing: All data accessed via Google Workspace APIs is processed in accordance with our privacy policy, strictly adhering to the intended purpose as specified and not for the development of generalized AI or ML technologies.
- Restrictions on Data Use: We ensure that no data obtained from Google Workspace APIs will be used to train, calibrate, or improve the capabilities of AI or ML systems, algorithms, or models.
- Transparency and Disclosure: We are committed to maintaining full transparency about our use of data obtained from Google Workspace APIs and will continuously provide clear disclosures about the specific purposes for which this data is used.
- Privacy and Security Measures: Robust privacy and security measures are implemented to protect the data accessed via Google Workspace APIs, ensuring it is handled in compliance with all applicable laws and regulations.
- Third-Party Data Sharing and Access: There is no sharing of data obtained through Google Workspace APIs with any third parties for the purpose of AI or ML model development. Any data sharing practices are clearly outlined in our privacy policy.
How We Share Information
We may share your personal information for the following purposes:
- Service Providers: We may disclose personal data with our service providers for a variety of reasons, including website and data hosting, ensuring compliance with industry standards, research, auditing, and data processing. We only share information that is absolutely necessary to obtain the services we need to provide you with our Services.
- Corporate Transactions: If we are involved in a merger, corporate transaction, bankruptcy, or other situation involving the transfer of business assets, we may disclose your personal data as part of these corporate transactions.
- Third-Party Services: Our Services may involve integrations with, or may direct you to, websites, apps, and services managed by third parties. By interacting with these third parties, you are providing information directly to the third party and not to us, and subject to the third party's privacy policy. If you access third-party services, such as social media sites or other sites linked through the Services, these third-party services will be able to collect personal data about you, including information about your activity on the Services. If we link to a site or service via our Services, you should read their data usage policies or other documentation. Our linking to another site or service doesn't mean we endorse it or speak for that third party.
- Regulatory or Legal Compliance: We may disclose personal data to governmental regulatory authorities as required by law, including for legal, tax or accounting purposes, in response to their requests for such information or to assist in investigations. We may also disclose personal data to third parties in connection with claims, disputes or litigation, when otherwise permitted or required by law, or if we determine its disclosure is reasonably necessary to protect the health and safety of you or any other person, to protect against fraud or credit risk, to enforce our legal rights or the legal rights of others, to enforce contractual commitments that you have made, or as otherwise permitted or required by applicable law.
- Consent: We will otherwise disclose personal data when you give us permission or direct us to disclose such information.
How We Sanitize Prompts
The core value of our Services is in intelligently sanitizing all sensitive information in users' prompts before they are processed for Outputs. Here is an overview of our privacy-enhanced prompt processing:
- Confidentiality of Original Prompts: Your original prompts remain anonymous and confidential, visible only to you or your organization's authorized administrator. We only have access to sanitized versions of your Inputs. This ensures that sensitive information is tightly controlled within your internal team.
- Advanced Sanitization Techniques: We employ proprietary sanitization techniques to process your prompts. Through real-time redaction, any sensitive information is detected and either removed entirely or replaced with generic, non-sensitive details. This process preserves the context and accuracy of your prompts while protecting any sensitive data in your queries.
- Secure External Processing: Once sanitized, prompts are securely sent to external LLMs for Output generation. Importantly, we also retain only the sanitized versions of Inputs and Outputs. External LLMs never gain access or visibility into the sensitive data contained in your original prompts.
- Anonymity and Non-Traceability: Your identity and that of your organization remain completely anonymous and untraceable from external LLMs. This layer of privacy ensures that there is no link back to your personal or organizational identity.
- Comprehensive Data Encryption: All user prompts, as well as data in transit and at rest, are encrypted, providing a robust shield against unauthorized access. The keys used for this encryption are strictly controlled and are not accessible to our systems or employees, ensuring that your data remains private and secure. This encryption safeguards your information at every stage of the prompt and response process.
- Enhanced Security in Breach Scenarios: In the unlikely event of an account breach or hacking incident, the data stored in our custody remains protected as the encryption keys are managed by the users and not by us. Since external LLMs only receive sanitized data, the risk of sensitive enterprise data leakage to LLM service providers is also significantly minimized.
Data Retention and Deletion
We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law. Upon expiration of the retention period, your data is securely deleted.
Your Rights and Choices
We prioritize your privacy and are committed to transparency regarding our data collection and usage practices. You may have certain rights related to your personal information under data protection laws depending on where you are or reside in.
We are not currently subject to the requirements of the General Data Protection Regulation (GDPR), the Health Insurance Portability and Accountability Act (HIPAA), or the California Privacy Rights Act (CPRA). However, we are committed to monitoring the growth and development of our business, as well as any changes in applicable privacy laws and regulations. As our company and data practices evolve, we will update this Privacy Policy to ensure that we are adhering to all applicable legal requirements.
For U.S. residents:
This section outlines the rights and choices you may have regarding your personal information, acknowledging that specific rights may vary based on your residency and our obligations under applicable state data privacy laws. Currently, only those who are a resident of the following states within the U.S. may submit consumer requests to us:
- California
- Colorado
- Connecticut
- Nevada
- New York
- Utah
- Virginia
If we are not subject to data privacy laws in your state, we reserve the right to exercise reasonable discretion in responding to your requests. Your privacy rights may include the following:
- Right to Access: You have the right to request access to the personal information we hold about you.
- Right to Correction: You can request that we correct any inaccurate or incomplete personal information.
- Right to Erasure: You may ask us to delete or remove your personal information in certain circumstances.
- Right to Restrict Processing: You have the right to request that we restrict the processing of your personal information.
- Right to Data Portability: Where applicable, you can request that we transfer your personal information to another organization.
- Right to Object: You have the right to object to the processing of your personal information in certain situations.
To submit requests related to your personal information or to see if you can exercise any of the above data rights, please contact us at privacy@wald.ai. Include sufficient information to allow us to reasonably verify your identity or your authorization to act on behalf of an entity. We are committed to addressing your concerns promptly and transparently.
For Canadian residents:
We are not currently subject to Canadian data privacy laws, including the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws. However, we are committed to respecting privacy and will fully adhere to these laws should we provide our Services to Canadian residents. In case of conflict between our Privacy Policy and this supplemental disclosure for Canadian residents, the supplemental disclosures shall prevail in relation to residents of Canada.
- Intended Collection and Use of Personal Information: We intend to collect personal information such as names, email addresses, and usage data to provide and improve our Services. We will ensure that we obtain express consent from our Canadian users when collecting personal data, except where otherwise permitted by law. We will only collect information necessary for the Services and do not use personal information for purposes other than those to which you have consented.
- Disclosure of Personal Information: We do not disclose personal information to third parties without obtaining prior consent from our users, except as required by law. When we do share data with third-party service providers, they are bound by privacy agreements that require them to keep your information confidential and secure.
- Data Security and Retention: We implement robust security measures to protect personal information against loss, theft, unauthorized access, disclosure, copying, use, or modification. Personal information is retained only as long as necessary to fulfill the purposes for which it was collected or as required by law.
- Access and Corrections: Canadian residents will have the right to access personal information we hold about them and request corrections if necessary. If you wish to access or correct your personal information, please contact us at privacy@wald.ai. We will respond to requests within the time frame specified by Canadian law and provide information on how these requests can be made.
For UK and EU Residents:
Currently, we are not subject to the General Data Protection Regulation (GDPR) or the UK GDPR. However, we recognize the importance of privacy and data protection and are committed to achieving compliance with GDPR and/or UK GDPR should we provide Services to users in these regions. In case of conflict between our Privacy Policy and this supplemental disclosure for UK/EU residents, the supplemental disclosures shall prevail in relation to residents of the UK/EU.
- Intended Collection and Use of Personal Information: We intend to collect personal information such as names, email addresses, and usage data to provide and enhance our Services. We will ensure that all data collection and processing is done in accordance with GDPR principles, which require transparency, lawful basis for processing, data minimization, and purpose limitation. We will obtain explicit consent from our users for collecting and processing their data, except where we can rely on another lawful basis.
- Future Disclosure of Personal Information: We will not disclose personal information to third parties without obtaining prior consent from our users, except as required by law or on other lawful grounds permitted under GDPR or UK GDPR. Any transfer of data outside the UK or EU will be conducted in compliance with GDPR/UK GDPR transfer mechanisms to ensure the security and privacy of personal data.
- Data Security and Retention Plans: We will implement robust security measures to protect personal information against unauthorized access, loss, theft, and other potential risks. Personal information will be retained only as long as necessary to fulfill the purposes for which it was collected or as otherwise required by law.
- Rights of Data Subjects: Residents of the UK/EU will have specific rights under applicable UK GDPR/EU GDPR including the right to access, correct, delete, or restrict processing of their personal data, the right to object to processing, and the right to data portability. Requests to exercise these rights can be directed to privacy@wald.ai, and we will respond within the legally specified time frames.
For Australia and New Zealand Residents:
While we are not currently governed by the Australian Privacy Act 1988 or the New Zealand Privacy Act 2020, we recognize the significance of privacy and data protection and are committed to adhering to these frameworks should we extend our Services to users in these regions. In the event of any discrepancies between our Privacy Policy and this supplemental disclosure for Australian and New Zealand residents, the supplemental disclosures shall take precedence for residents of Australia and New Zealand.
- Intended Collection and Use of Personal Information: We plan to collect personal information such as names, email addresses, and usage data to deliver and improve our Services. We will ensure that all data collection and processing is conducted in accordance with principles similar to those in the Australian Privacy Principles (APPs) and the New Zealand Information Privacy Principles (IPPs), which emphasize transparency, lawful processing, data minimization, and purpose limitation. We will obtain explicit consent from our users for collecting and processing their data, except where we can rely on another lawful basis.
- Future Disclosure of Personal Information: We will not disclose personal information to third parties without obtaining prior consent from our users, except as required by law or on other lawful grounds permitted under Australian or New Zealand law. Any transfer of data outside Australia or New Zealand will be conducted in compliance with respective national laws to ensure the security and privacy of personal data.
- Data Security and Retention Plans: We will implement robust security measures to protect personal information against unauthorized access, loss, theft, and other potential risks. Personal information will be retained only as long as necessary to fulfill the purposes for which it was collected or as otherwise required by law.
- Rights of Data Subjects: Residents of Australia and New Zealand will have specific rights under their respective national laws, including the right to access, correct, delete, or restrict processing of their personal data, the right to object to processing, and in some contexts, the right to data portability. Requests to exercise these rights can be directed to privacy@wald.ai, and we will respond within the legally specified time frames.
Nondiscrimination
We will not discriminate against you if you decide to exercise your privacy rights. We will not deny our Services, charge different prices, or provide different levels of Services based on your exercise of your privacy rights.
No Children
Our Services are not intended for children under the age of 18, and we do not knowingly collect, use, disclose, sell, or share any information about children under this age. If you become aware that a child under 18 has provided personal data to us while using our Services, please contact us at privacy@wald.ai, and we will promptly investigate the issue. Where applicable, we will take steps to delete such personal data.
Changes to this Policy
We will review our Privacy Policy regularly and maintain compliance with all applicable laws as our business grows. We may update our Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We encourage you to review this Privacy Policy periodically for the latest information on our privacy practices. Any changes to this Privacy Policy will become effective when posted on our website.
Contact
For any questions or concerns regarding this Privacy Policy or our data protection practices, please contact us at privacy@wald.ai.