Data Handling Summary

We know privacy is your #1 concern—especially if you handle sensitive client information (healthcare, legal, financial). This document answers what we collect, what we don't, where it's stored, and how it's protected. Our Core Principle: WAID is metadata-first. We collect signals about which AI tools are used—never the content of your work.

1. What WAID Collects

WAID Snapshot (One-Time Scan)

When you run WAID Snapshot, we collect:

Browser History Metadata: AI domain visits, timestamps, frequency. (No page content)
Browser Extension Information: Name, ID, permissions, install date. (No extension data)
Application Logs: Names of AI-related desktop apps. (No app content)
Device Information: Hashed unique ID, OS, version. (No personal identifiers)

WAID Gate (Continuous Monitoring)

When devices connect to WAID Gate, we collect:

Network Traffic Metadata: Domain connections, timestamps, duration, data volume. (No packet contents)
Connection Attempts: Blocked domains and timestamps.

2. What WAID Never Collects

We Never Access Content. WAID is metadata-only. We explicitly do NOT collect:

❌ AI Prompts or Questions
❌ AI Responses or Outputs
❌ Documents or Files
❌ Clipboard Contents
❌ Passwords or Credentials
❌ Keystrokes
❌ Screen Recordings
❌ Personal Conversations

3. Data Storage & Security

Primary Storage: Australia. All data is stored on AWS Sydney Region (ap-southeast-2) with backups in Melbourne. Data does not leave Australian jurisdiction.

Security Measures:

Encryption in Transit (TLS 1.3)
Encryption at Rest (AES-256)
Role-based access controls
Regular security audits and penetration testing

4. Data Retention Periods

Data Type	Retention Period	Can Delete Earlier?
WAID Snapshot Reports	90 days default	Yes
WAID Gate Evidence Packs	7 years (compliance)	No (generally)
Network Traffic Logs	30 days	Yes

5. Your Rights & Controls

Under the Australian Privacy Principles, you have the right to access, correct, delete, or object to the processing of your data. You can also export your data at any time.

6. Third-Party Services

We use minimal third-party services: AWS (Hosting, Australia), Stripe (Payments), and SendGrid (Email). We do NOT use Google Analytics, Facebook Pixel, or any advertising trackers. We do NOT share your data with AI companies for training.

7. Contact

For privacy inquiries or data requests, contact us at privacy@waid.ai.