Privacy Policy

Last updated: January 30, 2025

15 sections

Your Privacy Matters

We are committed to protecting your data. This policy is GDPR and CCPA compliant. We collect only necessary information, never sell your data, and give you full control over your personal information.

Introduction

WISTX Inc. ("WISTX", "we", "us", or "our") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our service, including our website (https://wistx.ai), API services, MCP server, and related applications (collectively, the "Service").

By accessing or using our Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

This Privacy Policy complies with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable privacy laws. We are committed to providing transparency about our data practices and giving you control over your personal information.

Information We Collect

We collect information you provide directly to us, information we collect automatically, and information from third-party sources.

Information You Provide Directly

Account Information

Name and email address

Company name and role (optional)

Billing information (processed securely through Stripe)

API keys and authentication tokens you generate

Service Usage Information

Queries and requests made to our API or MCP server

Infrastructure resources you analyze

Compliance standards you search

Feedback and support communications

Repository and Documentation Data

URLs of public repositories you choose to index

Documentation links you submit for indexing

Metadata about indexed content (never the actual code)

Information Collected Automatically

Usage Data

API endpoint access patterns

Query types and frequency

Performance metrics and error logs

Feature usage statistics

Device and Connection Information

IP address and approximate geolocation

Browser type and operating system

Device identifiers

Referral URLs

Cookies and Tracking Technologies

Session cookies for authentication

Analytics cookies (with your consent)

Performance monitoring data

Information from Third Parties

OAuth Providers

Basic profile information from Google or GitHub when you authenticate

Email address and name

OAuth tokens (stored securely)

Payment Processors

Transaction confirmations from Stripe

Subscription status updates

Important Note: We do NOT store or have access to:

Your actual source code

Sensitive infrastructure configurations

Passwords or secrets from your repositories

Credit card numbers (handled by Stripe)

How We Use Your Information

We use the information we collect for the following purposes:

To Provide and Maintain Our Service

Process your API requests and deliver relevant context

Authenticate your access to the Service

Manage your account and subscriptions

Provide customer support and respond to inquiries

To Improve and Develop Our Service

Analyze usage patterns to improve our algorithms

Identify popular features and optimize performance

Develop new features and capabilities

Fix bugs and technical issues

To Communicate with You

Send service-related notifications and updates

Respond to your support requests

Send product updates and feature announcements (with your consent)

Provide technical alerts and security notices

For Billing and Compliance

Process payments and manage subscriptions

Track usage for billing purposes

Comply with legal obligations

Detect and prevent fraud

For Analytics and Research

Understand how users interact with our Service

Measure the effectiveness of features

Conduct research to improve DevOps workflows

Generate aggregated, anonymized insights

Legal Basis for Processing (GDPR)

We process your personal data based on:

Contract: To provide the Service you've requested

Legitimate Interests: To improve our Service and ensure security

Consent: For marketing communications and analytics

Legal Obligations: To comply with applicable laws

How We Share Your Information

We do not sell, rent, or trade your personal information. We may share your information only in the following circumstances:

Service Providers

We work with trusted third-party service providers who assist us in operating our Service:

Stripe: Payment processing

MongoDB Atlas: Data storage

Google Cloud Platform: Infrastructure hosting

Pinecone: Vector database services

Sentry: Error monitoring and debugging

Analytics Providers: Usage analytics (with your consent)

All service providers are contractually obligated to protect your information and use it only for providing services to us.

Business Transfers

If WISTX is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or use of your personal information.

Legal Requirements

We may disclose your information if required to do so by law or in response to valid legal requests, including:

Court orders or subpoenas

Government agency requests

To protect our rights, privacy, safety, or property

To prevent fraud or illegal activities

Aggregated and Anonymized Data

We may share aggregated, anonymized data that cannot identify you personally, such as:

Industry usage trends

Popular compliance standards

General usage statistics

With Your Consent

We may share your information for other purposes with your explicit consent.

Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law.

Retention Periods

Account Information: Retained for the duration of your account plus 90 days after deletion

Usage Data:

Detailed logs: 90 days

Aggregated analytics: 2 years

Billing records: 7 years (legal requirement)

Indexed Repository Metadata: Until you request deletion or 30 days after account termination

Support Communications: 2 years from last interaction

Marketing Preferences: Until you unsubscribe or request deletion

Deletion Process

When you request account deletion:

1Your account is immediately deactivated

2Personal data is deleted within 30 days

3Backups are purged within 90 days

4Some data may be retained for legal obligations

Data Minimization

We practice data minimization by:

Collecting only necessary information

Automatically purging old logs

Anonymizing data where possible

Regularly reviewing data retention practices

Data Security

We implement industry-standard security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.

Technical Safeguards

Encryption: All data transfers use TLS 1.3 encryption

Encryption at Rest: Database encryption using AES-256

Access Controls: Role-based access with multi-factor authentication

API Security: Secure API keys with rate limiting and IP restrictions

Infrastructure Security: Cloud infrastructure with security best practices

Organizational Measures

Regular security training for employees

Limited access to personal data on a need-to-know basis

Confidentiality agreements with all personnel

Regular security audits and penetration testing

Incident response procedures

Compliance Standards

Working towards SOC2 Type II certification

GDPR and CCPA compliant practices

Regular third-party security assessments

Your Security Responsibilities

Keep your API keys confidential

Use strong, unique passwords

Enable two-factor authentication

Report security concerns immediately

Breach Notification

In the event of a data breach that may affect your personal information, we will:

Notify you within 72 hours

Provide details about the breach

Explain steps we're taking to address it

Offer guidance on protecting yourself

Your Privacy Rights

Depending on your location, you have specific rights regarding your personal information:

Rights for All Users

Access: Request a copy of your personal data

Correction: Update or correct inaccurate information

Deletion: Request deletion of your personal data

Portability: Receive your data in a portable format

Restriction: Limit how we process your data

Object: Opt-out of certain processing activities

GDPR Rights (European Union)

If you're in the EU/EEA, you additionally have the right to:

Withdraw consent at any time

Lodge a complaint with your supervisory authority

Object to automated decision-making

Request human review of automated decisions

Data Protection Officer Contact: dpo@wistx.ai

CCPA Rights (California)

California residents have additional rights:

Know what personal information we collect, use, and share

Delete personal information (with exceptions)

Opt-out of the sale of personal information (we don't sell data)

Non-discrimination for exercising privacy rights

Categories of Information (CCPA)

Identifiers: name, email, IP address

Commercial information: subscription details

Internet activity: usage data

Professional information: company, role

Exercising Your Rights

To exercise any of these rights:

Email: privacy@wistx.ai

Account Settings: Self-service options

Response Time: Within 30 days (45 days for complex requests)

Verification Process

We may need to verify your identity before processing requests:

Email verification

Account authentication

Additional information for security

International Data Transfers

WISTX operates globally and may transfer your information internationally.

Data Location

Our primary data processing occurs in:

United States (Google Cloud Platform)

MongoDB Atlas global infrastructure

Service provider locations

Transfer Safeguards

For transfers outside your jurisdiction, we ensure protection through:

Standard Contractual Clauses (EU approved)

Privacy Shield principles (where applicable)

Adequate security measures

Compliance with local laws

Your Consent

By using our Service, you consent to the transfer of your information to countries that may have different data protection laws than your jurisdiction. We ensure all transfers comply with applicable legal requirements.

Cookies and Tracking

We use cookies and similar technologies to enhance your experience and analyze usage.

Types of Cookies

Essential Cookies

Authentication and security

Session management

API key validation

Cannot be disabled

Analytics Cookies (Optional)

Usage patterns and trends

Feature effectiveness

Performance monitoring

Requires your consent

Marketing Cookies (Optional)

Remarketing campaigns

Conversion tracking

Interest-based content

Requires your consent

Managing Cookies

Browser settings: Control cookie acceptance

Cookie banner: Manage preferences on our website

Account settings: Update tracking preferences

Do Not Track: We respect DNT browser signals

Third-Party Services

Some third-party services may set their own cookies:

Google Analytics (optional)

Stripe (payment processing)

OAuth providers (authentication)

Local Storage

We may use local storage for:

Temporary data caching

User preferences

Performance optimization

Children's Privacy

WISTX is not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18.

Age Restrictions

Users must be 18 or older

Business accounts require adult authorization

Educational use requires institutional accounts

If We Discover Child Data

If we learn we've collected information from a child under 18:

We will delete the information immediately

Terminate any associated account

Notify relevant parties if required

Parental Rights

Parents who believe we may have information about their child should contact us immediately at privacy@wistx.ai.

Third-Party Links and Services

Our Service may contain links to third-party websites or integrate with third-party services.

External Links

We are not responsible for the privacy practices of external sites:

Review their privacy policies

We don't control their data collection

Use at your own discretion

Integrated Services

OAuth providers (Google, GitHub)

Payment processors (Stripe)

Cloud services (MongoDB, GCP)

Analytics tools (with consent)

Each service has its own privacy policy and data practices.

Developer Tools Integration

Cursor, Claude Desktop, Windsurf

VS Code and other IDEs

MCP protocol implementations

These integrations operate under their respective privacy policies.

Marketing and Communications

We may send you marketing communications with your consent.

Types of Communications

Transactional Emails (Always Sent)

Account notifications

Security alerts

Billing updates

Service changes

Marketing Emails (Optional)

Product updates

Feature announcements

Educational content

Industry insights

Managing Preferences

Unsubscribe link in every marketing email

Account settings preferences

Email privacy@wistx.ai

Complete opt-out available

Communication Channels

Email (primary)

In-app notifications

Blog subscriptions

Social media (if you follow us)

We Never

Sell email lists

Send spam

Share your contact information

Send emails after you unsubscribe

Legal Compliance

We comply with applicable data protection laws and regulations.

Compliance Framework

GDPR (European Union)

CCPA/CPRA (California)

PIPEDA (Canada)

LGPD (Brazil)

Other applicable laws

Law Enforcement Requests

We carefully review all requests and:

Verify legal validity

Minimize disclosure

Notify you when permitted

Challenge overly broad requests

Maintain transparency reports

Regulatory Cooperation

Work with data protection authorities

Respond to regulatory inquiries

Implement required safeguards

Maintain compliance documentation

Your Legal Rights

Regardless of location, we respect:

Right to privacy

Data protection principles

Fair information practices

Transparency requirements

Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements.

Notification Process

Email notification for material changes

30-day notice before changes take effect

Banner notification on our website

Updated "Last Updated" date

Material Changes Include

New data collection practices

Changes in data sharing

New purposes for processing

Changes in retention periods

Updates to user rights

Review Recommendations

Check this policy periodically

Review after notifications

Save copies for your records

Historical Versions

Previous versions available upon request at privacy@wistx.ai.

Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices:

Data Protection Contact

Email: privacy@wistx.ai

Data Protection Officer: dpo@wistx.ai

General Inquiries

Email: hi@wistx.ai

Website: https://wistx.ai/contact

Mailing Address

WISTX Inc.

[Address will be updated]

United States

Response Times

General inquiries: 2 business days

Privacy rights requests: 30 days

Urgent security matters: 24 hours

Supervisory Authorities

EU residents may contact their local data protection authority.

California residents may contact the California Privacy Protection Agency.

Accessibility

For accessible versions of this policy, contact accessibility@wistx.ai.

Questions about this Privacy Policy?

We're here to help clarify any questions you may have about our privacy practices.

Contact Privacy Team General Support