Privacy Policy

Introduction

At Waiframe ("we," "our," or "us"), we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our AI-powered wireframing service.

Waiframe is operated from Romania, European Union. We are committed to protecting your privacy in accordance with the General Data Protection Regulation (GDPR) and other applicable privacy laws.

By using Waiframe, you agree to the collection and use of information in accordance with this policy.

Personal Information

• Name and email address (when you create an account)
• Billing information (when you upgrade to a paid plan, processed by Stripe)
• Profile information you choose to provide
• Communications with our support team

Usage Information

• Wireframes, mind maps, and projects you create
• Text prompts and refinement comments you provide to our AI
• Feature usage and interaction data
• Device and browser information
• IP address and approximate location data

Cookies and Tracking

We use cookies and similar technologies to enhance your experience, analyze usage patterns, and provide personalized content. See our Cookies section below for more details.

PostHog Analytics

We use PostHog, a product analytics platform, to understand how users interact with our service. PostHog helps us improve Waiframe by collecting:

• Page views and navigation patterns
• Feature usage events (e.g., creating a project, generating a wireframe)
• Performance metrics and error reports
• Session recordings (anonymized, used to identify UX issues)
• Device type, browser, and operating system information

PostHog data is processed in the European Union. You can opt out of analytics tracking by enabling "Do Not Track" in your browser settings or by contacting us at privacy@waiframe.com.

How We Use Analytics Data

• Identify and fix bugs and usability issues
• Understand which features are most valuable to users
• Improve the overall user experience
• Make informed decisions about product development

OpenAI Integration

Waiframe uses OpenAI's API to power AI-generated wireframes and mind maps. When you use our AI features:

• Your text prompts and refinement comments are sent to OpenAI for processing
• OpenAI processes this data to generate responses and does not use it to train their models (per their API data usage policy)
• We do not send your personal information (name, email) to OpenAI
• Generated content is returned to us and stored in your account

For more information about OpenAI's data practices, please refer toOpenAI's Privacy Policy.

Your Content and AI Training

We do not use your wireframes, mind maps, prompts, or any content you create to train AI models. Your creative work remains yours and is only used to provide you with our service.

• Provide and maintain our wireframing and mind mapping service
• Process your transactions and manage your account
• Generate AI-powered wireframes and mind maps based on your prompts
• Improve our service and user experience through analytics
• Send important notifications and updates about your account
• Provide customer support
• Comply with legal obligations
• Prevent fraud and ensure security

We do not sell, trade, or otherwise transfer your personal information to third parties, except in the following circumstances:

• Service Providers: Trusted partners who assist in operating our service:
  • Supabase (database and authentication, EU region)
  • Stripe (payment processing)
  • OpenAI (AI features)
  • PostHog (analytics, EU region)
  • Vercel (hosting)
• Legal Requirements: When required by law or to protect our rights
• Business Transfers: In the event of a merger, acquisition, or sale of assets
• Consent: When you explicitly agree to the sharing

Data Security

We implement appropriate technical and organizational measures to protect your data:

• TLS/SSL encryption for all data transmission
• Encrypted data storage with Supabase
• Row-level security policies for database access
• Secure authentication with email verification and OAuth
• Regular security reviews and updates
• Limited access to personal data on a need-to-know basis

Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a portable format
• Right to Object: Object to certain types of processing, including direct marketing
• Right to Withdraw Consent: Withdraw consent for data processing at any time
• Right to Lodge a Complaint: File a complaint with a supervisory authority (in Romania: ANSPDCP)

To exercise these rights, contact us at privacy@waiframe.com. We will respond within 30 days.

We use the following types of cookies:

Data Retention

We retain your information for as long as necessary to:

• Provide our service and maintain your account
• Comply with legal obligations (e.g., tax records for 10 years)
• Resolve disputes and enforce agreements

When you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it for legal purposes.

International Data Transfers

We primarily store and process data within the European Union. When data is transferred outside the EU (e.g., to OpenAI in the United States), we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Data Processing Agreements with all service providers
• Verification that recipients provide adequate data protection

If you have questions about this Privacy Policy or our data practices, please contact us: