Privacy Policy
Privacy Policy for Reflow AI Inc. (DBA Wayside)
Effective Date: April 3 , 2024
Last Updated: June 30, 2025
1. Definitions
Personal Information – Any information that identifies or can reasonably be linked to an individual (e.g., name, email address).
Usage Data – Technical data automatically generated by your use of our services (e.g., IP address, device identifiers, timestamps).
Processing – Any operation performed on personal information, including collection, storage, use, disclosure, or deletion.
Service Providers / Sub‑processors – Third‑party organizations contracted to process data on our behalf, subject to strict confidentiality and security obligations.
2. Purpose of Collection
We collect personal information solely to:
- Authenticate & Authorize you and secure the platform.
- Configure & Personalize your account and user experience.
- Provide Support & Notify you of security, product, or legal updates.
- Comply with Legal & Regulatory obligations, audits, and enforcement requests.
We do not collect data for behavioral advertising or model training without explicit consent.
3. Information We Collect
- Personal Information: Name, email address, company, and role.
- Usage Data: IP address, domain name, browser/OS details, device identifiers, interaction logs, and timestamps.
- Cookies & Tracking:
- Necessary Cookies for session management and load balancing.
- Analytics Cookies only with your opt‑in.
- Single‑pixel GIFs used strictly for service performance metrics.
We never link cookie / pixel data to your identity unless you have expressly consented (see Section 8).
4. How We Process Your Information
All processing is conducted fairly, lawfully, and transparently under documented Information Security Policies aligned to ISO 27001 and the AICPA Trust Services Criteria (Security, Confidentiality, Availability):
- Least‑Privilege Access: Role‑based permissions enforced via AWS IAM; reviewed quarterly.
- Storage & Retention: Data is stored in AWS regions selected by the customer and retained no longer than necessary.
- Audit Logging: All access and administrative actions are logged and monitored 24 × 7.
5. Controls for the Protection of Personal Information
Our controls were independently assessed in our SOC‑2 Type II report (covering 1 Jul 2024 – 31 Dec 2024, audited by Accorp Partners) with no exceptions noted for Security, Confidentiality, or Availability.
Key safeguards include:

6. Cookies & Similar Technologies
We use cookies only for the purposes listed in Section 3. A banner and preference center allow you to opt in or out of non‑essential cookies at any time. Disabling cookies may affect certain functionality but will not block core access to the platform.
7. Automatic Data Capture & Log Details
We automatically log:
- IP address and derived geolocation (city, country);
- Referring / exit pages and in‑app navigation flows;
- Timestamped error and performance metrics;
- Browser, OS, and device metadata.
These logs are used exclusively for security, fraud prevention, and product reliability. They are retained for no longer than 90 days, after which they are aggregated or deleted.
8. No Combination of Activity Data with Identity
We will not combine information about your activity on the internet or within our platform with other data that directly identifies you (e.g., name, email) without your explicit consent. Likewise, we do not associate information collected by cookies, single‑pixel GIFs, or similar technologies with your username or email address when you visit our sites, except as required for security investigations.
9. Sharing with Third Parties
We share personal information only:
- With Sub‑processors necessary to deliver the services (e.g., AWS, Atlassian, and other vetted vendors) under written agreements that mirror our security and confidentiality obligations.
- For Legal Compliance in response to lawful requests.
- With Your Consent or at your direction.
A full list of our sub‑processors is available on request.
10. User Rights & Controls
You have the right to:
- Access the personal information we hold about you.
- Correct inaccurate or outdated data.
- Delete your data (subject to legal retention obligations).
- Export your data in a portable format.
- Opt‑Out of analytics cookies or marketing communications.
Requests are processed within 30 days. Contact us at privacy@wayside.io.
11. Contact Us
Privacy Officer: Phil Dakin
Email: privacy@wayside.io
Mail: Reflow AI Inc. (DBA Wayside) – 169 Madison Ave #2004, New York, NY 10016, USA
12. Data Processing Principles
We adhere to the following principles:
- Lawfulness, Fairness, Transparency
- Purpose Limitation
- Data Minimization
- Accuracy & Currency
- Storage Limitation
- Integrity & Confidentiality
- Accountability
13. Children’s Privacy
Our services are not directed to children under 13. We do not knowingly collect personal information from minors.
14. External Links
Our website and application may link to external sites. We are not responsible for their privacy practices; please review those policies before providing data.
15. Policy Updates & Validity Period
We review this policy at least annually or when significant changes occur. The version listed above supersedes all previous versions and remains valid until a new version is published.
16. Organization’s Commitment to Privacy & Security
We maintain a comprehensive information security management system that aligns with AICPA Trust Services Criteria. Our SOC‑2 Type II attestation demonstrates the design and operating effectiveness of our controls for Security, Availability, and Confidentiality. We continually improve these controls through routine internal audits, vulnerability assessments, employee training, and executive oversight.
17. Marketing Communications
We do not send marketing emails without your explicit opt‑in. You can unsubscribe at any time via the link in the email or by contacting privacy@wayside.io.
By using Wayside, you acknowledge that you have read, understood, and agree to this Privacy Policy.