Privacy Policy

1.  Definitions

Personal Information – Any information that identifies or can reasonably be linked to an individual (e.g., name, email address).

Usage Data – Technical data automatically generated by your use of our services (e.g., IP address, device identifiers, timestamps).

Processing – Any operation performed on personal information, including collection, storage, use, disclosure, or deletion.

Service Providers / Sub‑processors – Third‑party organizations contracted to process data on our behalf, subject to strict confidentiality and security obligations.
‍

2.  Purpose of Collection

We collect personal information solely to:

Authenticate & Authorize you and secure the platform.
Configure & Personalize your account and user experience.
Provide Support & Notify you of security, product, or legal updates.
Comply with Legal & Regulatory obligations, audits, and enforcement requests.

We do not collect data for behavioral advertising or model training without explicit consent.
‍

3.  Information We Collect

Personal Information: Name, email address, company, and role.
Usage Data: IP address, domain name, browser/OS details, device identifiers, interaction logs, and timestamps.
Cookies & Tracking:
- Necessary Cookies for session management and load balancing.
- Analytics Cookies only with your opt‑in.
- Single‑pixel GIFs used strictly for service performance metrics.

We never link cookie / pixel data to your identity unless you have expressly consented (see Section 8).
‍

4.  How We Process Your Information

All processing is conducted fairly, lawfully, and transparently under documented Information Security Policies aligned to ISO 27001 and the AICPA Trust Services Criteria (Security, Confidentiality, Availability):

Least‑Privilege Access: Role‑based permissions enforced via AWS IAM; reviewed quarterly.
Storage & Retention: Data is stored in AWS regions selected by the customer and retained no longer than necessary.
Audit Logging: All access and administrative actions are logged and monitored 24 × 7.
‍

5.  Controls for the Protection of Personal Information

Our controls were independently assessed in our SOC‑2 Type II report (covering 1 Jul 2024 – 31 Dec 2024, audited by Accorp Partners) with no exceptions noted for Security, Confidentiality, or Availability.

‍

Key safeguards include:
‍

6.  Cookies & Similar Technologies

We use cookies only for the purposes listed in Section 3. A banner and preference center allow you to opt in or out of non‑essential cookies at any time. Disabling cookies may affect certain functionality but will not block core access to the platform.

‍

7.  Automatic Data Capture & Log Details

We automatically log:

IP address and derived geolocation (city, country);
Referring / exit pages and in‑app navigation flows;
Timestamped error and performance metrics;
Browser, OS, and device metadata.

These logs are used exclusively for security, fraud prevention, and product reliability. They are retained for no longer than 90 days, after which they are aggregated or deleted.

‍

8.  No Combination of Activity Data with Identity

We will not combine information about your activity on the internet or within our platform with other data that directly identifies you (e.g., name, email) without your explicit consent. Likewise, we do not associate information collected by cookies, single‑pixel GIFs, or similar technologies with your username or email address when you visit our sites, except as required for security investigations.

‍

9.  Sharing with Third Parties

We share personal information only:

With Sub‑processors necessary to deliver the services (e.g., AWS, Atlassian, and other vetted vendors) under written agreements that mirror our security and confidentiality obligations.
For Legal Compliance in response to lawful requests.
With Your Consent or at your direction.

A full list of our sub‑processors is available on request.

‍

10.  User Rights & Controls

You have the right to:

Access the personal information we hold about you.
Correct inaccurate or outdated data.
Delete your data (subject to legal retention obligations).
Export your data in a portable format.
Opt‑Out of analytics cookies or marketing communications.

Requests are processed within 30 days. Contact us at privacy@wayside.io.

‍

11.  Contact Us

Privacy Officer: Phil Dakin
Email: privacy@wayside.io
Mail: Reflow AI Inc. (DBA Wayside) – 169 Madison Ave #2004, New York, NY 10016, USA

‍

12.  Data Processing Principles

We adhere to the following principles:

Lawfulness, Fairness, Transparency
Purpose Limitation
Data Minimization
Accuracy & Currency
Storage Limitation
Integrity & Confidentiality
Accountability

13.  Children’s Privacy

Our services are not directed to children under 13. We do not knowingly collect personal information from minors.

‍

14.  External Links

Our website and application may link to external sites. We are not responsible for their privacy practices; please review those policies before providing data.

‍

15.  Policy Updates & Validity Period

We review this policy at least annually or when significant changes occur. The version listed above supersedes all previous versions and remains valid until a new version is published.

‍

16.  Organization’s Commitment to Privacy & Security

We maintain a comprehensive information security management system that aligns with AICPA Trust Services Criteria. Our SOC‑2 Type II attestation demonstrates the design and operating effectiveness of our controls for Security, Availability, and Confidentiality. We continually improve these controls through routine internal audits, vulnerability assessments, employee training, and executive oversight.

‍

17.  Marketing Communications

We do not send marketing emails without your explicit opt‑in. You can unsubscribe at any time via the link in the email or by contacting privacy@wayside.io.

‍

By using Wayside, you acknowledge that you have read, understood, and agree to this Privacy Policy.

‍