Background
WayStation

WayStation

ClaudeMarketplace for ClaudeWayStation GPTWayStation GPTMCPUniversal MCP
MarketplaceWhat's New

Privacy Policy

Last Updated:

Introduction

Welcome to WayStation (“we,” “our,” or “us”), a service provided by 43D Corporation. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service. Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the service.

Information Collection and Use

WayStation is designed to connect Large Language Models (LLMs) such as ChatGPT or Claude with productivity apps like Monday, Google Drive, or Slack. We prioritize your privacy and data security in the following ways:

  • We do not store any of the data that is passed between apps and LLM providers such as OpenAI and Anthropic
  • User authentication is handled through Clerk, a third-party authentication service
  • The only information we retain are access tokens necessary for connecting to your productivity apps

Types of Data We Collect

We collect the following categories of personal data:

  • Account Information: Email address and authentication details managed by our identity provider
  • Access Tokens: Encrypted tokens required to connect to third-party services
  • Usage Data: Anonymous analytics about feature usage and performance metrics
  • Log Data: System logs for security and troubleshooting purposes

Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to provide our services as outlined in our Terms of Service
  • Legitimate Interests: Processing that serves our legitimate business interests, such as improving our services and ensuring security
  • Consent: Processing based on your explicit consent, which you can withdraw at any time
  • Legal Obligations: Processing required to comply with applicable laws and regulations

Data Storage and Processing

WayStation is hosted on Vercel's infrastructure in the United States. While we process data to provide our services, we maintain a minimal data retention policy:

  • Data passing through our service is not stored or logged
  • Access tokens are securely stored and encrypted
  • All data processing occurs in real-time

Data Storage Policy

43D stores Customer Data in accordance with industry best practices for security and reliability. All data is encrypted both in transit (TLS 1.3) and at rest (AES-256) with robust key management. Customer Data is stored in SOC 2 compliant cloud infrastructure with geographical redundancy for disaster recovery. For enterprise customers, data locality options are available to address regional compliance requirements. Data is logically segregated by a customer to prevent unauthorized access between tenants. Regular backup processes ensure data recoverability, and all storage systems are continuously monitored for security and performance. Access to stored data is strictly controlled through role-based permissions and multi-factor authentication.

Data Retention

43D will retain Customer Data in accordance with applicable legal requirements and customer agreements. Customer Data will be retained only for as long as necessary to provide the service and fulfill contractual obligations. By default, data will be retained throughout the active subscription period. Enterprise customers have the option to specify custom retention periods aligned with their internal policies. Upon subscription termination, Customer Data will be retained for a maximum of 30 days to allow for account recovery or data export, after which it will enter the archival process.

Data Removal and Deletion

43D will remove Customer Data in accordance with our documented data lifecycle management procedures. Upon subscription termination or explicit customer request, data will enter a 30-day grace period before permanent deletion. Enterprise customers can request immediate removal via our secure customer portal. Archival processes include secure data purging from primary storage, backup systems, and caches. Data removal is comprehensive across all systems and verified through automated integrity checks. 43D maintains detailed logs of all deletion activities for audit purposes, and customers receive a confirmation once the removal is complete.

International Data Transfers

As our services are provided from the United States, your information may be processed and stored in the U.S. and other countries where our service providers maintain facilities. By using our services, you consent to the transfer of information to countries that may have different data protection rules than your country.

For users in the European Economic Area (EEA), United Kingdom, or Switzerland, we implement appropriate safeguards for international data transfers, including:

  • Standard Contractual Clauses approved by the European Commission
  • Ensuring sub-processors maintain adequate data protection measures
  • Data localization options for enterprise customers with specific compliance requirements

Your Rights

Depending on your location, you may have certain rights regarding your personal data:

  • Access: You can request a copy of the personal data we hold about you
  • Correction: You can request that we correct inaccurate or incomplete data
  • Deletion: You can request that we delete your personal data
  • Restriction: You can request that we restrict the processing of your data
  • Portability: You can request a copy of your data in a structured, machine-readable format
  • Objection: You can object to our processing of your data

To exercise these rights, please contact us at privacy@waystation.ai. We will respond to your request within 30 days.

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our website and services. These technologies may collect information such as your IP address, browser type, and usage patterns.

We use the following types of cookies:

  • Essential Cookies: Required for the operation of our website and services
  • Analytical Cookies: Help us understand how visitors interact with our website
  • Functional Cookies: Enable enhanced functionality and personalization

You can manage your cookie preferences through your browser settings. However, disabling certain cookies may limit your ability to use some features of our services.

Children's Privacy

Our services are not intended for individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child without verification of parental consent, we will take steps to remove that information from our servers.

Third-Party Services

We use several third-party services to provide our functionality:

  • Clerk for user authentication and management
  • Vercel for hosting services
  • OpenAI, Anthropic, and other LLM providers
  • Integration with productivity tools (Monday, Google Drive, Slack, etc.)

Each of these services has their own privacy policies and terms of service. We encourage you to review these policies.

For a complete list of our sub-processors and their data handling practices, please see our Sub-Processors Guidelines.

Security

We implement appropriate technical and organizational measures to maintain the security of your information. However, please be aware that no method of transmission over the internet or electronic storage is 100% secure.

Data Breach Notification

In the event of a data breach that affects your personal information, we will:

  • Notify affected users without undue delay, typically within 72 hours of becoming aware of the breach
  • Provide information about the nature of the breach, the data affected, and steps we're taking to address it
  • Notify relevant regulatory authorities as required by applicable law
  • Work diligently to mitigate any potential harm resulting from the breach

Opt-Out Options

You can opt out of certain data processing activities:

  • Marketing Communications: You can unsubscribe from our marketing emails by clicking the “unsubscribe” link in any marketing email we send
  • Analytics: You can opt out of analytics tracking by adjusting your cookie preferences
  • Account Deletion: You can request deletion of your account and associated data by contacting us

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the “Last Updated” date. For significant changes, we will provide additional notice such as an email notification. Changes are effective when posted.

Data Protection Officer

We have appointed a Data Protection Officer (DPO) responsible for overseeing questions regarding this Privacy Policy. If you have questions or concerns about our data practices, please contact our DPO at:

Data Protection Officer
43D Corporation
395 S Gordon Way
Los Altos, CA 94022
Email: dpo@waystation.ai

Contact Us

If you have any questions about this Privacy Policy, please contact us at:

43D Corporation
395 S Gordon Way
Los Altos, CA 94022
Email: privacy@waystation.ai