# Privacy Policy - **Last Updated**: 2026-05-22 - **URL**: https://wacht.dev/legal/privacy --- This Privacy Policy describes how Intellinesia Labs (OPC) Private Limited ("Wacht," "we," "us," or "our") collects, uses, shares, and protects personal information in connection with our websites, products, APIs, and services (collectively, the "Services"). ## 1. Scope This policy applies to personal information we process as a controller, including information about visitors to our website, prospective customers, customers' authorized users, and end users who authenticate through a deployment of the Services. Where we process personal information on behalf of a customer as a processor, the customer's own privacy notice governs that data, and our handling is governed by our agreement with that customer. ## 2. Information We Collect **Information you provide.** When you create an account, request access, contact us, or otherwise interact with the Services, we collect information such as your name, email address, organization name, role, billing details, account credentials, and the contents of communications you send us. **Information collected automatically.** When you use the Services we automatically collect technical and usage information, including IP address, device and browser identifiers, operating system, referring URLs, pages and features used, authentication and authorization events, API request metadata, error and diagnostic logs, and approximate location derived from IP address. **Information from third parties.** We may receive information from identity providers, payment processors, fraud-prevention services, analytics providers, and integration partners that you or your organization connects to the Services. ## 3. How We Use Information We use personal information to: - Provide, operate, secure, and improve the Services - Authenticate users, authorize access, and prevent abuse - Process payments and manage billing - Respond to support requests and other inquiries - Send service, security, and administrative communications - Monitor performance, debug, and develop new features - Comply with legal obligations and enforce our agreements We do not use customer content or end-user authentication data to train our models, and we do not share that content with third-party model providers for their training. Aggregate, de-identified data may be used to understand and improve the Services. ## 4. Legal Bases for Processing (EEA, UK, Switzerland) Where the GDPR or UK GDPR applies, we rely on the following legal bases: performance of a contract with you or your organization; our legitimate interests in operating, securing, and improving the Services; compliance with legal obligations; and your consent where required (which you may withdraw at any time). ## 5. How We Share Information We do not sell personal information, and we do not share personal information for cross-context behavioral advertising. We share information only as described below. - **Service providers.** We use vendors to provide hosting, content delivery, email delivery, analytics, error monitoring, fraud prevention, payment processing, customer support tooling, and AI model inference. These providers process data only on our instructions and under written agreements. - **Affiliates.** We may share information within our corporate group for the purposes described in this policy. - **Legal and safety.** We may disclose information when required by law, to respond to lawful requests, to protect our rights and the safety of users, or to investigate violations of our terms. - **Business transfers.** If we are involved in a merger, acquisition, financing, or sale of assets, information may be transferred as part of that transaction, subject to standard confidentiality protections. - **With your direction.** We share information with third parties when you or your administrator direct us to. ## 6. International Data Transfers We are headquartered in India and operate infrastructure in multiple regions. When we transfer personal information across borders, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, and equivalent mechanisms where required. ## 7. Data Retention We retain personal information for as long as needed to provide the Services, maintain the security and integrity of our systems, comply with legal, accounting, and audit obligations, and resolve disputes. When retention is no longer necessary, we delete or de-identify the information. Customers may request deletion of end-user data through their account or by contacting us. ## 8. Security We maintain administrative, technical, and organizational measures designed to protect personal information against loss, misuse, and unauthorized access. These include encryption in transit and at rest for sensitive data, access controls, logging, vulnerability management, and personnel training. No system is perfectly secure, and we cannot guarantee absolute security. ## 9. Your Rights and Choices Subject to applicable law, you may have the right to access, correct, delete, port, or restrict our processing of your personal information, and to object to certain processing. To exercise these rights, contact us using the details below. We will respond within the timeframes required by law and may need to verify your identity. EEA, UK, and Swiss residents may lodge a complaint with their local supervisory authority. California residents have specific rights under the CCPA/CPRA, including the right to know the categories and specific pieces of personal information we collect, the right to delete, the right to correct, and the right to limit the use of sensitive personal information. We do not sell or share personal information for cross-context behavioral advertising. ## 10. Cookies and Similar Technologies We use cookies and similar technologies to operate our website and the Services, remember your preferences, analyze usage, and secure authentication sessions. You can control cookies through your browser settings. Disabling cookies may affect functionality, particularly authentication. ## 11. Automated Processing and AI The Services include AI features that process content you submit to generate outputs. These features may involve automated processing, but they are designed to assist users rather than to make decisions that produce legal or similarly significant effects without human review. We do not use your content to train our models, and we do not allow third-party model providers to train on your content. Outputs are generated based on the inputs and instructions you provide and may be inaccurate; you are responsible for reviewing outputs before relying on them. ## 12. Children The Services are not directed to children under 16, and we do not knowingly collect personal information from children. If we learn that we have collected information from a child, we will delete it. ## 13. Changes to This Policy We may update this Privacy Policy from time to time. Material changes will be reflected by updating the "Last updated" date and, where appropriate, by additional notice through the Services or by email. ## 14. Contact Us For questions about this Privacy Policy or to exercise your rights, contact us at engineering@intellinesia.com or snipextt@wacht.dev. Intellinesia Labs (OPC) Private Limited. --- ## About Wacht Wacht is an auth and agent platform -- drop-in authentication, B2B organizations and workspaces, machine APIs, webhooks, notifications, and AI agents with persistent memory. Built by Intellinesia Labs (OPC) Private Limited.