Privacy Policy

Version 2.0 — Effective April 8, 2026

This Privacy Policy describes how Omelas AI LLC ("WaSecure," "we," "us," or "our") collects, uses, stores, and protects your information when you use the WaSecure application, website, and related services (collectively, the "Service"). By using the Service, you consent to the practices described in this policy.

1. Information We Collect

1.1 Account Information

When you register, we collect:

Email address — used for authentication, billing communications, and account recovery
Password — stored as a salted bcrypt hash; we never store or have access to your plaintext password
WhatsApp phone number — used as your unique account identifier and to establish the WhatsApp connection
Country/region — used for service configuration

1.2 Terms of Service Acceptance

When you create an account, we record the date and time you accepted our Terms of Service, along with the version of the Terms you accepted. This information is stored to maintain a verifiable record of your agreement.

1.3 WhatsApp Data

When you connect your WhatsApp account to WaSecure, we receive and store:

Messages — text messages, media messages, and associated metadata (timestamps, delivery status)
Contacts — names, phone numbers, profile pictures, and about text of your WhatsApp contacts
Chat metadata — conversation lists, group memberships, labels
Media files — photos, videos, audio, and documents sent or received through WhatsApp

This data is stored in a dedicated, isolated database schema unique to your account. Your WhatsApp data is never mixed with other users' data.

1.4 Payment Information

Payment processing is handled entirely by Stripe, Inc. We do not store credit card numbers, bank account details, or other financial information on our servers. We receive from Stripe only:

Subscription status (active, cancelled, etc.)
Billing period and plan information
Transaction IDs for record-keeping

1.5 Usage Data

We automatically collect:

Login timestamps and session duration
Feature usage patterns (which tools you use, not the content you view)
Error logs and crash reports
Browser type and version (user agent)
IP address (for rate limiting and security; not used for tracking)

1.6 Community Reports

If you submit a scam report or community safety report, we collect the structured report data (no free-text descriptions) and associate it with your account for accountability.

2. How We Use Your Information

We use your information to:

Provide the Service — sync and display your WhatsApp messages, contacts, and media
AI Features — power translation, contact analysis, contradiction detection, dossier generation, and scam protection using third-party AI providers
Billing — process subscriptions, manage credits, and communicate about your account status
Security — detect abuse, prevent fraud, enforce rate limits, and protect against unauthorized access
Improvement — analyze aggregate, anonymized usage patterns to improve the Service
Communication — send essential account notifications (password resets, billing alerts, service disruptions)
Legal Compliance — verify Terms of Service acceptance, respond to legal requests, and enforce our agreements

3. AI and Third-Party Processing

Certain features send portions of your data to third-party AI providers for processing:

Translation — message text may be sent to DeepL for translation
AI Analysis — conversation excerpts may be processed by Together AI, OpenAI, or other AI providers for contact analysis, contradiction detection, and dossier generation

When data is sent to third-party providers:

Only the minimum necessary data is transmitted
We do not send your identity or phone number to AI providers
Third-party providers are subject to their own privacy policies and data handling practices
You can avoid AI processing by not using AI-powered features

      Your AI API Keys: If you provide your own DeepL or AI provider API key, requests using that key are sent directly from the server under your own API account. WaSecure does not log or store the content of these requests.
    

4. Data Storage and Security

4.1 Data Isolation

Each user's WhatsApp data is stored in a separate PostgreSQL schema, ensuring complete logical isolation from other users. No user can access another user's data through the application.

4.2 Encryption

All data in transit is encrypted using TLS 1.2 or higher (HTTPS)
Passwords are hashed using bcrypt with a cost factor of 12
Session tokens are generated using cryptographically secure random bytes

4.3 Server Location

Your data is stored on servers located in the European Union (Contabo, Germany). Data may be processed by third-party AI providers whose servers may be located in other jurisdictions.

4.4 Access Controls

Access to production systems is restricted to authorized Omelas AI personnel. Administrative access requires key-based authentication and is logged.

5. Data Retention

Active accounts: Your data is retained for as long as your account is active
Cancelled subscriptions: Your data is retained for 90 days after subscription expiration to allow reactivation, then permanently deleted
Account deletion: Upon request, we will delete your account and all associated data within 30 days. This includes your per-user database schema, authentication state, media files, and all records in shared tables
Scam reports: Community scam reports are retained even after account deletion to protect other users, but your identity is disassociated from the reports
Anonymized corpus: If you contributed anonymized conversation data to the community corpus, that data remains (it contains no personally identifiable information)
Billing records: Transaction records may be retained as required by law for tax and accounting purposes

6. Data Sharing

We do not sell your personal data. We share data only in these circumstances:

Payment processing: With Stripe for billing operations
AI processing: With AI providers as described in Section 3, only when you use AI features
Community safety: Aggregated, anonymized scam report data is shared with other WaSecure users to provide warnings (individual reporters are never identified)
Legal requirements: When required by law, subpoena, or court order
Business transfer: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity

7. Your Rights

Depending on your jurisdiction, you may have the right to:

Access — request a copy of the personal data we hold about you
Export — download your WhatsApp data through the in-app export feature
Correction — request correction of inaccurate personal data
Deletion — request deletion of your account and associated data
Data portability — receive your data in a structured, machine-readable format
Restriction — request that we limit processing of your data
Objection — object to processing of your data for certain purposes

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

8. Cookies and Session Data

WaSecure uses a single, essential session cookie to maintain your authenticated state. We do not use:

Tracking cookies
Third-party analytics cookies
Advertising cookies
Social media tracking pixels

The session cookie is HTTP-only, secure (HTTPS only), and expires after 30 days of inactivity.

9. Children's Privacy

The Service is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will delete that data promptly.

10. International Data Transfers

Your data is primarily stored in the European Union. However, data may be transferred to and processed in other countries when:

Using AI features (AI providers may process data in the United States or other jurisdictions)
Stripe processes payment information

Where data is transferred internationally, we rely on appropriate safeguards including the service providers' own privacy commitments and, where applicable, Standard Contractual Clauses.

11. WhatsApp Data and Meta

WaSecure connects to WhatsApp's messaging infrastructure through a third-party open-source library. Please be aware:

WhatsApp/Meta may have access to metadata about your messaging activity regardless of whether you use WaSecure
WaSecure's connection method is not officially endorsed by Meta; Meta may detect and act upon such connections per their own policies
We cannot control what data Meta collects or how they process it
Your use of WhatsApp itself is governed by Meta's Terms of Service and Privacy Policy

12. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be indicated by updating the version number and effective date at the top of this page. For material changes, we will notify you via email or in-app notification. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

13. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, contact us at:

Email: [email protected]
Company: Omelas AI LLC
Jurisdiction: Wyoming, United States