Privacy Policy | wlog

1. Introduction

This Privacy Policy explains how UNDEFINED S.R.L. ("we", "us", or "our"), a company registered in Romania, collects, uses, and protects your personal data when you use wlog ("the Service").

We are committed to protecting your privacy and handling your data responsibly. We only collect data that is necessary to provide and improve the Service.

2. Data We Collect

2.1 Account Information

When you sign up, we collect the information provided by your OAuth provider (Google or GitHub):

Name
Email address
Profile picture

2.2 Work Activity Data

When you connect third-party integrations, we retrieve and store metadata about your work activities, such as:

Commit messages, pull request titles, issue titles, and status changes
Timestamps and actor information
Repository, project, and organizational context (names and identifiers)

We do not access or store source code, file contents, or attachments.

2.3 Generated Content

We store the AI-generated summaries you create, along with any user-defined rules and preferences you configure.

2.4 Payment Information

Payment processing is handled entirely by LemonSqueezy. We do not store your credit card details or payment credentials. We receive subscription status and transaction identifiers from LemonSqueezy.

3. How We Use Your Data

Provide the Service: sync your work activities, generate AI summaries, and manage your account.
Process payments: manage subscriptions and credit balances through LemonSqueezy.
Generate AI summaries: your activity data is sent to our AI provider (Google Gemini) for summary generation. See Section 5 for details.
Send service communications: account-related notifications (password resets, billing issues, important service updates). We do not send marketing emails.

4. Data Storage and Security

Your data is stored on Supabase (hosted in the United States). We implement industry-standard security measures including:

Encryption of data in transit (TLS/HTTPS)
Encryption of data at rest (provided by our database host)
Encrypted storage of OAuth tokens with application-level encryption
Row-level security policies in the database
Regular security reviews

5. Third-Party Data Processors

We share your data with the following third-party services, solely for the purpose of providing the Service:

Service	Purpose	Data Shared
Supabase	Database and authentication	All account and activity data
Google Gemini	AI summary generation	Activity metadata for selected date ranges
LemonSqueezy	Payment processing	Email, subscription details
Vercel	Application hosting	Request logs, IP addresses
Inngest	Background job processing	Job metadata, activity identifiers

We do not sell your data to third parties. We do not share your data with anyone beyond what is listed above.

6. Data Retention

Active accounts: your data is retained for as long as your account is active.
Account deletion: when you delete your account, all your personal data, activities, summaries, and integration connections are permanently deleted. We retain only non-reversible cryptographic hashes of account identifiers to prevent abuse of the free tier. These hashes cannot be used to identify you or recover your data.
Integration disconnection: when you disconnect an integration, the associated OAuth tokens are immediately deleted. Synced activity data remains unless you delete your account.

7. Your Rights

Under applicable data protection laws (including GDPR), you have the right to:

Access your personal data stored in the Service.
Rectify inaccurate personal data.
Delete your account and all associated data.
Request a copy of your personal data.
Withdraw consent for data processing by disconnecting integrations or deleting your account.
Object to processing or request restriction of processing.

To exercise any of these rights, contact us at contact@undefined.srl. We will respond within 30 days.

8. Cookies

wlog uses only essential cookies required for authentication and session management. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

9. International Data Transfers

Our company is based in Romania (EU). Your data is stored in the United States (Supabase) and may be processed by services located outside the EU. These transfers are conducted in compliance with applicable data protection laws, using standard contractual clauses or equivalent safeguards where required.

10. Children

The Service is not intended for anyone under the age of 18. We do not knowingly collect data from individuals under 18.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through the Service. The "Last Updated" date at the top reflects the most recent revision.

12. Related Documents

Please also review our Terms of Service, which governs your use of the Service.

13. Contact

For any privacy-related questions or requests, contact us at:

Email: contact@undefined.srl
Company: UNDEFINED S.R.L.
Country: Romania

UNDEFINED S.R.L. · Romania