Wakelead
// PRIVACY POLICY

Privacy Policy.

Wakelead, Inc. — GDPR & CCPA/CPRA

← Back to home

Note: this is a draft. Final legal entity, governing law, and DPO contact are pending legal review.

1. Who we are

Wakelead, Inc. ("Wakelead", "we", "us") operates the Wakelead service at wakelead.com, including our web application and browser extension (the "Service"). This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and the rights you have under applicable law, including the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act as amended by the CPRA (CCPA/CPRA).

2. What we collect

  • Account data: name, work email, organization name, job title.
  • Authentication data: hashed passwords, session identifiers.
  • Usage and device data: IP address, browser type and version, page accessed, access time, aggregated usage metrics.
  • Cookies and similar technologies — see our Cookie Policy.
  • Communications you send to us (e.g., support requests).

We do not transmit the content of your CRM records or AI assistant messages to our backend. LLM requests are made directly from your browser to the model provider; our backend only receives anonymized usage metadata (e.g., token counts).

3. How we use it

  • To provide and operate the Service (account creation, authentication, billing).
  • To process AI-assistant requests on your behalf.
  • To improve product quality and reliability through aggregated analytics.
  • To communicate with you about your account, security, and material changes to the Service.
  • To send marketing or product update emails — only where you have opted in.
  • To comply with legal obligations and enforce our Terms.

4. Lawful basis (GDPR)

For users in the European Economic Area and the United Kingdom, we rely on the following lawful bases under Article 6(1) GDPR:

  • Contract — Art. 6(1)(b): to deliver the Service you have signed up for.
  • Legitimate interests — Art. 6(1)(f): to secure our systems, prevent fraud and abuse, and improve the Service.
  • Consent — Art. 6(1)(a): for non-essential cookies, marketing emails, and any optional processing where consent is required.
  • Legal obligation — Art. 6(1)(c): where processing is required by law.

5. Sharing

We share personal data only with:

  • Hosting and infrastructure providers (e.g., Amazon Web Services in us-east-1 and eu-west-1) acting as our processors under a written agreement.
  • LLM and analytics providers we contract with (e.g., OpenRouter for model routing), acting as processors or independent controllers as appropriate.
  • Payment processors for billing.
  • Authorities when required by valid legal process.
  • Successors in the event of a merger, acquisition, or sale of assets, subject to this Privacy Policy.

We do not sell or share your personal information for cross-context behavioral advertising as those terms are defined under CCPA/CPRA.

6. Retention

We retain account data for as long as your account is active. After account deletion, we delete or anonymize personal data within 30 days, except where retention is required to comply with a legal obligation, resolve disputes, or enforce agreements.

7. Your rights

If you are in the EEA or UK (GDPR): you have the right to access, rectify, erase, restrict, or object to processing of your personal data; the right to data portability; the right to withdraw consent at any time (without affecting the lawfulness of processing based on consent before withdrawal); and the right to lodge a complaint with your supervisory authority.

If you are a California resident (CCPA/CPRA): you have the right to know what personal information we collect and how we use it; the right to delete; the right to correct inaccurate information; the right to opt out of sale or sharing of personal information (we do not engage in either); and the right not to be discriminated against for exercising these rights.

To exercise any of these rights, contact us at [email protected]. We will respond within the timeframes required by applicable law.

8. International data transfers

We are based in the United States and process data in the US and EU regions. When personal data of EEA, UK, or Swiss residents is transferred to the US or other jurisdictions that have not received an adequacy decision, we rely on the European Commission's Standard Contractual Clauses (SCCs), supplemented by appropriate technical and organizational measures. A copy of the SCCs is available on request.

9. Security

We use industry-standard technical and organizational measures to protect personal data, including encryption in transit (TLS), encryption at rest, role-based access control, and logging. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

10. Children

The Service is not directed to children under 16, and we do not knowingly collect personal data from children under 16. If we learn we have collected such data, we will delete it. In the United States, we comply with the Children's Online Privacy Protection Act (COPPA). If you believe a child under 16 has provided us personal data, contact [email protected].

11. Changes to this policy

We may update this Privacy Policy from time to time. The current version is always available at wakelead.com/legal/privacy. Material changes will be communicated via email or in-product notice before they take effect.

12. Contact

For privacy questions or to exercise your rights, contact our Data Protection Officer at [email protected] (DPO contact pending legal review). For general inquiries, write to [email protected].

Effective: 2026-05-10