At Wingerx, we are committed to protecting your privacy and being transparent about how we handle your personal information. This Privacy Policy explains what data we collect, how we use it, and your rights when you use our website, applications, and related services — including our drag-and-drop workflow editor, agent nodes, real-time collaboration, and integrations (the “Services”). Where required, we act as a data controller for personal data and as a processor for certain workspace data handled on behalf of customers. By using the Services, you agree to the practices described in this policy.
This policy applies to the Services operated by Wingerx and covers all interfaces (web app, APIs, developer tools, and documentation). It applies to visitors, account holders, workspace members, and collaborators.
Controller: Wingerx is the data controller for personal data it collects directly.
Processor: For workspace content you or your organization upload or connect to the editor (e.g., node payloads, data from connectors), Wingerx may act as a processor.
If there are conflicts between this policy and a written agreement with your organization, the written agreement governs for that organization’s workspace.
We collect information to deliver, secure, and improve the Services and to support your account and workspace.
Account & Profile: name, email, password hash, avatar, organization/workspace, role.
Billing: subscription status, plan details, invoices, limited payment metadata (card or UPI details are processed by our payment provider).
Usage & Diagnostics: IP address, device and browser info, pages/screens viewed, feature interactions (e.g., node creation, runs), crash reports, performance metrics.
Logs & Telemetry: API requests, execution logs, error traces, timestamps, and limited headers for security and debugging.
Cookies/Local Storage: identifiers and preferences. See our Cookie Policy for details.
Support Content: messages, attachments, and context you provide to support.
Marketing Signals: campaign/UTM parameters, referrers, and consent preferences where applicable.
Our editor allows you to build workflows with agent nodes, tools, and connectors. Depending on how you use it, we may process:
Workflow Graphs & Metadata: node types, connections, configuration, labels, versions, and run history.
Inputs/Outputs: prompts, parameters, intermediate artifacts, and execution results.
Connected Data: content from databases, files, APIs, or webhooks that you choose to connect. You are responsible for ensuring you have a lawful basis to process such data.
Secrets & Credentials: stored using industry-standard encryption and access controls. You can revoke or rotate them at any time.
Collaboration Data: comments, mentions, presence indicators, and change history when collaborating in a workspace.
We receive personal data from several sources:
Directly from you: when you create an account, build workflows, or contact support.
Automatically: via cookies, logs, telemetry, and app analytics.
From your organization: when an admin invites you to a workspace or configures SSO.
Third parties: payment processors, authentication providers (e.g., SSO), analytics, and integration partners you choose to connect.
We use personal data to operate our platform safely and effectively:
Provide, maintain, and improve the Services (including the editor, execution engine, and collaboration).
Authenticate users, enforce access controls, and protect against fraud, spam, and abuse.
Measure performance, debug issues, and enhance reliability using diagnostics and telemetry.
Communicate with you about updates, security alerts, and administrative messages.
Provide support and fulfill contractual obligations.
Personalize features (e.g., recent projects, editor preferences, tutorials).
Conduct research, testing, and A/B experiments to improve usability (with consent where required).
Comply with legal obligations and enforce our terms.
Where GDPR/UK GDPR applies, we rely on the following legal bases:
Performance of a contract: to provide the Services you request (e.g., account, workspace, editor).
Legitimate interests: to secure and improve the Services, prevent fraud, and support customer needs—balanced against your rights.
Consent: for certain analytics/marketing activities and non-essential cookies (you may withdraw consent at any time).
Legal obligations: to comply with applicable laws and regulations.
If you use agent nodes that call third-party AI models or embeddings, your prompts, inputs, and outputs may be sent to those providers for processing:
You control what data is sent from your nodes to a provider via node configuration.
We do not permit model providers to use your prompts or outputs to train their models unless you or your organization enable such options.
We recommend excluding sensitive personal data from prompts unless strictly necessary and permitted by law.
Logs may include metadata (timestamps, status codes, latencies) for reliability and abuse prevention.
We share personal data only as needed to operate and improve the Services, or as legally required:
Service Providers (Sub-processors): infrastructure, storage, CI/CD, analytics, error tracking, customer support, payments, and communications—bound by confidentiality and data protection obligations.
Integration Partners: third-party tools you connect in your workflows (e.g., databases, AI models, web services).
Business Transfers: in connection with mergers, acquisitions, financing, or sale of assets, subject to ongoing protections.
Legal & Safety: to comply with law, respond to lawful requests, or protect rights, safety, and integrity.
With Your Direction: sharing or publishing content according to your settings and workspace permissions.
We use cookies, local storage, and similar technologies for authentication, security, preferences, performance, and analytics. Details (including categories, durations, and controls) are provided in our Cookie Policy.
You can manage settings via our consent banner/preferences center and your browser.
Essential cookies may still be used to provide core functionality.
We may send emails about new features, tips, and offers. You can opt out at any time.
Transactional messages (e.g., security alerts, billing) are not marketing and you may continue to receive them.
We honor applicable consent/opt-in requirements by region.
We retain personal data only for as long as necessary for the purposes described or as required by law.
Account data: retained while your account is active and for a reasonable period afterward for audit, billing, and legal purposes.
Workflow content and logs: retained according to your workspace settings; admins can configure retention where available.
Support tickets: retained to resolve issues and improve service quality.
We also honor deletion requests as described below.
We implement appropriate technical and organizational measures to protect your information:
Encryption in transit (TLS) and at rest for sensitive data.
Least-privilege access controls, SSO/2FA support, and audit logging.
Segregated secrets storage and periodic key rotation.
Secure SDLC, vulnerability management, and regular assessments.
Business continuity and disaster recovery practices.
Your information may be transferred to and processed in countries other than your own. Where required, we use appropriate safeguards.
Standard Contractual Clauses (SCCs) or equivalent mechanisms for cross-border transfers.
Vendor due-diligence and contractual data protection obligations.
Additional technical measures where appropriate (e.g., encryption).
Depending on your location, you may have rights over your personal data:
Access, portability, and copies of your data.
Rectification of inaccurate or incomplete data.
Deletion (erasure) subject to legal/contractual limits.
Restriction or objection to certain processing.
Withdrawal of consent without affecting prior lawful processing.
Appeal or lodge a complaint with a supervisory authority.
Your rights and our obligations may vary by region:
EEA/UK (GDPR/UK GDPR): you may withdraw cookie/marketing consent at any time; contact details below.
California (CPRA): you may opt out of “selling” or “sharing” personal information for cross-context behavioral advertising; we honor Global Privacy Control (GPC) signals where feasible.
Brazil (LGPD): you may revoke consent and request information about processing.
India (DPDP Act): consent is required for non-essential processing; you may withdraw consent via the Preferences Center or by contacting us.
You can manage your privacy settings and requests through the product or by contacting us:
Account Settings: update profile info, passwords, and security options.
Workspace Controls: admins manage members, roles, secrets, and retention.
Data Requests: access/export/delete via support or the in-app portal (where available).
Cookies/Tracking: manage via our banner/preferences center and browser settings.
Marketing: unsubscribe using the link in emails or in Settings.
The Services are not intended for individuals under 16 years of age (or as otherwise defined by local law). We do not knowingly collect personal data from children under this age.
If we learn we have collected such data, we will delete it and may disable the account.
Parents or guardians who believe a child has provided data may contact us to request deletion.
We may update this Privacy Policy from time to time.
We will update the “last updated” date and, where required, provide additional notice (e.g., email or in-app).
Material changes will be highlighted, and we may seek renewed consent where legally required.
If you have questions about this Privacy Policy, your data, or wish to exercise your rights, contact our Data Protection Officer (DPO):
Email: [email protected]
Mailing Address: Wingerx — Data Protection Office, 123 Privacy Lane, Suite 100, Wilmington, DE 19801
You can also reach us via the contact form on our website.