1. Who We Are

Wyaas provides cloud-based financial intelligence software at wyaas.com and app.wyaas.com. For privacy enquiries, contact us at hello@wyaas.com.

2. Information We Collect

Account information: Email address and password (hashed) when you create an account.

Company and financial data: Business name, industry, and financial data you import or enter manually (transactions, account balances, contacts). This data belongs to you.

Usage data: Pages visited, features used, and error logs — used to improve the Service.

Payment information: We do not store card details. Payments are processed by our payment provider. We receive only subscription status and billing email.

Waitlist submissions: Email, company name, and company size if you joined our early access list.

3. How We Use Your Information

To provide and operate the Service
To authenticate your account and secure your session
To process subscription payments
To send transactional emails (account confirmation, password reset)
To respond to support requests
To improve and debug the Service
To notify you of material changes to these policies

We do not use your financial data to train AI models or share it with third parties for marketing.

4. Third-Party Services

We use the following third-party services to operate Wyaas:

Supabase — database and authentication hosting
Paddle / Stripe — payment processing and subscription management
Google Gemini — AI-generated business descriptions (only processes your website URL and industry, not financial data)
Intuit QuickBooks — when you choose to connect your QBO account
Google Analytics — anonymous usage analytics on the marketing site

Each provider operates under their own privacy policy. We only share the minimum data necessary for each service to function.

5. Data Storage and Security

Your data is stored on Supabase-hosted PostgreSQL databases. We use industry-standard security measures including:

HTTPS encryption for all data in transit
Hashed passwords (never stored in plain text)
JWT-based authentication with short-lived tokens
Row-level security policies on the database
Service-role API keys restricted to the backend only

6. Data Retention

We retain your data for as long as your account is active. If you cancel your account, we retain your data for up to 90 days before permanent deletion, unless a longer period is required by law.

7. Your Rights

You have the right to:

Access the personal data we hold about you
Correct inaccurate data
Request deletion of your account and data
Export your data
Withdraw consent where processing is based on consent

To exercise any of these rights, email us at hello@wyaas.com.

8. Cookies

The application uses only essential cookies and local storage for session management (authentication tokens). We do not use tracking cookies on the app. The marketing site (wyaas.com) uses Google Analytics with anonymous IP tracking.

9. Children's Privacy

The Service is not directed at children under 18. We do not knowingly collect personal data from anyone under 18. If you believe a minor has provided us data, contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or via the Service. Continued use after changes constitutes acceptance.

11. Contact

For privacy questions or data requests, contact us at hello@wyaas.com.