Waydock ("Waydock", "we", "us", or "our") builds productivity tools that bring your email, calendar, and tasks into a single prioritized deck. This Privacy Policy explains what information we collect, how we use it, and the rights you have over it.
Information we collect
- Account information. When you sign in with Google or Microsoft, we receive your name, email address, profile picture, and a unique account identifier.
- Connected service data. With your permission, we access content from services you connect. For example, email metadata and contents from Gmail or Outlook, events from Google Calendar, issues from tools like Jira or Linear, and chat messages from Microsoft Teams. We only request the scopes needed to provide the product.
- Meeting notetaker data. When you connect a meeting notetaker (Fathom, Fireflies, or Pocket), we store the meeting records it produces, including titles, attendees, summaries, action items, and (for Pocket) mind maps. If transcript storage is turned on for your organization and your account, we also store the meeting transcript itself. See "Data retention" for how long transcripts are kept and when they are deleted.
- Health data. If you connect Whoop, we access recovery, sleep, and strain data. This is sensitive personal data, so it can only be connected from your personal workspace and is never exposed to a shared company workspace or to our staff in a way that identifies which health integration you use.
- Historical mail backfill. On paid plans, an organization may turn on Direct Source Fetch to retrieve mail older than the few days Waydock indexes by default. Items fetched this way are encrypted at rest with a dedicated key while a fetch job runs, and the messages you choose to keep are added to your stored mail.
- Usage data. We collect basic product analytics (pages visited, features used, approximate device and browser type) to improve Waydock.
- Support communications. If you contact us, we keep a record of the message and our reply so we can follow up.
How we use information
- To provide, maintain, and improve Waydock.
- To generate AI-assisted summaries, priorities, and drafts on your behalf.
- To send service notifications and respond to support requests.
- To detect, prevent, and address fraud, abuse, and security issues.
- To comply with legal obligations.
Google API user data
Waydock's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not sell your Google data, do not use it for advertising, and do not let humans read it except with your explicit consent, for security investigations, or when required by law.
Atlassian (Jira) data
When you connect a Jira account, Waydock stores OAuth access and refresh tokens (encrypted at rest), your Atlassian account identifier, and the issue data we sync, including issue titles, descriptions, status, priority, due dates, labels, assignee and reporter display names and email addresses, project metadata, and the Atlassian sites you've granted access to. We only request the OAuth scopes needed to read and sync issues (read:jira-work, read:jira-user, read:me, offline_access).
In line with Atlassian's developer policies, Waydock implements the Atlassian Personal Data Reporting API. On a weekly cycle we report the Atlassian account identifiers we store to Atlassian. If an account has been closed, we erase all personal data we hold for it. If Atlassian indicates the data has been updated, we refetch it.
You can disconnect Jira at any time from Settings; doing so revokes our tokens and deletes the stored Jira data tied to that connection.
AI processing and Mira
To generate summaries, insights, and drafted replies, and to power Mira (our in-app AI assistant), we send relevant content to Anthropic, PBC, our AI model provider. That content can include the email, calendar, and meeting content Mira accesses on your behalf, and the messages you send Mira.
Anthropic processes this content only to return a result to Waydock and does not use it to train its models, under its commercial terms. We do not share your data with any AI provider that has not contractually agreed to these terms.
Mira is enabled per organization. An organization admin can enable or disable it at any time in Settings, and Mira may be enabled automatically when an organization is created or starts a paid subscription. You can also supply your own Anthropic API key (Settings, then Mira) so Mira's processing runs through your own Anthropic account instead of ours.
Sharing and disclosure
We do not sell your personal information. We share information only:
- With service providers (hosting, analytics, AI processing, email delivery) under written contracts limiting their use of the data to providing services to us.
- To comply with laws, lawful requests, or legal process.
- To protect the rights, property, or safety of Waydock, our users, or the public.
- In connection with a merger, acquisition, or sale of assets, with notice to you.
Data retention
We retain account data for as long as your account is active. We store a normalized plain-text copy of email bodies from connected services, encrypted at rest with per-organization keys, for up to 90 days from the message date to power summaries and on-demand retrieval. Email bodies and any AI-derived summaries are deleted automatically once the message is more than 90 days old. When you disconnect a service, the stored bodies for that account are deleted right away. A short preview snippet is retained while your account is active. Authentication and sync audit logs are automatically purged after 90 days. You can disconnect any service or delete your account at any time from Settings; once deleted, we remove your personal data within 30 days, except where retention is required by law.
Meeting transcripts are stored only when transcript storage is turned on, which is opt-in at both the organization level and your personal level. When it is on, transcripts are stored encrypted at rest with a per-organization key. Unlike email bodies, transcripts are not on the 90-day window: a stored transcript is kept while your account is active so it survives the retention limits of the notetaker that produced it. A stored transcript is deleted when you disconnect the notetaker, when transcript storage is turned off at either the organization or your personal level, or when your account is deleted.
Security
We use encryption in transit and at rest, scoped access controls, and audit logging. No system is perfectly secure, so we encourage you to use a strong password on your identity provider and to enable multi-factor authentication.
Your rights
Depending on where you live, you may have the right to access, correct, export, or delete your personal data, and to object to or restrict certain processing. To exercise these rights, use our contact page.
Children
Waydock is not intended for children under 13, and we do not knowingly collect their data.
Changes to this policy
We may update this policy from time to time. When we do, we'll update the "Last updated" date above and, for material changes, give you reasonable notice before they take effect.
Contact
Questions about this policy? Reach us through our contact page.