Language

Waylume Legal

Privacy Policy

Last updated: March 5, 2026

1. Scope

This policy applies to Waylume services, including the website, Chrome extension, backend APIs, and SDK integrations.

2. Data We Process

  • Inputs you provide through chat or other product interaction surfaces.
  • Current page URL context (normalized as origin + pathname).
  • Accessibility-oriented DOM snapshot data required for guidance and assistance features.
  • Interaction context signals (for example, flow progress and navigation state) used to deliver in-product assistance.
  • Technical logs required for operation and troubleshooting.

3. Why We Process Data

  • Provide and improve AI-assisted product functionality, including navigation guidance and related support experiences.
  • Provide contextual or proactive assistance features based on product interaction context.
  • Improve reliability, safety, and quality of service execution.
  • Detect abuse, failures, and service integrity issues.

4. Data Minimization and Masking

  • Only fields needed for guidance are extracted.
  • For `data-*` attributes, values are masked as `[redacted]` unless explicitly allowlisted in implementation.
  • In addition, for the planned upcoming SDK release, the `data-waylume` attribute used for in-page targeting is excluded from AI-transmitted DOM snapshots.
  • PII-pattern masking is applied to snapshot text fields (for example: email, phone, JWT/API-key-like, and long token-like strings).
  • For sensitive form input types (`password`, `email`, `tel`, `url`, `search`), display metadata fields are masked.
  • URL query/hash values are removed before AI prompt use.
  • Identifier-like URL pathname segments are masked before processing.

5. Third-Party Processing

We may engage one or more third-party AI service providers to process requests for delivering and improving service functionality. As of the latest update date of this policy, our default provider is Google Gemini. We may add, remove, or replace providers over time as part of service improvements, security requirements, compliance requirements, or operational needs. Any such processing remains limited to service-related purposes and subject to the applicable contractual terms and data handling policies of the relevant provider.

6. Retention and Deletion

  • Runtime logs are retained according to our hosting configuration (currently Vercel Pro default: up to 1 day).
  • If Redis caching is enabled, operational cache entries are retained for up to 24 hours and then expire automatically.
  • Chat message content and DOM snapshot payloads are processed for runtime guidance and are not stored as long-term application database records by default.
  • The same minimization and retention policy applies to SDK-integration flows.
  • We may store limited operational/account metadata required for service operation (for example, account identity, plan state, and quota counters).
  • We may retain data longer when required for legal, security, or abuse-prevention obligations.

7. Security Controls

We apply input validation, payload size limits, sender validation, schema checks, and fail-closed handling for malformed requests.

8. Your Rights and Requests

You may request access, correction, or deletion of personal data we process, subject to applicable law and operational constraints. To make a request, contact us at support@gitsbt.com with sufficient information to verify your identity and the scope of your request.

9. Data Sharing Categories

We may share data with the following categories of service providers for service delivery and operations: AI processing providers, hosting/infrastructure providers, and security/operations support providers. We do not sell personal data for advertising purposes.

10. Local Storage Use

We use browser local storage mechanisms (including `sessionStorage` and `chrome.storage`) to support session continuity, language settings, flow resume behavior, and safety state management. These storage items are used for product functionality and are not used for advertising profiling. The specific storage keys and fields may change over time as part of feature improvements or security updates. If material changes are made, we will update this Privacy Policy.

11. Operator Information

Service Operator: 株式会社GitSBT
Address: 〒104-0061 1-22-11 Ginza, Chuo-ku, Tokyo, Ginza Otake Residence 2F

12. Contact

For privacy requests, contact us at support@gitsbt.com.

13. AI Guidance Disclaimer

Waylume provides navigation guidance generated by AI based on available context (including page state and interaction signals). This guidance is an estimated assistance output and is not an official navigation guide, recommendation, endorsement, or guarantee by any third-party website, product, platform, or service operator. Actual UI, steps, and policies of third-party services may change without notice. Any button clicks, submissions, settings changes, or other actions you take while using Waylume are made at your own responsibility and risk. By using this service, you acknowledge and agree that you are solely responsible for your use of Waylume and for any resulting actions taken on third-party services.
Back to Home