Privacy Policy
Waymark — by West Solution Consulting Corp
Effective Date: March 30, 2026 | Last Updated: April 14, 2026
1. Introduction
Waymark ("the App") is an iPadOS productivity application developed and operated by West Solution Consulting Corp ("we," "us," or "our"), based in Canada. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data.
By using Waymark, you agree to the practices described in this policy. If you do not agree, please discontinue use of the App.
2. Information We Collect
2.1 Account Information (via Sign in with Apple)
When you sign in, Apple provides us with:
- A unique user identifier — a random, anonymous ID generated by Apple specific to our app. This is not your Apple ID.
- Your name (if you choose to share it) — provided once at initial sign-in.
- An email address — Apple may provide your real email or a private relay address (e.g., abc123@privaterelay.appleid.com), depending on your choice during sign-in.
We store your user identifier and email in our authentication system solely for account management, purchase association, and support purposes.
2.2 Purchase & Usage Data
We maintain a server-side record of your account balance to enforce usage limits and prevent abuse:
| Data | Purpose |
|---|---|
| Remaining minutes (transcription, translation) | Enforce usage limits for purchased credits |
| Remaining AI analysis credits | Enforce analysis limits for purchased credits |
| Session count (lifetime) | Enforce lifetime session caps |
| Free allocation status (yes/no) | Prevent free allocation reuse |
| Purchase balances and expiry dates | Track consumable purchases and expiry |
2.3 Transaction Records
When you make a purchase, we store:
- Apple transaction ID (for idempotency and fraud prevention)
- Product identifier and type
- Timestamp of the transaction
We do not store your payment method, credit card number, or Apple ID password. All payment processing is handled entirely by Apple through the App Store.
2.4 Aggregated Analytics Events
We collect lightweight, non-identifying behavioral events to understand how Waymark is used and improve the experience. Each event includes:
| Metadata | Purpose |
|---|---|
| Event type (e.g., "session_started," "pdf_exported") | Feature usage analytics |
| Locale and timezone | Geographic distribution (aggregated) |
| Hour of day, weekday | Usage pattern analysis (AM/PM, weekday/weekend) |
| App version, OS version, device model | Compatibility tracking and bug prioritization |
| Timestamp | Trend analysis over time |
Analytics events are stored on your device and uploaded periodically to our server. They contain no session content — no transcripts, notes, translations, photos, or any text you have created.
2.5 Device Security Data
To protect the integrity of our service and prevent API abuse, Waymark collects the following device-level data:
- App Attest public key: When you first launch the App, Apple's App Attest service generates a cryptographic key pair on your device. The public key is stored on our server and used to verify that API requests originate from a genuine copy of Waymark running on a real Apple device. This key is tied to your user account and device — it does not identify you personally.
- DeviceCheck bits: We use Apple's DeviceCheck API to track how many accounts have been created on a specific device (up to a maximum of 3). Apple stores two bits of data per device on their servers. We cannot read any personal information from this — only whether the device has reached its signup limit.
- Rate limit records: We maintain per-user, per-endpoint timestamps to enforce rate limits and detect unusual usage patterns (e.g., automated/scripted access). These records contain no content data.
2.6 Push Notification Token
If you enable push notifications, Apple provides a device token that we store on our server to deliver notifications. If you reinstall the App, old tokens for your account are automatically deleted and replaced with the new one.
2.7 Usage Logs
When you use transcription, translation, or AI analysis features, we log the resource type and amount consumed (e.g., "transcription: 2.5 minutes") for billing accuracy. These logs do not contain the content of your transcription or translation.
2.8 Free Allocation Identifier
To prevent abuse of the free allocation (e.g., deleting an account and re-registering to receive free minutes repeatedly), we retain a single opaque identifier after account deletion:
- Apple "sub" identifier — this is an anonymous, app-scoped string generated by Apple (e.g., 001234.abcdef…). It is not your Apple ID, email address, or name. It cannot be used to identify you personally. It is stored in an isolated table accessible only to our server and is used solely to check whether the free allocation has already been claimed.
This identifier is retained indefinitely even after account deletion, as permitted by Apple's App Store Review Guidelines (5.1.1(v)) for fraud prevention purposes. All other account data is deleted — see Section 7.
3. Information We Do NOT Collect or Store on Our Servers
- Transcripts (speech-to-text output)
- Translations
- Notes, drawings, and annotations
- Photos captured during sessions
- AI Intelligence reports and analysis results
- Personal quotes on your dashboard
- Session titles and content
All session data is stored locally using Apple's SwiftData framework on your device. We have no ability to access, read, or recover this data.
Transient Data Transmission: While session content is never stored on our servers, certain content is transmitted transiently to third-party service providers during active feature use (see Section 4). Specifically:
- Audio is streamed in real time to our speech-to-text provider during recording — it is not stored after processing.
- Text segments are sent to our translation provider during real-time translation — they are not stored on our servers.
- Transcripts, notes, and photos are sent to AI language model providers only when you explicitly tap the "Analyze" button — they are never sent automatically.
In all cases, the data is sent directly from your device to the third-party provider through our secure server (which acts as a relay and does not retain the content). See Section 4 for details on each provider's data handling practices.
4. Third-Party Services
Waymark uses third-party service providers to deliver its core features. Your data is transmitted to these providers only during active use of the corresponding feature, and only the minimum data necessary for the feature to function is sent.
| Service Category | Purpose | Data Sent | Retention |
|---|---|---|---|
| Speech-to-Text Provider | Live transcription of audio during recording sessions | Audio stream (real-time only) | Audio is processed in real time and is not stored by the provider after processing |
| Translation Provider | Real-time text translation during sessions | Text segments for translation | Subject to the provider's data processing policy |
| AI Language Model Providers | Intelligence analysis of session content | Transcript text, notes, and photos (only when you explicitly tap "Analyze") | Subject to the respective model provider's data policy |
| Apple | Purchase processing, device integrity (App Attest, DeviceCheck), authentication | Transaction verification requests, device tokens, attestation objects | Per Apple's privacy policy |
| Cloud Infrastructure Provider | Authentication, usage tracking, server-side processing | Account data, usage balances, analytics events | Hosted in secure data centers, encrypted at rest |
Important: Audio is streamed to our speech-to-text provider in real time during recording and is not stored on our servers or the provider's servers after processing. AI analysis data (transcript text, notes, photos) is sent only when you explicitly tap the "Analyze" button — it is never sent automatically. We may change third-party service providers at any time to improve quality, reliability, or cost, while maintaining equivalent or stronger privacy protections.
4.1 AI Model Training Disclosure
When you use the AI Intelligence feature, your session content (transcript text, notes, and photos) is sent to third-party AI language model providers for analysis. We access these models through an intermediary API service that routes requests to various AI model providers.
We do not use your content to train AI models. However, the underlying AI model providers may process your inputs according to their own data policies, which may include using inputs to improve or train their models. We do not control, and are not responsible for, how third-party AI model providers handle your inputs beyond the scope of processing your request.
To minimize exposure, we do not attach your identity (name, email, or user ID) to AI analysis requests — only the session content necessary for analysis is transmitted. You can choose not to use the AI Intelligence feature, in which case no session content is transmitted to AI providers.
5. How We Use Your Information
We use collected information exclusively for:
- Account management: Authenticating your identity and maintaining your account status
- Service delivery: Enforcing usage limits and processing purchases
- Product improvement: Analyzing aggregated, anonymous usage patterns to improve features and user experience
- Communication: Sending push notifications you have opted into (e.g., feature updates, usage reminders)
- Security and fraud prevention: Verifying device integrity via App Attest, enforcing per-device signup limits via DeviceCheck, detecting automated abuse via rate limiting and anomaly detection, and verifying purchase transactions with Apple
We do not sell, rent, or share your personal information with third parties for advertising or marketing purposes.
6. Data Security
- All communication between the App and our servers uses HTTPS (TLS encryption in transit)
- Authentication tokens are stored in the iOS Keychain (hardware-encrypted, survives reinstall)
- Server-side data is stored in a secure database with row-level security policies, encrypted at rest
- No secret API keys are stored in the App binary — all third-party API keys are server-side only
- Balance operations use atomic database transactions to prevent race conditions
- All API requests from the App are cryptographically signed using Apple's App Attest, preventing unauthorized access from outside the App
- Per-user, per-endpoint rate limiting prevents abuse
- Automated anomaly detection identifies and blocks suspicious usage patterns
7. Data Retention & Account Deletion
7.1 While Your Account Is Active
- Account data: Retained as long as your account is active.
- Analytics events: Retained for up to 24 months for trend analysis, then automatically purged.
- On-device data: Remains on your iPad until you delete the App or individual sessions. We have no ability to delete on-device data remotely.
- Purchased credits: Automatically expire 1 month from purchase.
7.2 When You Delete Your Account
You can delete your account from within the App (Settings → Delete Account). When you do, we delete the following from our servers immediately and permanently:
- Your authentication record (email, user identifier, session tokens)
- Usage logs (transcription/translation/AI consumption records)
- Credit balances and purchase records
- User balance record (remaining minutes, session count)
- Transaction records (purchase history)
- Push notification device token
- App Attest public key and attestation challenges
- Rate limit records
- Any admin action records associated with your account
7.3 What We Retain After Account Deletion
The following data is retained after account deletion:
- Apple "sub" identifier — an opaque, anonymous, app-scoped string (described in Section 2.8). Retained indefinitely to prevent free allocation abuse. Cannot identify you personally. Stored in an isolated, access-restricted table.
- Anonymized analytics events — your analytics events (e.g., "session_started," "pdf_exported") are kept for aggregate trend analysis, but the user identifier is removed (set to null). These anonymized records cannot be traced back to you.
These retentions are permitted under Apple's App Store Review Guidelines (5.1.1(v)) and applicable privacy laws as legitimate fraud prevention and product improvement measures.
7.4 On-Device Data
Deleting your account does not delete data stored locally on your iPad (transcripts, notes, photos, sessions). To remove on-device data, delete individual sessions within the App or uninstall the App entirely.
8. Your Rights
You have the right to:
- Access: Request a copy of the personal data we hold about you
- Deletion: Request deletion of your account and all associated server-side data
- Correction: Request correction of inaccurate account information
- Opt out of notifications: Disable push notifications at any time via iPad Settings or the in-app Settings toggle
- Withdraw consent: Stop using the App at any time; your on-device data remains under your control
To exercise any of these rights, contact us at support@wtheory.com.
9. Children's Privacy
Waymark is not directed at children under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal information, we will take steps to delete it promptly.
10. International Data Transfers
West Solution Consulting Corp is based in Canada. Our server infrastructure is hosted in the United States. By using Waymark, you consent to the transfer of your account data to Canada and the United States. We ensure that appropriate safeguards are in place in accordance with applicable data protection laws.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date at the top and, where appropriate, notify you through the App. Continued use of Waymark after changes constitutes acceptance of the updated policy.
12. Contact Us
If you have any questions or concerns about this Privacy Policy or our data practices, please contact us:
- Email: support@wtheory.com
- Company: West Solution Consulting Corp.
- Country: Canada