Privacy Policy

Waymark — by West Solution Consulting Corp.
Effective Date: March 30, 2026  |  Last Updated: April 18, 2026
Policy Version: 2026-04-18

1. Introduction

Waymark ("the App") is an iPadOS productivity application developed and operated by West Solution Consulting Corp. ("we," "us," or "our"), based in Canada. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data.

By agreeing to this Privacy Policy, you expressly consent to the collection, use, and transmission of your data to the third-party providers identified in Section 4 for the purposes described in this policy. If you do not agree, you may not use the App.

2. Information We Collect

2.1 Account Information (via Sign in with Apple)

When you sign in, Apple provides us with:

• A unique user identifier — a random, anonymous ID generated by Apple specific to our app. This is not your Apple ID.
• Your name (if you choose to share it) — provided once at initial sign-in.
• An email address — Apple may provide your real email or a private relay address, depending on your choice during sign-in.

We store your user identifier and email in our authentication system solely for account management, purchase association, and support purposes.

2.2 Purchase & Usage Data

We maintain a server-side record of your account to manage your purchases and enforce usage limits:

2.3 Transaction Records

When you make a purchase, we store:

• Apple transaction ID (for verification and fraud prevention)
• Product identifier and type
• Timestamp of the transaction

We do not store your payment method, credit card number, or Apple ID password. All payment processing is handled entirely by Apple through the App Store.

2.4 Aggregated Analytics Events

We collect lightweight, non-identifying behavioral events to understand how Waymark is used and improve the experience. Each event includes:

Analytics events are stored on your device and uploaded periodically to our server. They contain no session content — no transcripts, notes, translations, photos, or any text you have created.

2.5 Device Security Data

To protect the integrity of our service and prevent abuse, Waymark uses Apple's built-in device security services to verify that requests originate from a genuine copy of the App running on a real Apple device. We also enforce a limit of 3 account registrations per physical device (lifetime). These security measures do not collect personal information and cannot be used to identify you.

2.6 Push Notification Token

If you enable push notifications, Apple provides a device token that we store on our server to deliver notifications. If you reinstall the App, old tokens for your account are automatically replaced with the new one.

2.7 Usage Logs

When you use transcription, translation, or AI analysis features, we log the resource type and amount consumed (e.g., "transcription: 2.5 minutes") for billing accuracy. These logs do not contain the content of your transcription or translation.

2.8 Free Allocation Identifier

To prevent abuse of the free allocation (e.g., deleting an account and re-registering to receive free credits repeatedly), we retain a single opaque, anonymous identifier after account deletion. This identifier is generated by Apple, cannot be used to identify you personally, and is stored in an isolated table used solely to check whether the free allocation has already been claimed.

This identifier is retained for a maximum of seven (7) years after account deletion, as permitted by Apple's App Store Review Guidelines (5.1.1(v)) for fraud prevention purposes. All other account data is deleted — see Section 7.

3. Information We Do NOT Collect or Store on Our Servers

All session data is stored locally on your iPad. We have no ability to access, read, or recover this data.

Transient Data Transmission: While session content is never stored on our servers, certain content is transmitted transiently to service providers during active feature use (see Section 4). Specifically:

• Audio is streamed in real time to our speech-to-text provider during recording — it is not stored after processing.
• Text segments are sent to our translation provider during real-time translation — they are not stored on our servers.
• Transcripts, notes, and photos are sent to AI language model providers only when you explicitly tap the "Analyze" button — they are never sent automatically.

Third-Party Personal Information in Recordings: When you use Waymark to record or transcribe conversations, your recordings may contain the personal information of other individuals (such as their voice, name, or statements). You are solely responsible for obtaining all necessary permissions and consents from any individuals whose personal information may be captured in your recordings before using the App's recording, transcription, or translation features. We process this data transiently on your behalf and do not store it on our servers.

In all cases, the data passes through our secure server (which does not retain the content) before reaching the service provider. See Section 4 for details on each provider's data handling practices.

4. Third-Party Services

Waymark uses the following named third-party service providers to deliver its core features. Your data is transmitted to these providers only during active use of the corresponding feature, and only the minimum data necessary for the feature to function is sent. No user identity (name, email, or user ID) is sent to any transcription, translation, or AI analysis provider. All third-party providers identified in this Section 4 operate independently, and we do not have the ability to control or influence their data handling policies or infrastructure operations.

4.1 Speech-to-Text — Deepgram Inc.

Deepgram Privacy Policy  |  Deepgram Terms of Service

4.2 Translation — Google Cloud Translation API (Google LLC)

Google Cloud Privacy Notice  |  Google Cloud Terms of Service

4.3 Intelligence Analysis — OpenRouter Inc. → AI Model Providers

OpenRouter Privacy Policy  |  OpenRouter Terms of Service

4.3.1 AI Models

All AI models are accessed through OpenRouter under the same data handling practices described in this policy. We may add, remove, or replace AI models at any time to improve quality, reliability, or cost, provided they are accessed through the same intermediary (currently OpenRouter) under equivalent data handling practices. The current models in use are:

These models are provided by independent third-party providers and hosted on infrastructure selected by OpenRouter. For details on each model's supplier, visit www.openrouter.ai.

Important: Please do not use Waymark's Intelligence Analysis feature for gathering or processing sensitive, confidential, or personally identifiable information. By using this feature, you acknowledge that your content will be processed by third parties whose policies are outside our control.

4.4 Apple Inc.

Apple Privacy Policy

4.5 Important Disclosures About Third-Party Data Handling

• Each third-party provider operates as an independent data controller with respect to the data they receive and is solely responsible for their handling of that data.
• West Solution Consulting Corp. does not collect, store, or retain any user session content on its servers. All session data passes through transiently during processing.
• We do not control third-party data handling. For details on how each provider processes your data, please visit their respective privacy policies linked above.
• The AI model hosting providers, OpenRouter, and the AI model creators will have access to your session data (transcript, notes, photos) when you use the Intelligence Analysis feature. We direct you to review their privacy policies and terms of service for complete details.

4.6 AI Model Training Disclosure

When you use the AI Intelligence feature, your session content (transcript text, notes, and photos) is sent to third-party AI language model providers for analysis.

We do not use your content to train AI models. We cannot guarantee that third-party providers do not use your data for their own purposes — refer to their individual policies linked above. The underlying AI model providers may process your inputs according to their own data policies, which may include using inputs to improve or train their models. We do not control, and are not responsible for, how third-party AI model providers handle your inputs beyond the scope of processing your request.

To minimize exposure, we do not attach your identity (name, email, or user ID) to AI analysis requests — only the session content necessary for analysis is transmitted. You can choose not to use the AI Intelligence feature, in which case no session content is transmitted to AI providers.

5. How We Use Your Information

We use collected information exclusively for:

• Account management: Authenticating your identity and maintaining your account status
• Service delivery: Enforcing usage limits and processing purchases
• Product improvement: Analyzing aggregated, anonymous usage patterns to improve features and user experience
• Communication: Sending push notifications you have opted into (e.g., feature updates, usage reminders)
• Security and fraud prevention: Verifying device integrity, enforcing per-device signup limits, detecting abuse, and verifying purchase transactions with Apple

We do not sell, rent, or share your personal information with third parties for advertising or marketing purposes. Under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), we definitively state that we "Do Not Sell" or "Share" your personal information.

6. Data Security

We take the security of your data seriously and implement industry-standard measures to protect it:

• All communication between the App and our servers is encrypted in transit
• Authentication credentials are stored securely on your device using Apple's hardware-level encryption
• Server-side data is stored securely with strict access controls and encrypted at rest
• All API requests from the App are verified for authenticity to prevent unauthorized access
• We employ measures to detect and block abusive or suspicious activity

Data Breach Notification: In the highly unlikely event of a material data breach affecting our servers, we will notify affected users via email or push notification within the legally required timeframes. Please note that because your personal session content (transcripts, audio, notes, translations) is stored exclusively on your local device and is never uploaded to our servers, it cannot be exposed by a breach of our infrastructure.

7. Data Retention & Account Deletion

7.1 While Your Account Is Active

• Account data: Retained as long as your account is active.
• Analytics events: Retained for up to 24 months for trend analysis, then automatically purged.
• On-device data: Remains on your iPad until you delete the App or individual sessions. We have no ability to delete on-device data remotely.
• Purchased credits: Automatically expire 1 month from purchase.

7.2 When You Delete Your Account

You can delete your account from within the App (Settings → Delete Account). When you do, we delete the following from our servers immediately and permanently:

• Your authentication record (email, user identifier, session tokens)
• Usage logs (consumption records)
• Credit balances and purchase records
• Transaction records (purchase history)
• Push notification device token
• Device verification records
• Any other records associated with your account

7.3 What We Retain After Account Deletion

The following data is retained after account deletion:

• Anonymous identifier — an opaque, app-scoped identifier generated by Apple (described in Section 2.8). Retained for a maximum of seven (7) years to prevent free allocation abuse. Cannot identify you personally.
• Anonymized analytics events — your analytics events (e.g., "session_started," "pdf_exported") are kept for aggregate trend analysis, but the user identifier is removed. These anonymized records cannot be traced back to you.
• Anonymized consent records — we retain a record of your consent history (policy version consented to and timestamp) even after account deletion. This record is retained for a maximum of seven (7) years for legal compliance and dispute resolution purposes, consistent with applicable statutory limitation periods and Canadian tax record-keeping requirements. Upon account deletion, your user identifier is removed from the consent record, which is then linked to an opaque identifier that cannot be used to identify you personally.

These retentions are permitted under Apple's App Store Review Guidelines (5.1.1(v)) and applicable privacy laws as legitimate fraud prevention, legal compliance, and product improvement measures.

7.4 On-Device Data

Deleting your account does not delete data stored locally on your iPad (transcripts, notes, photos, sessions). To remove on-device data, delete individual sessions within the App or uninstall the App entirely.

8. Your Rights

You have the right to:

• Access: Request a copy of the personal data we hold about you
• Deletion: Request deletion of your account and all associated server-side data
• Correction: Request correction of inaccurate account information
• Opt out of notifications: Disable push notifications at any time via iPad Settings or the in-app Settings toggle
• Withdraw consent: You may withdraw your consent at any time by discontinuing use of the App and deleting your account via Settings → Delete Account. Note that withdrawal of consent does not affect the lawfulness of any processing performed prior to withdrawal. Once data has been transmitted to third-party providers during your use of the App, we do not have the capability to retrieve, reverse, or delete that data from their systems. You are directed to contact each provider directly regarding any data they may have processed.

To exercise any of these rights, contact us at support@wtheory.com.

9. Children's Privacy and Age Requirements

Waymark is not directed at children or any individuals under the age of 18 (or the applicable age of legal majority in your jurisdiction). We do not knowingly collect personal information from anyone under 18. In compliance with the Children's Online Privacy Protection Act (COPPA) and the General Data Protection Regulation regarding children (GDPR-K), if we become aware that an individual under 18 has provided us with personal information, we will take immediate steps to delete their account and associated data promptly.

10. International Data Transfers

West Solution Consulting Corp. is based in Canada. By using Waymark, you consent to the transfer of your account data to jurisdictions where our infrastructure is hosted, including the United States (where our third-party service providers are primarily located). Canada has been recognized by the European Commission as providing an adequate level of data protection under the Personal Information Protection and Electronic Documents Act (PIPEDA). We ensure that appropriate safeguards are in place in accordance with applicable data protection laws, and we select service providers who maintain industry-standard security practices.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes — such as adding new categories of third-party service providers, sharing new types of data, or changing the intermediary used for AI analysis — we will update the "Last Updated" date and Policy Version at the top, and require you to review and accept the updated policy before continuing to use the App. Non-material changes (such as adding or replacing AI models accessed through the same intermediary under equivalent data handling practices) do not require re-acceptance.

12. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us:

• Email: support@wtheory.com
• Company: West Solution Consulting Corp.
• Country: Canada