Privacy Policy

Who we are

Wyrework is an AI agent rule-encoding platform operated from Lisbon, Portugal. For the purposes of data protection law, Wyrework is the data controller for personal data collected through wyrework.ai and its tools, including the AI Risk Check.

Contact: sibyl@wyrework.ai

What we collect

Email address — when you join our waitlist or subscribe to our newsletter. Used to communicate with you about the platform and send content you opted into.

Assessment responses — when you use the AI Risk Check. The information you provide about your workflows is processed to generate your risk assessment. We do not store assessment responses beyond what is needed to deliver your results.

Technical data — standard server logs (IP address, browser type, pages visited). Used for security, performance monitoring, and understanding how people use the site. No tracking cookies or third-party analytics are used.

How we use your data

We process your data to provide the services you requested — delivering assessments, sending newsletters, and communicating about the platform. Our lawful basis under GDPR is legitimate interest (Article 6(1)(f)) for service delivery and consent (Article 6(1)(a)) for marketing communications.

We do not sell your data. We do not share it with advertisers. We do not use your inputs to train AI models. Assessment data is processed by our AI system to generate your results and is not retained for any other purpose.

Third-party processors

We use a limited number of third-party services to operate the platform. Each is bound by data processing agreements:

Supabase — database and authentication infrastructure. Supabase maintains a Data Processing Agreement (DPA) that covers GDPR obligations. Data is stored in the EU.

Anthropic — AI processing for the Risk Check assessment. Anthropic does not use API inputs for model training. Assessment inputs are processed and not retained by Anthropic beyond what is necessary for the API call.

Netlify — website hosting. Netlify processes technical data (server logs, IP addresses) as part of hosting. Netlify maintains GDPR-compliant data processing practices.

Data retention

We retain your data only as long as necessary to provide the service and comply with legal obligations. Email addresses are retained while you remain subscribed — you can unsubscribe at any time. Assessment data is not retained beyond delivering your results. Server logs are retained for a maximum of 90 days.

Your rights

Under GDPR and applicable data protection law, you have the right to access, correct, delete, restrict processing of, and port your personal data. You also have the right to object to processing based on legitimate interest, and to withdraw consent for marketing communications at any time.

To exercise any of these rights, contact sibyl@wyrework.ai. We will respond within 30 days.

If you believe we are not handling your data correctly, you have the right to lodge a complaint with the Portuguese data protection authority (CNPD) or your local supervisory authority.

International transfers

Some of our third-party processors operate outside the European Economic Area. Where data is transferred internationally, it is protected by appropriate safeguards including Standard Contractual Clauses (SCCs) or adequacy decisions, as required by GDPR Chapter V.