WebAir.AI

Privacy Policy

Effective date: March 31, 2026

1. Introduction

WebAir Technologies, Inc. (“WebAir,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use WebAir AI and our related services (collectively, the “Service”).

By using the Service, you consent to the data practices described in this Privacy Policy. If you do not agree, please do not use the Service.

2. Information We Collect

Account Information

When you create an account, we collect:

  • Name and email address
  • Company name (if provided)
  • Payment and billing information (processed securely by our payment processor)
  • Account preferences and settings

Conversation Data

When you use the Service, we process:

  • Prompts and messages you send through the chat interface
  • AI-generated responses returned to you
  • Files, documents, and data you upload or reference
  • Memory data — context, preferences, and information the system retains across conversations

Connected Tool Data

When you connect third-party business tools (such as HubSpot, QuickBooks, Gmail, Slack, or Notion), we access data from those tools only as needed to fulfill your requests. We do not store bulk data from connected tools — we retrieve information on demand when you ask a question that requires it.

Usage Data

We automatically collect:

  • Device information (browser type, operating system)
  • IP address and approximate location
  • Pages visited and features used
  • Timestamps and session duration
  • Referring URLs

3. How We Use Your Information

We use your information to:

  • Provide, operate, and maintain the Service
  • Process your prompts through AI models and return responses
  • Maintain your unified memory across models and sessions
  • Connect to and retrieve data from your authorized business tools
  • Process payments and manage your subscription
  • Send transactional communications (account confirmations, billing notices, security alerts)
  • Improve the Service, including performance, reliability, and user experience
  • Detect, prevent, and address technical issues and security threats
  • Comply with legal obligations

4. How AI Model Requests Work

This is important: all AI model API calls are made from WebAir’s servers, not from your device. Here is how it works:

  1. You send a message through the WebAir AI chat interface
  2. Your message is transmitted over an encrypted connection (TLS 1.3) to WebAir’s infrastructure, hosted on Google Cloud Platform
  3. Our AI decision engine analyzes your message and selects the optimal AI model
  4. WebAir’s servers send an API request to the selected model provider (e.g., OpenAI, Anthropic, Google) on your behalf
  5. The model provider processes the request and returns a response to WebAir’s servers
  6. WebAir delivers the response to you through the chat interface

This architecture means that AI model providers see API requests coming from WebAir, not from you personally. Your identity, account information, and business context are not shared directly with model providers.

5. Data We Never Use for Training

Your data is never used to train any AI model — ours or anyone else’s. This includes:

  • Your prompts and messages
  • AI-generated responses
  • Your unified memory data
  • Data from connected business tools
  • Files and documents you upload

We contractually require that our AI model providers do not use API inputs for training purposes. We select providers that offer enterprise API terms with no-training commitments.

6. Encryption and Security

All conversations, memory data, and stored information are encrypted:

  • In transit: All data transmitted between your device and our servers, and between our servers and AI model providers, is encrypted using TLS 1.3
  • At rest: All stored data, including conversations, memory, account information, and connected tool credentials, is encrypted using AES-256 encryption
  • Infrastructure: The Service is hosted on Google Cloud Platform, which maintains SOC 1, SOC 2, SOC 3, ISO 27001, and ISO 27017 certifications

We maintain SOC 2 Type II certification, demonstrating that our security controls have been independently audited and validated over a twelve-month observation period.

Additional security measures include:

  • Network segmentation and least-privilege access controls
  • Multi-factor authentication for all internal systems
  • Automated vulnerability scanning and patch management
  • 24/7 infrastructure monitoring with automated alerting
  • Documented incident response procedures
  • Background checks and security training for all personnel

7. Data Sharing and Disclosure

We do not sell your personal information. We share your information only in the following circumstances:

AI Model Providers

The content of your prompts is transmitted to the AI model provider selected for your request (e.g., OpenAI, Anthropic, Google). This is necessary to generate responses. As described above, these requests are made from our servers, not yours.

Connected Tool Providers

When you connect a third-party tool, we exchange data with that provider as needed to fulfill your requests, using the permissions you have granted.

Service Providers

We use trusted third-party service providers for payment processing, analytics, email delivery, and infrastructure. These providers are contractually obligated to protect your data and may only use it to provide services to us.

Legal Requirements

We may disclose your information if required by law, regulation, legal process, or governmental request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

8. Data Retention

We retain your data for as long as your account is active and as needed to provide the Service. Specifically:

  • Account data: Retained while your account is active and for 30 days after deletion request
  • Conversation data: Retained while your account is active; deleted upon account deletion
  • Memory data: Retained while your account is active; deleted upon account deletion
  • Billing records: Retained for 7 years as required by applicable tax and financial regulations
  • Usage logs: Retained for 90 days for security and debugging purposes

You may request deletion of your account and associated data at any time by contacting us at hello@webairai.com.

9. Your Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal data
  • Portability: Request your data in a structured, machine-readable format
  • Restriction: Request restriction of processing of your data
  • Objection: Object to processing of your data for certain purposes
  • Withdrawal of consent: Withdraw consent where processing is based on consent

To exercise any of these rights, contact us at hello@webairai.com. We will respond within 30 days.

10. GDPR Compliance (European Users)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, the following additional provisions apply:

  • We process your data under the legal bases of contract performance (to provide the Service), legitimate interests (to improve and secure the Service), and consent (for optional analytics and marketing)
  • Data processing agreements are available upon request
  • We offer configurable data residency for EU customers
  • You have the right to lodge a complaint with your local supervisory authority

11. CCPA Compliance (California Users)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights:

  • The right to know what personal information we collect, use, and disclose
  • The right to request deletion of your personal information
  • The right to opt out of the sale of personal information — we do not sell personal information
  • The right to non-discrimination for exercising your privacy rights

12. Children’s Privacy

The Service is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information.

13. International Data Transfers

The Service is hosted on Google Cloud Platform in the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States. We take appropriate safeguards to ensure your data is protected in accordance with this Privacy Policy, including standard contractual clauses where required.

14. Changes to This Policy

We may update this Privacy Policy from time to time. The most current version will always be posted on this page with an updated effective date. If we make material changes, we will notify you by email or through the Service. Your continued use of the Service after changes become effective constitutes your acceptance of the revised Privacy Policy.

15. Contact

If you have any questions about this Privacy Policy or our data practices, please contact us:

For security-specific inquiries, including requests for our SOC 2 Type II report or HIPAA BAA, please email hello@webairai.comwith the subject line “Security Inquiry.”