Privacy Policy

1. Introduction

Wayden, Inc. ("Wayden," "we," "us," or "our") is committed to protecting the privacy and security of the information we collect and process. This Privacy Policy describes how we collect, use, disclose, and protect information in connection with the Wayden platform and AI agent services (the "Service") provided to licensed insurance agencies and brokerages ("Agency," "you," or "your"). Please read this policy in conjunction with our Terms of Service and Data Processing Addendum (DPA).

2. Who We Are

Wayden operates as a data controller when collecting information about Agency users directly for service provision. When agencies upload client data for processing through our AI agents, Wayden acts as a data processor, and the DPA governs that relationship. The Service is a business-to-business platform. Wayden does not knowingly collect personal information directly from insurance consumers or policyholders. Agencies are responsible for compliance with applicable privacy laws governing their client data.

3. Information We Collect

4. How We Use Information

5. No AI Model Training on Customer Data

Wayden will not use Agency Data — including insurance submission data, client records, policy information, voice recordings, or transcripts — for training external AI models or general commercial purposes. Any agency-specific customization requires a separate written agreement.

6. How We Share Information

7. Data Retention

• Agency Data: Retained during subscription plus 30 days post-termination for export, then deleted unless legally required.
• Account/Administrative Info: 7 years following closure, or longer as required by law.
• Voice Recordings: 90 days by default (configurable shorter by agency).
• Transcripts/Summaries: Duration of subscription.
• Audit Logs: Minimum 3 years for E&O documentation.

8. Data Security

Wayden implements commercially reasonable technical and organizational measures to protect your data, including TLS 1.2+ encryption in transit, AES-256 encryption at rest, role-based access controls, regular security assessments, and SOC 2 Type II compliance. While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We will notify affected agencies of any data breach in accordance with applicable law.

9. Cookies and Tracking

We use three categories of cookies: Strictly Necessary (required for core function), Functional (user preferences), and Analytics (aggregated usage data). We do not use third-party advertising cookies or share data with advertising platforms. You can manage cookie preferences through your browser settings.

10. State Privacy Rights

11. Recording Consent and TCPA

Agencies are solely responsible for TCPA compliance, including state-specific consent requirements, call recording disclosures, consent documentation, and do-not-call compliance. Wayden provides configurable features to support compliance but these do not substitute for legal advice.

12. Children's Privacy

The Service is directed to businesses only and is not intended for individuals under 18. Wayden does not knowingly collect personal information from children and will delete any such information if discovered.

13. International Data Transfers

Wayden operations are based in the United States. For any non-US data transfers, we use Standard Contractual Clauses or other lawful transfer mechanisms.

14. Changes to This Policy

We will notify agencies of material changes at least 30 days in advance via email to account administrators. Continued use of the Service after the effective date of changes constitutes acceptance.

15. Contact Us

For privacy inquiries, contact us at privacy@waydenai.com. For privacy rights requests, include "Privacy Rights Request" in the subject line with the specific right you wish to exercise. We will respond within legally required timeframes.