Wholisphere
Sign in Start free
Privacy

Privacy policy

Last updated: 2026-04-18.

Plain English summary: we collect the minimum data needed to make the agent work, scrub PII before it reaches any LLM, and never sell your data. Customers control retention and can delete everything at any time. This page is the formal version.

1. What we collect

  • Account data — email, organization name, billing details (held by Stripe).
  • Usage data — capability invocations, latency, errors. Used to bill correctly and improve the product.
  • Audit log — for each agent action, an entry of what was done and on what URL. Not the page content itself.
  • Telemetry — opt-in only. PII-scrubbed counts of which features are used.

2. What we don't collect

  • We do not record video or full-session replays.
  • We do not store the literal contents of pages users visit.
  • We do not sell or share data with advertisers.
  • We do not fingerprint visitors.

3. PII handling

Before any text reaches an LLM, our PII scrubber redacts emails, phones, SSNs, credit-card-shaped numbers, and API-key-shaped tokens. Customers on Platform plans can add custom redaction rules.

4. Data residency

Free + Pro plans default to US-region storage (Cloudflare D1, Cloudflare KV, Cloudflare R2). EU customers on Platform plans can pin their org to EU regions.

5. Sub-processors

  • Cloudflare — hosting, edge cache, KV, D1, R2.
  • Stripe — billing.
  • Google AI Studio — LLM inference (text + vision).
  • Anthropic — LLM inference (Claude vision + reasoning).
  • Resend — transactional email (magic-link sign-in).
  • Sentry — error tracking (no PII).

6. Your rights

Under GDPR / CCPA you have the right to access, correct, port, and delete your data. From your dashboard you can:

  • Export your audit log + organization data as JSON
  • Delete your account (irreversible; Stripe records retained for tax purposes)
  • Revoke any API key

For requests: privacy@wholisphere.ai.

7. Retention

Audit logs: 12 months hot in D1, archived to R2 for an additional 5 years (configurable on Platform). Sessions: 30 days from last use. Magic links: 15 minutes. Sub-processor logs follow each provider's policy.

8. Contact

Data Protection Officer: privacy@wholisphere.ai.