WOS Wontopos WOS
Back to site사이트로
Legal법적 고지
Terms of Service이용약관 Privacy Policy개인정보처리방침 Data Processing (DPA)데이터 처리 계약 Service Level (SLA)서비스 수준 협약 Acceptable Use (AUP)이용 정책

Privacy Policy

Last Updated: 2026-06-29 Company: Wontopos, L.L.C.


1. Overview

This Privacy Policy describes how Wontopos, L.L.C. ("we", "us", "our") collects, uses, and protects information in connection with our AI Memory API Service ("Service", product name: WOS). This policy applies to all clients, whether individuals or organizations, and their authorized users.

This policy is designed to comply with the Republic of Korea Personal Information Protection Act (PIPA / 개인정보보호법) and the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), as applicable. The Service is not offered to individuals in the EU/EEA.

2. Information We Collect

2.1 Account Information

  • Company name, contact name, email address
  • Billing information (processed by Stripe, our third-party payment provider; we do not store full card details)
  • API usage logs (request timestamps, volume, error rates)

2.2 Client Data

Data submitted through the API by Clients is governed by our Data Processing Agreement (DPA), not this Privacy Policy. We process Client Data only as a data processor on behalf of the Client.

2.3 Technical and Analytics Data

  • IP addresses and access logs for security and debugging
  • API performance metrics (pseudonymized or aggregated)
  • Product usage analytics collected via PostHog (pseudonymized or aggregated; opt-out available, see Section 8)

3. How We Use Information

We use collected information to:

  • Provide, maintain, and improve the Service
  • Process usage-based payments against a prepaid balance
  • Send service-related communications (outages, updates, security notices)
  • Compile pseudonymized or aggregated usage statistics for service improvement
  • Comply with legal obligations
  • Prevent fraud and abuse

For the Tablet model, WOS performs no LLM inference in the storage or retrieval path: retrieval is embedding-based search and ranking only. For the Scroll model, WOS also uses a large language model provided by one of our LLM sub-processors (Google, Anthropic, or OpenAI) to interpret and reformulate the query within the retrieval path — only the query text is sent to that provider, never the stored memories (see DPA Section 8). The Codex model performs reasoning with a Wontopos-operated model on isolated, per-tenant storage kept separate from the shared memory; it is disclosed in the Data Processing Agreement before it processes Client Data. In all cases, Wontopos never uses Client Data to train, fine-tune, or improve any model.

We do not:

  • Sell or rent your information to third parties
  • Use Client Data for advertising

4. Automated Processing

WOS uses vector embedding (via an embedding sub-processor that, under its terms, does not retain Client Data for its own purposes) to convert text into numerical representations for memory storage and retrieval. This is a technical operation required to provide the Service and does not constitute profiling or automated decision-making about individuals.

For the Tablet model, WOS performs no LLM inference in the storage or retrieval path: retrieval is embedding-based search and ranking only. For the Scroll model, WOS also uses a large language model provided by one of our LLM sub-processors (Google, Anthropic, or OpenAI) to interpret and reformulate the query within the retrieval path — only the query text is sent to that provider, never the stored memories (see DPA Section 8). The Codex model performs reasoning with a Wontopos-operated model on isolated, per-tenant storage kept separate from the shared memory; it is disclosed in the Data Processing Agreement before it processes Client Data. In all cases, Wontopos never uses Client Data to train, fine-tune, or improve any model.

Clients who object to this technical processing may submit a request through the form on our website at wontopos.com/contact, though doing so will prevent use of the Service.

5. Data Sharing

We share information only with:

  • Sub-processors necessary to operate our infrastructure (see DPA Section 8 for the full list)
  • Stripe for payment processing (governed by Stripe's Privacy Policy)
  • Legal authorities when required by law, court order, or to protect our legal rights
  • Business successors in the event of a merger or acquisition (with prior notice)

We do not sell personal data to third parties.

5.2 Processing of Client Data

For the Tablet model, WOS performs no LLM inference in the storage or retrieval path: retrieval is embedding-based search and ranking only. For the Scroll model, WOS also uses a large language model provided by one of our LLM sub-processors (Google, Anthropic, or OpenAI) to interpret and reformulate the query within the retrieval path — only the query text is sent to that provider, never the stored memories (see DPA Section 8). The Codex model performs reasoning with a Wontopos-operated model on isolated, per-tenant storage kept separate from the shared memory; it is disclosed in the Data Processing Agreement before it processes Client Data. In all cases, Wontopos never uses Client Data to train, fine-tune, or improve any model.

6. Data Security

We implement industry-standard security measures including encryption at rest with a customer-managed AWS KMS key (90-day rotation), TLS 1.2+ encryption in transit, and strict access controls. Amazon GuardDuty threat detection is enabled (15-minute finding frequency). See our DPA for full technical details.

7. Data Retention

  • Account information: Retained for the duration of the active service relationship, plus 60 days after account termination, after which it is permanently deleted
  • API logs: Retained for 90 days
  • Client Data: Per the DPA deletion schedule (30-day export window + 60-day permanent deletion after termination)
  • Inactivity deletion: We may delete Client Data, including data held in the vector store, after a prolonged period of inactivity (for example, three or more years) following reasonable advance notice to the registered contact.

8. Cookies and Tracking

We use PostHog for product analytics. PostHog is configured to minimize personal data; IP addresses are discarded or anonymized and we do not send account email or names to PostHog. Where IP addresses or other identifiers are involved, data is pseudonymized or aggregated.

PostHog may set cookies or use similar local storage to measure product usage. To opt out of PostHog analytics, submit a request through the form on our website at wontopos.com/contact or follow the opt-out instructions in the Service dashboard.

9. Your Rights

Depending on your jurisdiction, you may have the following rights:

Under PIPA (Republic of Korea / 개인정보보호법):

  • Right to access personal information (열람)
  • Right to correction (정정)
  • Right to deletion (삭제)
  • Right to suspension of processing (처리 정지)

Under CCPA/CPRA (California):

  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to correct inaccurate personal information
  • Right to opt-out of sale or sharing (we do not sell or share personal information)
  • Right to limit use of sensitive personal information
  • Right to non-discrimination for exercising rights

To exercise any of these rights, submit a request through the form on our website at wontopos.com/contact. We will respond within 10 days (PIPA), and within the timeframes required by other applicable law.

For requests under CCPA/CPRA (California), we will acknowledge receipt within 10 business days and respond within 45 calendar days. Where reasonably necessary, we may extend the response period once by an additional 45 days, with notice to you of the extension and the reason for it. Before fulfilling a request, we may take reasonable steps to verify your identity. You may use an authorized agent to submit a request on your behalf, in which case we may require proof of the agent's authorization and verification of your identity. If we decline a request, you may appeal that decision by submitting a request through the form on our website at wontopos.com/contact.

10. International Data Transfers

Our servers are located in the United States (AWS us-east-1, N. Virginia). The Service is not offered to individuals or entities in the EU/EEA (see the Terms of Service). If you are located in South Korea or another jurisdiction with data-transfer restrictions, your data may be transferred to the United States; for transfers from South Korea we comply with the international-transfer provisions of PIPA (Article 28-8).

11. Minimum Age

Consistent with our eligibility requirement (Terms of Service Section 3), the Service is available only to individuals aged 18 or older. We do not knowingly collect personal information from anyone under the age of 18. If we become aware that we have collected personal information from a person under 18, we will delete it promptly.

Note: This refers to account holders and direct users of the Service. Where a Client stores end-user data through the API, the Client is responsible as the data controller for any age-related consent requirements applicable to their end users (including the under-14 legal guardian consent requirement under PIPA).

12. Privacy Officer

For inquiries under PIPA (Republic of Korea), our privacy officer (개인정보보호 책임자) can be reached by submitting a request through the form on our website at wontopos.com/contact.

13. Lawful Basis for Processing

We process personal data on the following legal bases, by category:

  • Account information (company name, contact name, email): performance of a contract (to establish and operate the service relationship) and compliance with legal obligations.
  • Billing and usage records: performance of a contract (to process usage-based payments against a prepaid balance) and compliance with legal obligations (for example, tax and accounting).
  • Security and access logs, IP addresses: legitimate interests in securing the Service, preventing fraud and abuse, and debugging.
  • Product analytics: legitimate interests in understanding and improving the Service, subject to the minimization and opt-out described in Section 8.

14. Personal Data Breach Notification

In the event of a personal data breach affecting Client Data or other personal information, we will notify affected controllers (and, where we act as controller, affected individuals and supervisory authorities) without undue delay after becoming aware of the breach, consistent with PIPA and applicable US state breach-notification laws. Notice will describe, to the extent known, the nature of the breach, the categories and approximate number of records affected, likely consequences, and measures taken or proposed.

15. Changes to This Policy

We will notify Clients of material changes to this policy at least 30 days in advance via dashboard notice.

16. Contact

For privacy inquiries, submit a request through the form on our website at wontopos.com/contact.

Item Detail
Company Wontopos, L.L.C.
Representative Wontopos, L.L.C. (its authorized representative)
Registered Agent Address 131 Continental Dr, Suite 305, Newark, DE 19713, USA
Contact Request form at wontopos.com/contact
← Previous이전 Terms of Service이용약관 Next다음 → Data Processing (DPA)데이터 처리 계약
WOSWontoposWOS
Won + Topos - one place where memory lives.
Product
Why WOS Benchmark Pricing For agents
Developers
Docs API SDKs
Legal
Terms of Service Privacy Policy Data Processing (DPA) SLA Acceptable Use
Start
Get API key Contact Self-host