Last updated: March 3, 2026
WayJet LLC ("WayJet," "we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our AI-powered health analysis platform at assistant.wayjet.io (the "Service"). This policy applies to all users of our Service, regardless of location, and is designed to comply with applicable United States federal and state privacy laws, including the California Consumer Privacy Act (CCPA/CPRA), the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), and other applicable regulations. By using our Service, you acknowledge that you have read and understood this Privacy Policy.
We collect information in the following categories: (a) Information You Provide Directly: Account information (email address, username, password hash), health profile data (allergies, medical conditions, dietary preferences, gender, height, weight, date of birth), uploaded content (medical reports, prescriptions, food labels, nutrition labels, contracts, and other documents), and communications you send to us (support requests, feedback). (b) Information Collected Automatically: Device information (device type, operating system, browser type and version), IP address and approximate geolocation, usage data (pages visited, features used, analysis requests, timestamps), cookies and similar tracking technologies, and referral source. (c) Information from Third Parties: If you sign in using Google OAuth, we receive your name, email address, and profile picture from Google. We do not receive or store your Google password.
We use the information we collect for the following purposes: • Providing and operating the Service, including AI-powered analysis of your uploaded documents • Personalizing health insights based on your health profile • Maintaining your health history timeline and generating trend analysis • Processing payments and managing your subscription • Communicating with you about service updates, security alerts, and support • Improving and developing new features for the Service • Ensuring platform security, preventing fraud, and enforcing our Terms of Service • Complying with legal obligations We do NOT use your personal data for advertising purposes. We do NOT sell, rent, or trade your personal information to third parties for their marketing purposes.
Your health data — including medical reports, prescriptions, lab results, and health metrics — is classified as sensitive personal data and receives enhanced protection. • Consent: We process health data only with your explicit consent, which you provide when you upload documents for analysis. • Encryption: All health data is encrypted at rest using AES-256-GCM encryption and in transit using TLS 1.2+. • Processing: AI analysis is performed in real-time. Uploaded images are processed for analysis and stored encrypted in your account. • Medical Disclaimers: All AI-generated health insights include prominent disclaimers that they are for informational purposes only and do not constitute medical advice. • No Human Review: Your health documents are processed by AI systems only. No WayJet employee reviews your personal health data unless you explicitly request support assistance. • HIPAA Alignment: While WayJet is not a HIPAA-covered entity, we voluntarily follow HIPAA-aligned best practices for health data protection.
We may share your information only in the following limited circumstances: • AI Processing Providers: We use third-party AI service providers to perform document analysis. These providers process your data under strict contractual obligations and may not use it for any other purpose. • Cloud Infrastructure: We use Vercel for hosting. Your data is stored on servers located in the United States. • Authentication Providers: If you use Google Sign-In, Google processes your authentication data per their privacy policy. • Analytics: We use privacy-respecting analytics (Vercel Analytics and Google Analytics) to understand how users interact with our Service. Analytics data is aggregated and does not identify individual users. • Legal Requirements: We may disclose your information if required by law, regulation, legal process, or governmental request. • Business Transfers: In the event of a merger, acquisition, or sale of assets, your personal data may be transferred as part of the transaction. We will notify you of any such change. We do NOT sell your personal information. We have not sold personal information in the preceding 12 months.
We implement industry-standard security measures to protect your personal information: • AES-256-GCM encryption for health data at rest • TLS 1.2+ encryption for all data in transit • httpOnly, Secure, SameSite cookies for authentication • bcrypt password hashing with appropriate cost factors • Rate limiting on all API endpoints • Regular security assessments and code reviews • Access controls limiting employee access to personal data on a need-to-know basis • Incident response procedures for potential data breaches While we strive to use commercially acceptable means to protect your personal data, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security.
We use the following types of cookies: • Essential Cookies: Required for authentication and core platform functionality. These cannot be disabled. • Analytics Cookies: Used to understand how visitors interact with our Service (via Vercel Analytics and Google Analytics). These are optional and can be declined via our cookie consent banner. You can control cookies through your browser settings. Note that disabling essential cookies may prevent you from using certain features of the Service. We honor Do Not Track (DNT) signals. When we detect a DNT signal, we disable non-essential analytics tracking for that session.
Depending on your location, you may have the following rights regarding your personal data: • Right to Know/Access: Request information about what personal data we collect, use, and share. • Right to Delete: Request deletion of your personal data. You can delete individual records or your entire account via account settings. • Right to Correct: Request correction of inaccurate personal data. • Right to Data Portability: Request a copy of your data in a structured, commonly used format. • Right to Opt-Out: Opt out of the sale or sharing of personal information (note: we do not sell personal information). • Right to Non-Discrimination: We will not discriminate against you for exercising any of these rights. To exercise these rights, visit your account settings or email privacy@wayjet.io. We will respond to verifiable requests within 45 days (or 30 days for GDPR requests). You may also designate an authorized agent to submit requests on your behalf.
If you are a California resident, the California Consumer Privacy Act (as amended by the CPRA) provides you with additional rights: • Right to Know: You may request the categories and specific pieces of personal information we have collected about you, the sources of collection, the business purpose for collection, and the categories of third parties with whom we share it. • Right to Delete: You may request deletion of personal information we have collected from you, subject to certain exceptions. • Right to Correct: You may request correction of inaccurate personal information. • Right to Opt-Out of Sale/Sharing: We do not sell or share (as defined by the CCPA) your personal information. • Right to Limit Use of Sensitive Personal Information: You may limit our use of sensitive personal information (including health data) to purposes necessary to provide the Service. • Right to Non-Discrimination: We will not deny services, charge different prices, or provide different quality of service for exercising your CCPA rights. Categories of personal information collected in the last 12 months: Identifiers (email, username, IP address), health information (uploaded medical documents, health profile data), internet activity information (usage data, device information), and inferences drawn from the above. To submit a CCPA request, email privacy@wayjet.io with the subject line "CCPA Request" or visit your account settings.
Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), and other states with comprehensive privacy laws have similar rights to access, delete, correct, and opt out of certain processing of their personal data. If you are a resident of one of these states, you may exercise your rights by contacting us at privacy@wayjet.io. If we decline your request, you have the right to appeal our decision.
We retain your personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy: • Account Data: Retained for as long as your account is active. • Health Analysis Records: Retained until you delete them or delete your account. • Usage Analytics: Aggregated analytics data is retained for up to 24 months. • Support Communications: Retained for up to 12 months after resolution. Upon account deletion, all associated personal data is permanently removed from our systems within 30 days. Backup copies are purged within 90 days.
Our Service is operated from the United States. If you are accessing the Service from outside the United States, please be aware that your data will be transferred to, stored, and processed in the United States, where our servers are located. By using our Service, you consent to the transfer of your information to the United States. We take appropriate measures to ensure that your personal data receives an adequate level of protection.
Our Service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13 in compliance with the Children's Online Privacy Protection Act (COPPA). Users between the ages of 13 and 16 may use the Service only with parental or guardian consent. If we learn that we have collected personal information from a child under 13, we will promptly delete it. If you believe a child under 13 has provided us with personal information, please contact us at privacy@wayjet.io.
Our Service may contain links to third-party websites or services that are not operated by us. We have no control over and assume no responsibility for the content, privacy policies, or practices of third-party sites. We encourage you to review the privacy policy of every site you visit.
In compliance with the California Online Privacy Protection Act (CalOPPA), we honor Do Not Track (DNT) browser signals. When we detect a DNT signal, we will not load non-essential analytics or tracking scripts for that browsing session.
In the event of a data breach that compromises your personal information, we will notify affected users via email within 72 hours of discovery, in accordance with applicable state breach notification laws. We will also notify relevant authorities as required by law.
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page, updating the "Last updated" date, and sending an email notification to registered users. Your continued use of the Service after changes are posted constitutes your acceptance of the revised policy.
If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us: WayJet LLC Email: privacy@wayjet.io Website: https://assistant.wayjet.io For CCPA-specific requests, include "CCPA Request" in your subject line. We aim to respond to all privacy inquiries within 30 days.
We use cookies
We use essential cookies for authentication and optional analytics cookies to improve our service. Privacy Policy