A) Privacy Policy
Last Updated: 2026-02-16
1. Introduction
Welcome to Waibloz AB (“we,” “our,” or “us”).
We value your privacy and are committed to protecting your personal information. This Privacy Policy explains how we collect, use, store, and protect information when you use our educational and learning platform, website, and related services (collectively, the “Service”).
By using our Service, you agree to this Privacy Policy. If you do not agree, please discontinue use of our platform.
2. About Our Service
Waibloz AB is an educational platform designed to support learning, creativity and personalized study and workplace assistance experiences.
We use Google Cloud Platform (GCP) to provide secure storage and AI-powered analysis essential to our services.
3. Information We Collect
We collect only the information necessary to operate our platform.
a. Information You Provide
- Name, email address, or username (if account creation is required)
- Educational content you upload or create (e.g., text prompts, notes or images)
- Feedback or messages sent to us via the platform or email
b. Automatically Collected Information
When you use the Service, we may automatically collect:
- Device information (browser type, operating system)
- IP address and general location data (non-specific, for analytics)
- Usage data (features used, time spent, and interactions)
- Cookies or similar technologies for login sessions and analytics
c. Data Processed by Google
Content you upload is temporarily processed on GCP servers for AI generation and secure storage. Google does not use this data for advertising or marketing purposes. For more details, refer to Google’s policies:
4. How We Use Your Information
4.1. Purposes & Legal Basis We process your personal data for the following specific purposes and legal bases:
- (a) Service Delivery (Contractual Necessity): To provide the educational platform, generate AI-based content, and manage your account and subscription.
- (b) Personalization (Legitimate Interest): To adapt learning materials and AI output to your specific educational level and needs.
- (c) Product Improvement (Legitimate Interest): To analyze aggregated usage patterns to fix bugs, improve system security, and enhance the accuracy of our services.
- (d) Compliance: To fulfill legal obligations, such as accounting, tax laws, and data protection requests.
4.2. AI Training & Student Data We use data to improve our Service, but we do not use personal data from Student Accounts or Minors to train third-party AI models.
4.3. No Sale of Data We strictly do not sell your personal data. We do not use User Data for targeted advertising, third-party profiling, or behavioral marketing.
5. Google Cloud and Data Processing
We engage Google Cloud Platform (GCP) as our data processor.
- Security: All interactions occur over encrypted HTTPS connections. Content is stored in encrypted, regional cloud databases.
- Control: We configure Google Cloud to comply with educational privacy requirements. No user content is made publicly accessible.
6. Legal Basis for Processing (GDPR Compliance)
If you are located in the European Economic Area (EEA), we rely on the following legal bases:
- Consent (Article 6(1)(a))
- Contractual necessity (Article 6(1)(b))
- Legal obligations (Article 6(1)(c)
You can withdraw consent at any time by contacting us to projects@waibloz.com or through our webpage: https://waibloz.com/.
7. Data Retention
We retain data only as long as needed to deliver services or comply with legal requirements. You may request deletion at any time (see Section 11).
8. Cookies and Tracking
We use cookies solely for login sessions, analytics, and preferences. We do not use cookies for cross-site tracking.
9. Data Sharing and Disclosure
We share information only with trusted providers like Google Cloud (for hosting) or when required by law. We never sell data to advertisers.
10. Child Safety & Educational Use (No Direct Child Accounts)
10.1. Authorized Users Only The Service is intended solely for use by (a) Schools and Educators, or (b) Parents and Legal Guardians. We do not knowingly permit children under the age of 13 (or 16 in the EEA) (“Minors”) to register for their own accounts.
- Prohibition: If you are a Minor, you are strictly prohibited from creating an account. You may only access the Service through an account owned and supervised by your Parent or Educational Institution.
- Termination: If Waibloz AB discovers that an account is registered by a Minor without a responsible Adult attached to it, we will immediately delete the account and all associated data.
10.2. The “School Consent” Exception If you are an Educator or School using the Service with students:
- (a) Authority: You represent and warrant that you have the legal authority to act as an agent for the parents of your students to consent to the collection of student information for educational purposes (in loco parentis).
- (b) Compliance: You are solely responsible for obtaining any necessary parental consents required by your local laws (such as COPPA in the US or GDPR in the EU) before allowing students to access the Service.
- (c) Liability: Waibloz AB relies on your representation that you have obtained these consents. You agree to indemnify Waibloz AB for any claims arising from a lack of parental consent.
10.3. Parental Responsibility (The “Family Account” Model) If you are a Parent allowing your child to use your account:
- (a) Single Identity: You acknowledge that the account belongs to you, not the child. Waibloz AB treats all data input and activity as being performed by you, the adult account holder.
- (b) Supervision: You are solely responsible for supervising your child’s use of the Service. You accept full liability for any content they generate or data they share.
- (c) No Direct Collection: Since the account belongs to you, you acknowledge that Waibloz AB is not knowingly collecting personal data directly from a child, but rather processing data provided by you (the Adult) for your own purposes.
11. Your Rights
Depending on your region, you may have rights to:
- Access or receive a copy of your data
- Request correction or deletion
- Withdraw consent
- Object to or restrict processing
- Request data portability
To exercise these rights, contact us through our website or to projects@waibloz.com.
We will respond within the time limits set by applicable data protection laws.
12. Data Security
We apply industry-standard security measures, including encryption in transit and at rest. We rely on Google’s security infrastructure to monitor and prevent unauthorized access.
13. International Data Transfers
Your data may is stored in or close to your geographical region, depending on Google Cloud data center locations. We ensure adequate safeguards (e.g., Standard Contractual Clauses) to comply with international data protection standards.
14. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws.
15. Contact Us
If you have any questions, concerns, or requests about this Privacy Policy or our data handling practices, please contact us at:
Waibloz AB
Email: projects@waibloz.com
Website: https://waibloz.com/
___________________________________________________________________________________________________________________________________________
B) GDPR Policy
Last Updated: 2026-02-04
1. Introduction
This GDPR Policy explains how Waibloz AB (“we,” “our,” or “us”) processes, protects, and respects personal data in accordance with the European Union General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”).
This Policy applies to all users located in the European Economic Area (EEA), the United Kingdom, and Switzerland, as well as to any processing of personal data originating from these regions.
If you are a user outside these regions, your information is still handled in line with high international privacy standards, as described in our Privacy Policy.
2. Data Controller
Waibloz AB acts as the Data Controller for the personal data processed through the Service.
If your educational institution (school, university or teacher) manages your access to the Service, that institution may act as a joint or independent Data Controller for certain educational records.
3. Lawful Basis for Processing
We process personal data only when there is a valid legal basis under Article 6 of the GDPR. Depending on the context, this may include:
- Consent – when users give clear consent for data processing (Art. 6(1)(a)).
- Contractual necessity – when processing is required to provide our educational services or fulfill an agreement with you (Art. 6(1)(b)).
- Legal obligation – when we must comply with applicable laws or regulatory requirements (Art. 6(1)(c)).
- Legitimate interests – when processing is necessary for our legitimate business interests (e.g., security monitoring, improving performance), and those interests do not override users’ fundamental rights (Art. 6(1)(f)).
Where we rely on consent, you have the right to withdraw it at any time.
4. Personal Data We Process
We adhere to a strict principle of Data Minimization. We collect only the data strictly necessary to authenticate your account and facilitate the secure transmission of your inputs to the AI models.
4.1. Data We Store (Retained Data) The categories of data we persistently store are limited to:
- Account Data: Name, email address, and encrypted login credentials (necessary for authentication).
- Technical Logs: Device type, browser version, operating system, and IP address (retained temporarily for security and fraud prevention).
- Payment Data: Billing history and subscription status (processed securely by our payment provider; Waibloz AB does not store full credit card numbers).
- Communication Data: Customer support tickets or inquiries you send directly to us.
4.2. Data We Do Not Retain (Ephemeral Processing) We distinguish “Account Data” from your “Content” (prompts, educational text, uploaded documents, and AI-generated answers). Regarding your Content:
- No Long-Term Storage: We do not view, monitor, or permanently store the educational content or prompts you enter.
- Transient Processing: Your prompts and AI outputs are processed transiently (in real-time) solely to generate the response.
- Security: This processing occurs within secure environments hosted on Google Cloud Platform (GCP). Once the session is active or the response is delivered, Waibloz AB does not retain a copy of this content on our internal servers.
5. Purpose of Processing
We process personal data strictly to deliver and secure the Service. The specific purposes are:
- Service Delivery: To create and manage user accounts, authenticate logins, and facilitate the generation of AI-based educational content.
- System Integrity: To ensure security, detect fraud, and prevent unauthorized access or abuse of the Service.
- Anonymized Analytics: To analyze anonymized and aggregated usage patterns (e.g., feature popularity) to improve system performance and learning outcomes. We do not use identifiable personal data or User Content to train third-party generative AI models.
- Legal Compliance: To comply with applicable laws, regulations, and educational data protection requirements.
Strict Prohibition: We never use personal data for targeted advertising, marketing profiling, or sale to third parties.
6. Data Retention
We retain data only as long as necessary for the service or legal compliance. Afterward, data is deleted or anonymized.
7. Data Sharing and Processors
We may share data with trusted data processors only when necessary to provide the Service. These include:
- Google Cloud Platform (GCP) for secure hosting, storage, and AI services
- Analytics providers for anonymized performance metrics
- Payment processors (if applicable) for subscription handling
All processors act under written contracts and are bound by GDPR-compliant data processing agreements (DPAs). We do not sell or disclose personal data to third parties for marketing.
8. International Data Transfers
8.1. Data Location We strive to store and process data primarily within the European Economic Area (EEA). However, you acknowledge that our sub-processors (specifically Google Cloud Platform) may process data in the United States or other jurisdictions to facilitate AI computation and service delivery.
8.2. Transfer Mechanisms Waibloz AB ensures that any transfer of personal data to a “third country” (a country outside the EEA/UK) is protected by valid legal transfer mechanisms, specifically:
- (a) Adequacy Decisions: Transfers to the United States are covered by the EU-US Data Privacy Framework (DPF), to which Google is a certified participant; or
- (b) Standard Contractual Clauses (SCCs): Where an adequacy decision is not available, we rely on the European Commission’s Standard Contractual Clauses with our sub-processors, supplemented by robust technical safeguards.
8.3. Technical Safeguards (Schrems II Compliance) Regardless of location, we implement supplementary technical measures to protect your data during transfer. All data remains encrypted in transit (TLS 1.2+) and at rest (AES-256), ensuring that no unauthorized third party (including infrastructure providers) can access intelligible personal data.
9. Data Subject Rights
Under the GDPR, you have the following rights regarding your personal data:
- Right of access: to know what data we hold about you.
- Right to rectification: to correct inaccurate or incomplete data.
- Right to erasure (“right to be forgotten”): to request deletion of your personal data.
- Right to restriction of processing: to limit how your data is used.
- Right to data portability: to receive your data in a structured, machine-readable format.
- Right to object: to certain forms of processing, such as automated decision-making or legitimate interest use.
- Right to withdraw consent: at any time when processing is based on consent.
To exercise any of these rights, please contact us through our website or at projects@waibloz.com. We will respond within the timeframe required by the GDPR (typically within 30 days) in accordance with applicable law. We may request proof of identity to prevent unauthorized access to your data.
If you believe that Waibloz AB has processed your personal data in violation of the GDPR, you have the right to lodge a complaint with the supervisory authority. In the EU: Your local data protection authority.
10. Child Safety & Educational Use (No Direct Child Accounts)
10.1. Authorized Users Only The Service is intended solely for use by (a) Schools and Educators, or (b) Parents and Legal Guardians. We do not knowingly permit children under the age of 13 (or 16 in the EEA) (“Minors”) to register for their own accounts.
- Prohibition: If you are a Minor, you are strictly prohibited from creating an account. You may only access the Service through an account owned and supervised by your Parent or Educational Institution.
- Termination: If Waibloz AB discovers that an account is registered by a Minor without a responsible Adult attached to it, we will immediately delete the account and all associated data.
10.2. The “School Consent” Exception If you are an Educator or School using the Service with students:
- (a) Authority: You represent and warrant that you have the legal authority to act as an agent for the parents of your students to consent to the collection of student information for educational purposes (in loco parentis).
- (b) Compliance: You are solely responsible for obtaining any necessary parental consents required by your local laws (such as COPPA in the US or GDPR in the EU) before allowing students to access the Service.
- (c) Liability: Waibloz AB relies on your representation that you have obtained these consents. You agree to indemnify Waibloz AB for any claims arising from a lack of parental consent.
10.3. Parental Responsibility (The “Family Account” Model) If you are a Parent allowing your child to use your account:
- (a) Single Identity: You acknowledge that the account belongs to you, not the child. Waibloz AB treats all data input and activity as being performed by you, the adult account holder.
- (b) Supervision: You are solely responsible for supervising your child’s use of the Service. You accept full liability for any content they generate or data they share.
- (c) No Direct Collection: Since the account belongs to you, you acknowledge that Waibloz AB is not knowingly collecting personal data directly from a child, but rather processing data provided by you (the Adult) for your own purposes.
11. Security Measures
We maintain appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction, loss, alteration, or unauthorized access. These measures are designed in accordance with the sensitivity of the information we handle and the risks associated with data processing.
Our security practices are regularly reviewed and updated to align with recognized industry standards and applicable data-protection laws. We also ensure that our service providers, including Google Cloud, apply equivalent safeguards to protect personal data within their systems.
12. Contact, Complaints, and Regulatory Cooperation
If you have questions, concerns, or requests regarding this Policy or the processing of your personal data, please contact us through our website or at projects@waibloz.com.
If you believe your personal data has been handled in violation of applicable data-protection laws, you have the right to lodge a complaint with your local data-protection authority.
Waibloz AB is committed to addressing privacy-related concerns promptly and cooperatively. We respond to all legitimate requests and work constructively with supervisory authorities to ensure full compliance with the GDPR and other applicable privacy frameworks.
13. Updates to this GDPR Policy
We may update this Policy from time to time to reflect changes in our practices or legal obligations. Updates will be posted on this page with the revised date above. We encourage you to review it periodically.