Privacy policy
This Privacy Policy explains what personal information wylon collects, how we use and share it, and the choices and rights you have. It applies to the wylon website, dashboard, APIs, and related services (the “Service”).
Last updated: 2026-04-22.
1. Who we are
“wylon” refers to the entity that provides the Service in your region. For users worldwide, the data controller is wylon Technology Co., Ltd., registered in Beijing, China. For enterprise contracts, the controller may be named in your order form.
2. Information we collect
We collect only what is needed to operate the Service:
- Account data — name, email, organization, password hash, SSO identifiers.
- Billing data — company name, tax ID, billing address, last-4 of payment card (via Stripe).
- Usage data — request metadata (timestamp, model, token counts, status code, latency, IP, user agent). Request and response bodies are retained only as described in §3.
- Support data — messages you send to support, Discord, or sales.
- Cookies & device data — see §5.
3. API inputs & outputs
By default, wylon retains request and response bodies for up to 30 days solely for abuse monitoring, incident debugging, and legal-obligation responses. After 30 days we delete or irreversibly anonymize them. Zero-retention mode (inputs and outputs never written to disk) is available for enterprise contracts upon request.
4. How we use information
- To provide, secure, and improve the Service.
- To bill and communicate about your account.
- To detect fraud, abuse, and violations of our Terms.
- To comply with legal obligations and respond to lawful requests.
- To measure aggregate usage patterns for capacity planning (not individually identifiable).
5. Cookies & analytics
Our website uses strictly-necessary cookies for authentication and, with your consent, analytics cookies (such as PostHog or Plausible) to understand aggregate usage. You can decline non-essential cookies via the banner or your browser settings.
6. Third-party service providers
We share information only with processors bound by confidentiality obligations:
| Vendor | Purpose | Region |
|---|---|---|
| Stripe | Payment processing | US / EU |
| AWS, Alibaba Cloud | Hosting & GPU infrastructure | CN, SG, US |
| SendGrid | Transactional email | US |
| Sentry | Error monitoring (metadata only) | US |
| Zendesk | Customer support | US |
We do not sell personal information. We may disclose information to law enforcement only in response to a valid legal request and, where permitted, after notifying you.
7. Storage & retention
- Account and billing data: for the lifetime of the account plus 5 years for tax compliance.
- Usage metadata: 13 months.
- Request/response bodies: 30 days (or zero-retention, see §3).
- Backups: up to 90 days after primary deletion.
8. Security
We protect data with industry-standard measures: TLS 1.2+ in transit, AES-256 at rest, per-tenant key isolation, SSO + MFA for internal access, annual pentests, and a bug-bounty program. Incidents affecting personal data are disclosed to affected customers without undue delay and within any statutory timeframes.
9. Your rights
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you.
- Correct inaccurate data or update your profile.
- Delete your account and associated data.
- Export a portable copy of your data.
- Object to or restrict certain processing.
- Withdraw consent for optional processing.
- Lodge a complaint with your local data-protection authority.
Most rights can be exercised from the dashboard; others can be requested at privacy@wylon.cn. We respond within 30 days.
10. Children’s privacy
The Service is not directed to children under 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it.
11. International transfers
Depending on the region of your account, data may be processed in China, the European Union, the United States, or Singapore. Cross-border transfers are performed under standard contractual clauses or equivalent mechanisms required by applicable law.
12. Changes to this policy
We will post any changes on this page with an updated “Last updated” date. Material changes will be announced by email or dashboard notice at least 14 days before they take effect.
13. Contact us
Privacy questions or requests: privacy@wylon.cn. For EEA/UK residents, a local representative can be appointed on request for enterprise contracts.
