rekor

Privacy Policy

Rekor is operated by WayAI ("we", "our"). This policy explains what information we collect when you use Rekor, how we use it, and the choices you have.

1. Information we collect

Account information. When you create an account, we collect your name, email address, and authentication credentials. Authentication is handled by our identity provider; we receive only the profile attributes necessary to identify your account.

Customer data. Collections, records, relationships, file attachments, and any other content you upload to Rekor. You retain ownership of this data.

Operational data. We log API requests, MCP tool calls, billing events, and security-relevant actions to operate the service, detect abuse, and meet contractual obligations.

2. How we use information

We use the information we collect to:

  • Provide and maintain Rekor.
  • Authenticate users and authorize access to workspaces.
  • Process payments and manage subscriptions.
  • Communicate about service changes, security alerts, and support requests.
  • Detect, investigate, and prevent fraud or abuse.
  • Comply with legal obligations.

3. Customer data ownership and AI training

You own your customer data. We do not sell your data, share it for advertising, or use it to train AI models. Customer data is processed only as needed to operate the service for you.

4. Sub-processors

We rely on a small set of sub-processors for cloud infrastructure, authentication, payments, and email delivery. Each sub-processor is bound by contractual data-protection terms equivalent to those in this policy. A current list is available on request.

5. Data security

Customer data is encrypted in transit using TLS. Secrets — including API tokens and integration credentials — are encrypted at rest. Workspaces are logically isolated per organization, and access is enforced by token-scoped grants. We continuously audit access to production systems.

6. Data retention and deletion

We retain customer data for as long as your account is active. You may delete records, collections, or workspaces at any time through the CLI, API, or settings UI. When you close your account, we delete or anonymize customer data within 30 days, except where retention is required by law.

7. International data transfers

Rekor may process data in regions outside your country of residence. We use appropriate safeguards, including standard contractual clauses where required, for cross-border transfers.

8. Your rights

Depending on your jurisdiction, you may have the right to access, correct, export, or delete personal data we hold about you, and to object to or restrict certain processing. To exercise these rights, contact us through the support channels available in your Rekor account.

9. Changes to this policy

We may update this policy from time to time. We will post the updated policy on this page and revise the effective date. Material changes will be communicated via email or in-app notice.

10. Contact

Questions about this policy can be sent through the support channels available in your Rekor account.