Privacy Policy

1. General Information

This Privacy Policy describes how Wisteria Software Ltd. handles data in connection with this website, our product pages, checkout-related flows, customer support, and the products listed on this site.

Depending on the product, data may be processed locally on your device, by payment or infrastructure providers, or by us when necessary for licensing, support, security, anti-abuse, and service operation.

For the website itself, we and our hosting or CDN providers may process standard request data such as IP address, user agent, request path, timestamp, and basic error or security logs in order to deliver pages, prevent abuse, troubleshoot issues, and maintain service reliability.

2. ChatGPT Outline

ChatGPT Outline is a local-first browser extension. Its core outlining functionality runs inside your browser on the pages where you use it.

Conversation content used to generate outlines is processed locally in your browser. We do not transmit that conversation content to our servers for analytics or advertising purposes.

Where paid or restricted features are enabled, limited technical and operational data may be processed for license activation, verification, trial or entitlement checks, fraud prevention, anti-abuse, diagnostics, security monitoring, and support.

Data that may be processed for these purposes includes:

• IP address and request metadata during activation, verification, or security checks
• Purchase-related identifiers provided by Paddle (Merchant of Record)
• License, activation, or entitlement status information
• Locally stored extension data necessary to enable or restrict product features
• Support communication data when you contact us

Markdown exports created by the extension are generated for the user and saved or handled according to the export flow initiated by the user. We do not use those exports for advertising or profiling.

3. Inbox Capture

Inbox Capture is designed to capture user-selected browser content and send it into a local Inbox workflow. The content you capture is processed primarily on your device.

If local integration is enabled, Inbox Capture may connect from the browser to a service running on the same device, such as a local endpoint like 127.0.0.1 or localhost, in order to pass captured content into your local Inbox environment.

We do not route captured page content through our servers merely because you use the capture flow locally. If a future feature introduces cloud handling for captured content, that feature should state so clearly at the point of use.

4. Inbox Local / Wisteria Inbox

Inbox Local / Wisteria Inbox is intended to run as a product installed and operated on the user's own device. In this local-first model, your notes, imported content, screenshots, Markdown files, and related working data are stored and processed on your own machine rather than being routed through our servers.

If you configure AI settings, API keys, model preferences, or local integrations for Inbox Local / Wisteria Inbox, those settings are intended to remain in your own local environment unless a future feature explicitly states otherwise.

In other words, the product itself acts as a local server or local service on the user's own device. We do not provide a general cloud storage service for the user's local Inbox content through this site.

5. Payments, Support, and Third-Party Services

We use selected third-party service providers to support payments, hosting, content delivery, security, and infrastructure operations.

Payments are processed by Paddle as Merchant of Record. Paddle may process billing, checkout, and transaction information under its own privacy and compliance framework.

Hosting providers, CDN services, and related infrastructure vendors may process standard technical request data as needed to serve this website securely and reliably.

If you contact support, we may process the information you provide to respond to your request, diagnose issues, and maintain customer support records where reasonably necessary.

6. Legal Basis for Processing

Where applicable under UK GDPR or EU GDPR, we process limited personal data under one or more of the following bases:

• Performance of a contract – to provide paid features, checkout-related services, licensing, and support
• Legitimate interests – to secure our services, prevent fraud and abuse, diagnose issues, and operate the website
• Legal obligations – where we must retain or disclose information to comply with applicable law

7. Data Retention and Security

Local product data remains primarily under your control on your own device. Uninstalling a product, clearing local browser storage, or removing local application data may remove locally stored data, depending on how you use the product.

Server-side logs, licensing records, checkout-related identifiers, and support records are retained only for as long as reasonably necessary for security, fraud prevention, legal compliance, payment administration, and service operations.

We implement reasonable technical and organizational measures designed to protect data against unauthorized access, alteration, disclosure, or destruction.

8. International Data Transfers

Our service providers may process relevant data in the United Kingdom, the European Union, or other jurisdictions, depending on the provider and technical delivery path, in accordance with applicable data protection law.

9. Your Rights and Contact

Depending on your location and applicable law, you may have rights to request access, correction, deletion, restriction, objection, or other information about how your personal data is handled.

To make a privacy-related request or ask a question about this policy, please contact: [email protected]