Placeholder — replace with your real privacy policy before a public launch.
Wisp is private by default. We never collect or read your prompts, your generated code, the data your apps fetch, or your API keys. Registered-API secrets are stored encrypted (AES-256-GCM when WISP_SECRET_KEY is set) and used only to run the calls your apps make on your behalf — never shipped to the browser. Provider LLM keys stay in your browser session.
What we store to run the service: your account (username + a scrypt-hashed password), your workspace's API registry and saved apps, and aggregate usage counts for rate limits. We do not sell your data and there is no third-party tracking.
Optional, opt-in telemetry. A workspace owner may choose to share anonymized build metrics to help us improve Wisp. It is OFF by default and toggled in Settings ▸ Privacy. When on, we receive only: build counts, gate-pass/fail counts, runtime-error counts, fix outcomes, timing (FCP/total), output size, number of APIs, and the model name — numbers and booleans only. It never includes your prompts, code, app data, error text, or secrets. Turn it off any time.