Wisary

Security & Privacy

Wisary handles your product's most sensitive thinking: plans, requirements, and decisions. Here is how that data is protected, in plain language.

Where your data lives

Wisary runs on Google Cloud. Documents, projects, and imported context are stored in Google Cloud Spanner; uploaded files are stored in Google Cloud Storage. All traffic is encrypted in transit with TLS, and all data is encrypted at rest.

Integration credentials get an extra layer: OAuth tokens (for example, your Notion connection) are additionally application-encrypted with AES-256-GCM before storage, are decrypted only at the moment of use, and are never written to logs.

AI and your content

Wisary uses OpenAI's API to generate drafts and review suggestions. Your content is sent to OpenAI only to produce the documents you ask for, and it is not used to train AI models. We will never train AI models on your data, and every AI suggestion comes back to you as a reviewable diff you approve or reject.

Sub-processors

Five sub-processors receive your data, each scoped to a specific purpose:

  • OpenAI: receives document content to generate drafts and review suggestions; content is not used for model training.
  • Google Cloud: hosting, storage, and database infrastructure for all product data.
  • Clerk: authentication for the web app; processes names, email addresses, and sign-in data.
  • Stripe: payment processing for web-app subscriptions; card details go directly to Stripe and never touch Wisary's servers.
  • Loops: transactional and product email; receives your name and email address.

Least privilege and tenant isolation

Every piece of data is scoped to the user and organization that owns it, and storage reads enforce those permissions internally: there is no code path that skips the permission check. Integrations request the narrowest practical access; the Notion connection, for example, only ever sees the pages you explicitly share with it, never your whole workspace.

Deletion and your rights

You stay in control of your content: you can delete your projects and documents, including imported context, directly in the app at any time. Disconnecting an integration revokes its token both in Wisary and at the provider.

For data-subject access requests (access, correction, export, or deletion), or to have your account and its data removed, contact support@wisary.ai and we will process the request. See the privacy policy for the full details of what we collect and why.

Security Questions

The questions evaluating teams ask, answered plainly.

Contact Us

No. Your content is sent to OpenAI only to produce the documents you ask for, and it is never used to train AI models, by us or by our AI provider.

Questions about security or procurement?