Privacy Policy

Last updated: 23 April 2026

Your privacy matters to us. This Privacy Policy explains how Bits of WOW Pte. Ltd. (“we”, “us”, “our”), a company registered in Singapore, collects, uses, stores, and protects your personal information when you use Aireframes (the “Service”) at aireframes.app and dashboard.aireframes.app.

By using the Service, you consent to the practices described in this policy.

1. Information we collect

Information you provide

• Email address — required to create an account and to receive one-time verification codes.
• Name — collected when you accept a workspace invite, so collaborators can identify you.
• Project content — the briefs, prompts, screen specs, chat messages, and wireframe outputs you create in the Service.
• Reviewer comments — comments and replies submitted on public review links.
• Payment information — if and when we introduce paid plans, payments will be processed by Stripe. We do not store card numbers, CVCs, or full billing details on our servers. Stripe handles this data under its own privacy policy.

Information collected automatically

• Usage data — pages visited, features used, timestamps, generation frequency.
• Device and browser data — IP address, browser type, operating system, screen resolution.
• Cookies — we use session cookies to keep you logged in and to authenticate the iframes that render generated wireframes. We do not use third-party tracking or advertising cookies.

2. How we use your information

We use your information to:

• Provide, operate, and maintain the Service.
• Authenticate your identity and secure your account and workspaces.
• Generate wireframes and process the natural-language edits you request.
• Send transactional emails (verification codes, workspace invites, publish notifications).
• Monitor for abuse and enforce our Terms of Service.
• Improve the Service based on aggregate usage patterns.

We do not sell your personal information. We do not send marketing emails unless you explicitly opt in.

3. How your briefs and prompts are processed

When you submit a brief, spec, chat message, or edit request, the content is sent to third-party AI model providers for processing through our LLM Gateway. Current providers include Anthropic. Each provider receives the content of your prompt and the relevant project context (project type, site URL if supplied, existing screen specs, chat history) but not your email, IP address, or billing details.

Each provider processes your prompt under its own privacy policy and data-handling practices. We encourage you to review those policies if you have concerns about how specific providers handle data.

We store your projects, screens, chat messages, and generated outputs on our servers so you and your workspace collaborators can return to them. You can delete projects and chat history at any time from within the Service.

4. Data storage and security

Your data is stored on secure servers. We protect it using:

• Encrypted connections (TLS/HTTPS) for all data in transit.
• Access controls that limit who within our organisation can view user data.
• Workspace scoping, so project data is only visible to members of that workspace.
• Regular security reviews of our infrastructure.

No system is perfectly secure. While we take reasonable precautions, we cannot guarantee absolute security against all threats.

5. Public review links

When you publish a project, it becomes accessible at a public URL (for example, /p/<slug>). Anyone with the link can view the wireframes and leave comments without an account. Reviewer comments include the text, a timestamp, and the screen and element the comment was pinned to. You can unpublish a project at any time to revoke access; cached copies held by reviewers or search engines may persist for some period after unpublishing.

6. Data retention

We retain your account information, workspaces, projects, and chat history for as long as your account is active. If you delete your account, we will remove your personal information within 30 days, except where retention is required by law (for example, billing records for tax compliance).

Aggregated, anonymised data that cannot identify you may be retained indefinitely for analytics and service improvement.

7. Third-party services

We share data with the following categories of third-party service providers:

• AI model providers — our LLM Gateway routes prompts to providers such as Anthropic.
• Email delivery (Postmark) — delivers transactional emails such as verification codes and workspace invites.
• Payment processor (Stripe) — if and when paid plans are introduced, processes your payment details.
• Hosting provider — hosts our servers and databases.

We do not share your data with advertising networks, data brokers, or social media platforms.

8. International data transfers

Your data may be processed in countries other than your own, including the United States and Singapore, depending on where our infrastructure and third-party providers operate. By using the Service, you consent to these transfers. We take reasonable steps to ensure your data is treated securely regardless of where it is processed.

9. Your rights

Depending on your jurisdiction, you may have the right to:

• Access — request a copy of the personal information we hold about you.
• Correction — request correction of inaccurate information.
• Deletion — request deletion of your account and personal data.
• Portability — request your data in a machine-readable format.
• Objection — object to processing based on legitimate interests.
• Withdraw consent — where processing is based on consent, withdraw it at any time.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

10. Children’s privacy

The Service is not directed at anyone under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will delete it promptly.

11. GDPR (European Economic Area)

If you are in the EEA, Bits of WOW Pte. Ltd. acts as the data controller. Our lawful bases for processing are:

• Contract performance — generating wireframes and managing your account and workspaces.
• Legitimate interests — improving the Service, preventing abuse, maintaining security.
• Consent — where explicitly given (e.g., optional communications).
• Legal obligation — where required by law.

International transfers outside the EEA are protected by standard contractual clauses or other approved mechanisms. You may lodge a complaint with your local data protection authority.

12. California residents (CCPA)

If you are a California resident, you have the right to:

• Know what personal information we collect and how it is used.
• Request deletion of your personal information.
• Opt out of the sale of personal information. We do not sell personal information.
• Not be discriminated against for exercising your rights.

13. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a notice on the Service. Your continued use after changes take effect constitutes acceptance of the updated policy.

14. Contact

For privacy-related questions or to exercise your rights, contact us at: