TRUST

Security at Wollow

Wollow is designed to operate with minimal access to Customer data, with user-controlled integrations and isolated per-Customer infrastructure. This page summarizes the technical and organizational measures we take to protect Customer data, and how those measures connect to our architecture and to the agreements we publish.

Effective date: April 2026
Last updated: April 2026

1. Architecture and Customer Isolation

Every paying Customer is provisioned a dedicated Wollow server hosted by Hetzner (primary) or Hostinger (regional deployments). Agents, credentials, vector stores, conversation history, files, logs, and per-agent Chromium profiles live on that server only. There is no shared runtime and no shared database containing Customer conversation content.

The centralized control plane holds only account metadata: authentication records, billing state, server provisioning state, and pointers to the Customer's dedicated server. Customer Data (in the sense of messages, files, agent configuration, and credentials) does not traverse a shared database.

  • One dedicated server per Customer; logically and physically separate from other Customers;
  • Per-agent sandboxed execution environments for code and tool invocation;
  • Per-agent Chromium profiles with their own cookies, fingerprint, and local storage;
  • Customer-selectable server region; United States by default, other regions on request.

2. Encryption

  • In transit: all public endpoints (wollow.ai, app.wollow.ai, api.wollow.ai, per-Customer subdomains under usewollow.com) require TLS 1.2 or higher. HSTS is enabled on production domains. Edge TLS termination is handled by Cloudflare.
  • Secrets at rest: OAuth tokens, API keys, and third-party credentials are encrypted at the application layer with authenticated encryption (AEAD) using a key managed by Wollow and rotated on a scheduled basis. The ciphertext — not the plaintext — is what lands in the database.
  • Storage at rest: the underlying volumes used by Hetzner and Hostinger servers and by Supabase databases are encrypted at rest by those providers.
  • Backups: backups of the centralized metadata database are encrypted and access-controlled. Dedicated Customer servers are stateless with respect to the control plane; backup of Customer-owned data is the Customer's responsibility, unless a separate arrangement is made.

3. Authentication and Access Control

  • Customer authentication: email + password with session tokens, or SSO through Google OAuth. Password hashes use a modern KDF and are never stored in plaintext.
  • Personnel access: access to production systems is restricted to a small number of Wollow operators, protected by multi-factor authentication, scoped by role, and reviewed on a recurring basis.
  • Least privilege: production credentials are scoped to the minimum set of operations required for a given responsibility and are rotated on a scheduled basis.
  • Audit logging: administrative actions that affect the Service are logged to a centralized log store with retention sufficient for forensic investigation.

4. Third-Party Integrations (OAuth and BYOK)

Wollow never scrapes third-party platforms and never asks the Customer for a password to another service. Integrations use the platform's official OAuth flow or API credential mechanism, and Wollow requests the minimum scopes required for the feature the Customer enables.

  • Google (Gmail, Drive, Calendar, Ads, Analytics): OAuth 2.0 with scope transparency. Wollow's use of Google user data follows the Google API Services User Data Policy, including the Limited Use requirements.
  • Meta (Facebook, Instagram, WhatsApp Business, Meta Ads): OAuth with the Meta Marketing API, under the Meta Platform Terms.
  • AI model providers (Anthropic, OpenAI, Google, fal.ai, Replicate): Bring Your Own Key. Credentials belong to the Customer, live only on the Customer's dedicated server, and are never shared across Customers.
  • Channels (WhatsApp, Telegram, Discord, Slack, Email): credentials issued by the third-party platform are encrypted with the same AEAD scheme as other secrets and accessed only during message delivery.

5. Secure Software Development

  • Source code is version-controlled with mandatory code review for production branches;
  • Dependency scanning is part of continuous integration, and high-severity vulnerabilities trigger prioritized remediation;
  • Secrets are never committed to source code; production configuration is held in a managed secret store;
  • Production deployments are performed from a controlled CI pipeline rather than developer machines;
  • Breaking changes to authentication, encryption, or data-handling behavior are reviewed by a named owner before release.

6. Incident Response

Wollow maintains an incident-response process covering detection, triage, containment, eradication, recovery, and post-incident review. In the event of a Security Incident affecting Customer Personal Data, Wollow will notify the affected Customer without undue delay and, in any event, within seventy-two (72) hours of becoming aware, consistent with Section 9 of the Data Processing Addendum.

Security researchers who believe they have identified a vulnerability are invited to report it to security@wollow.ai. Please include reproduction steps and the affected endpoint. We do not pursue legal action against good-faith researchers who comply with our coordinated-disclosure guidelines: avoid privacy violations, destruction of data, and interruption of service; give us a reasonable window to remediate before public disclosure; and do not access accounts that are not your own.

7. Data Retention and Deletion

Customers can delete individual conversations, files, agents, or integrations at any time from the dashboard. Upon termination of a subscription, the Customer has a seven-day grace period to export Customer Data, after which the dedicated server is destroyed and Customer Data on it is irrecoverably deleted. Full detail is in the Data Deletion page and in Section 9 of the Privacy Policy.

Tokens and credentials issued by Connected Accounts are deleted within the same window. Customers may revoke access directly with the third-party platform at any time; see the instructions in Section 12 of the Privacy Policy.

8. Sub-Processors

The canonical list of Sub-Processors Wollow engages to operate the Service is published at wollow.ai/subprocessors. AI model providers connected by the Customer under the BYOK model are not Wollow Sub-Processors.

9. Compliance

Wollow is designed for security and aligns its controls with widely recognized frameworks. Wollow does not currently hold a third-party attestation such as SOC 2 or ISO 27001; we will clearly state the status of any attestation on this page once one is obtained. No certification is claimed that Wollow has not earned.

  • GDPR / UK GDPR / LGPD / CCPA-CPRA: Wollow provides the contractual and operational mechanisms required by these regimes, including the DPA, Standard Contractual Clauses for international transfers, and a data-subject-request process documented in the Privacy Policy.
  • Google API Services User Data Policy: Wollow's use of Google user data follows the Limited Use requirements.
  • Meta Platform Terms and Developer Policies: Wollow complies with the Platform Terms for Facebook, Instagram, WhatsApp Business, and Meta Ads integrations.
  • SOC 2 (on roadmap): a SOC 2 Type I engagement is planned for 2026 and will be announced on this page when underway. Until then, Wollow is designed to align with the SOC 2 Trust Services Criteria for Security, Availability, and Confidentiality, without claiming an attestation.
  • Vendor assessments: standard questionnaires (SIG-Lite, CAIQ) can be returned under NDA; contact security@wollow.ai.

10. Customer Responsibilities

A secure deployment is a shared responsibility. To get the security posture this page describes, Customers should:

  • Protect their Wollow account credentials and use a strong, unique password (or SSO);
  • Grant integration scopes only for features the Customer actually uses, and disconnect integrations that are no longer needed;
  • Supervise the tools and actions the Customer enables on each agent — the agent acts on the Customer's behalf with the Customer's credentials;
  • Maintain their own backups of any Customer Data the Customer cannot afford to lose;
  • Report suspected abuse or compromise to security@wollow.ai.

11. Limits

No method of transmission over the internet or method of electronic storage is one hundred percent secure. While Wollow uses commercially acceptable means to protect Customer Data, Wollow cannot guarantee absolute security. The measures on this page describe the state of the Service at the date above and may change as the threat model and the platform evolve; material changes will be reflected here and in the Privacy Policy.

Contact

Security reports and vulnerability disclosure: security@wollow.ai

Vendor questionnaires and diligence: security@wollow.ai

Privacy and data-subject requests: privacy@wollow.ai