What this covers

wps-welding (“the Service”) is operated by wps-welding, Inc. (“we”, “us”). This policy describes the information we collect, where it lives, who can access it, and what we will and will not do with it. It applies to everyone who uses the Service via wpswelding.com, the application, the API, or any export endpoint.

Data we collect

  • Account information: email address, name (if provided), organization name, role within your organization, and the magic-link tokens you receive to sign in.
  • WPS / PQR / WPQ / NDE documents: every input field you enter, AI-drafted narrative output, joint geometry inputs, revision history, attached files, signatures, and exported PDFs.
  • Welder roster + qualification records: per-welder name, employee ID, stamp number, employer, optional email/phone, continuity log entries, and qualification test data.
  • Billing information: if you start a paid plan, Stripe collects and holds your payment-card details. We store only the Stripe customer ID, subscription ID, plan tier, and status. We never see or store full credit-card numbers.
  • Operational telemetry: server logs of API requests (timestamp, user ID, route, status code) retained for 30 days for debugging and abuse detection.

Where your data lives

Customer data is stored in PostgreSQL on Supabase (region: US-East-1, operated by AWS under Supabase's SOC 2 program). Row-level security policies prevent any other organization from reading your organization's rows. Database backups are encrypted at rest. Service-role keys are stored only on our backend; they are never exposed to the browser.

AI inference for narrative drafting runs through Anthropic's API. Per Anthropic's zero-retention enterprise terms, your inputs are not retained by Anthropic after the API call completes and are not used to train models. Embeddings for the code corpus are generated by Voyage AI under the same retention terms.

What we will not do

  • We will not sell your data, your welder roster, your WPS library, your PQRs, or any export thereof.
  • We will not use your customer data to train AI models. The AWS D1.1:2025 corpus we retrieve over is published code, not customer data, and it is the only retrieval surface.
  • We will not share your data with another wps-welding customer. Row-level security enforces this at the database layer; no application-level bug can bypass it.
  • We will not send your data to any third party except: Anthropic (AI inference, zero-retention), Voyage AI (embeddings, zero-retention), Stripe (billing only), Vercel (hosting), and Supabase (database).

Code corpus + interpretations

The AWS D1.1:2025 corpus indexed for retrieval is licensed copy, held under our agreement with AWS. Customer queries to the corpus are not added to the corpus. Code interpretations we add to the interpretations module come from publicly published AWS, ASME, and API sources.

Access + export

You can export your full organization's data at any time via the audit packet exporter (signed PDFs of every WPS / PQR / WPQ / NDE record). API access to your raw data is available on request to paid plans.

Data deletion

You can delete your organization at any time. Deletion is irreversible: it cascades through Postgres foreign keys to remove every WPS, PQR, WPQ, NDE record, welder profile, and supporting file. Database backups are purged on a 30-day rolling window.

Children

The Service is not intended for children under 16 and we do not knowingly collect data from them. The Service is designed for use by professional welders, CWIs, and welding engineers in an industrial workplace.

Changes

We'll update this policy when our practices change. We'll email account owners when changes are material. The current version is always at wpswelding.com/privacy.

Contact

Privacy questions: privacy@wpswelding.com. For data deletion requests or right-to-access requests under GDPR / CCPA, email privacy@wpswelding.com and we'll respond within 30 days.