Families share some of their most sensitive information with Wayfound, including documents about their child's health, education, and benefits. Protecting that information is fundamental to what we do. This page explains the main safeguards we use. For how we collect and use information, see our Privacy Policy.
Encryption
Your information is encrypted in transit using industry-standard TLS, and it is encrypted at rest in our database and file storage. Particularly sensitive fields are encrypted at the application level, which adds a further layer of protection beyond storage encryption.
Access controls and isolation
Your family's information is associated with your account and is not accessible to other users. Internal access is limited to what is needed to operate and support the Service, and is protected by authentication controls. We use established authentication for sign-in rather than building our own.
How we handle AI processing
When the Service uses artificial intelligence to analyze your documents or generate guidance, that processing is configured for zero data retention with our AI provider. Your content is used to generate a response for you and is not retained by the AI provider to train its models. We do not use your documents or personal information to train third-party foundation models.
Trusted infrastructure
We build on established providers rather than reinventing core infrastructure, including for authentication, database and storage, hosting, payments, and AI processing. The full list of providers is in the Privacy Policy. Each is used under terms that limit how it may use your information.
Your control over your data
You can export or delete your information at any time from your account settings. Deleting your account removes your family and child records, your documents, and associated stored files, as described in our Privacy Policy.
Payment security
Subscription payments are processed by Stripe, an established payment provider. We do not collect or store your full card number on our systems.
A note on HIPAA
Reporting a security concern
We welcome reports from security researchers and users. If you believe you have found a vulnerability or have a security concern, please email us at hello@wayfound.us with the details, and please give us a reasonable opportunity to address it before disclosing it publicly. We will not pursue good-faith research that respects user privacy and avoids disrupting the Service.
An honest limitation
No website, application, or method of transmission or storage is completely secure. We work hard to protect your information using the measures described here, but we cannot guarantee absolute security. You also play a part: please use a strong, unique password and keep your login credentials confidential.