Privacy Policy

This Privacy Policy explains how Warpgate Pte. Ltd. (UEN 201921421D) collects, uses, and shares personal information when people use the website, sign in, join organizations or workspaces, upload files, chat with workspace content, and manage document-derived entities and relationships.

Warpgate is Singapore-incorporated and Philippines-operating. For customer workspace content, Warpgate generally acts as a service provider or processor for the customer organization. For account, website, billing, security, and operational records, Warpgate may act as an independent controller.

Warpgate may process the following categories of information:

• account information, including name, email address, profile image, sessions, and authentication records;
• organization, workspace, invitation, role, and membership information;
• uploaded documents and files, including filenames, file types, file sizes, parsed text, OCR text, captions, chunks, embeddings, and extracted graph data;
• chat threads, messages, citations, tool traces, workspace memories, and model usage events;
• audit, usage, invoice, subscription, and operational records; and
• technical information such as request metadata needed to operate, secure, debug, and improve the service.

Information is provided by users and organization administrators, generated through use of the service, created by document ingestion and AI processing, or received from configured authentication providers such as Google OAuth.

Warpgate uses information to:

• authenticate users and manage sessions, organizations, workspaces, roles, and invitations;
• store, parse, chunk, embed, index, search, and retrieve workspace documents;
• generate chat responses, citations, entity extraction, relationship extraction, summaries, OCR output, and transcription output;
• operate usage limits, subscriptions, invoices, audit logs, job queues, and support workflows;
• secure the service, prevent abuse, troubleshoot issues, and enforce terms; and
• comply with legal obligations and respond to valid legal requests.

Based on the current codebase and environment configuration, Warpgate may use the following providers to operate the service:

• Vercel for application hosting and runtime infrastructure;
• Resend for magic-link email delivery when email sending is enabled;
• Google OAuth for optional social sign-in when Google credentials are configured;
• OpenAI for chat, embeddings, entity extraction, OCR/image parsing, and audio transcription;
• Cloudflare R2-compatible object storage for uploaded file objects; and
• Neon or another managed Postgres provider for application and RAG database storage.

Better Auth is used as the application authentication library and stores authentication data in the configured Postgres database. It is not listed here as an external hosted processor unless a hosted Better Auth service is adopted later.

Warpgate sends relevant workspace content, prompts, messages, and tool context to AI providers to provide parsing, embedding, extraction, retrieval, transcription, and chat features. Outputs may include generated answers, citations, document titles, captions, OCR text, entities, relationships, and workspace memories.

Customers should avoid submitting personal data or regulated content unless their agreement with Warpgate permits that processing and the required safeguards are in place.

Information may be shared with authorized users in the same organization or workspace, service providers that process information for Warpgate, professional advisers, transaction counterparties where permitted, and authorities or third parties when required by law or necessary to protect rights, security, or safety.

Warpgate does not sell personal information in the ordinary meaning of that term.

Warpgate uses technical and organizational safeguards designed to protect information, including tenant boundaries in application code, workspace-scoped access checks, signed object-storage URLs, and provider credentials kept in server-side environment variables.

No system is perfectly secure. Customers are responsible for managing authorized users, workspace invitations, and the sensitivity of content they upload.

Warpgate retains workspace content for as long as needed to provide the service to the customer organization, unless a signed agreement sets a shorter retention period. For time-boxed audit work, extracted working content may be deleted within the period stated in the applicable data handling annex or statement of work.

Warpgate may retain account, billing, audit, security, backup, and legal records as needed to operate the service, comply with legal obligations, resolve disputes, enforce agreements, and protect the service. Access logs for customer engagements may be retained for the engagement duration plus 90 days where an engagement annex requires that period.

Depending on location and role, individuals may have rights to access, correct, delete, export, restrict, object to, or withdraw consent for certain processing of personal information. Organization users may need to direct workspace-content requests to their organization administrator because the organization may control that content.

Requests can be sent to support@warpgate.tech. Warpgate may need to verify the requester and coordinate with the relevant customer organization before acting on requests that involve workspace content.

Warpgate and its providers may process information in countries other than where users or organizations are located, including Singapore, the Philippines, and provider-managed regions used by infrastructure and AI providers.

Warpgate is designed for organizations and business users. It is not intended for children or for personal consumer use by minors.

Warpgate may update this Privacy Policy as the service, providers, laws, or business model change. Material changes should be communicated in a way appropriate to the change and the affected users.

Privacy questions and requests can be sent to support@warpgate.tech.