Privacy  ·  Terms

The AI on your side

How unwynd protects you — updated 2 July 2026

unwynd holds the most sensitive combination of data a person has: your work patterns and your body. We think the only honest way to earn that is to make the protections structural — built into the database, the encryption and the code paths — and then show you exactly what they are. This page is that. No dark patterns, no ads, no data sales, ever.

Isolation you can't opt out of

Row-Level Securityenforced by the database

Every table that holds your data is protected by PostgreSQL Row-Level Security — enabled and forced — so the database itself refuses to return another person's rows, even if our application code had a bug. Our app connects as a role that cannot bypass these policies. We prove the isolation with a cross-user test on the live system: the query that tries to read someone else's data must return zero rows, every deploy.

Encryption that's yours, not ours

AES-256-GCMper-user keys

Documents you capture, connector tokens and push tokens are envelope-encrypted with a per-user data key, bound to your account identity. Deleting your account crypto-shreds the keys — the ciphertext becomes permanently unreadable. Disconnecting a source shreds its tokens the same way.

An AI that answers from your data — or refuses

never trained on yougrounded or silent

Your data is never used to train AI models. When you ask unwynd a question, it answers only from your own records and cites its sources — and when it doesn't have the data, it says so instead of guessing. Insights are computed with conservative statistical gates: too little history means no insight, not a made-up one.

Documents unwynd refuses to read

sensitive flagyour choice, enforced in code

Mark any capture as sensitive and unwynd never reads it: no AI extraction, no text in any model context, ever. It's stored encrypted for your eyes only, and if you ask about it, unwynd hands you back the original document rather than describing its contents.

Your calendar without the calendar

metadata only

The calendar connector stores timing only — when meetings happen, how long, whether they run after hours. Never titles, never attendees, never locations. unwynd can tell you work is heavy; it cannot know what the work was. Your employer sees nothing — unwynd is yours, not theirs.

WhatsApp is an inbox, never an outbox

channel policy, enforced in code

If you link WhatsApp, it works one way: things you send in become private captures. Replies are limited to a fixed set of acknowledgements — there is no code path that can put your documents, health data or extracted details into a WhatsApp message. Your phone number itself is never stored — only a salted fingerprint that lets us recognise you.

Controls that actually work

Where your data lives

UK/EU infrastructure (AWS London for storage and AI inference), daily encrypted off-site backups, strict per-user and per-endpoint rate limits, and hard daily cost caps so no account can be abused into a runaway bill — yours or ours.

Being straight with you: unwynd is a private, invite-only beta. Our UK company registration, ICO registration and independent penetration test are in progress — we won't open public signups until they're done. This page lists what is already built and enforced in code today, and we'd rather under-promise here than over-claim.
Questions? privacy@bitbots.co.uk · Privacy Policy · Terms