Overview
This Privacy Policy describes how Skint Labs ("we", "us", or "our") collects, uses, and handles data when developers and businesses use WonderwallAi, our AI firewall SDK and hosted API. WonderwallAi exists to protect AI applications from prompt injection, data leaks, and off-topic abuse. We apply the same commitment to privacy to our own product.
Open Source SDK
The WonderwallAi SDK is fully open source (MIT licensed) and available on GitHub and PyPI. When you use the SDK in local mode, all scanning and filtering runs entirely on your own infrastructure. No data leaves your environment. Skint Labs receives no telemetry, usage data, or content from SDK-only deployments.
Hosted API Data Collection
When you use the WonderwallAi hosted API (wonderwallai-production.up.railway.app), we process the following data to provide the service:
- Request content: the text submitted for scanning (user messages, LLM prompts, or responses) is processed in memory to perform threat detection. This content is not stored persistently after the scan is complete.
- API key and account identifiers: used to authenticate requests and enforce rate limits.
- Request metadata: timestamps, scan result (allowed, blocked, flagged), latency, and threat category. This aggregate metadata is retained for usage reporting and billing purposes.
We do not store the raw content of scanned messages after processing is complete.
How We Use Your Data
- Request content is used solely to perform the security scan you requested.
- Aggregate metadata (scan counts, threat categories) is used to generate your usage dashboard and calculate billing.
- We do not sell, rent, or share your data with third parties for advertising or marketing purposes.
- We do not use your data to train general-purpose AI models without explicit consent.
Data Retention
Scanned request content is processed in memory and not persisted to disk or database storage after the scan response is returned.
Aggregate usage metadata (scan counts, timestamps, threat categories) is retained for 12 months from the date of the request, after which it is automatically deleted.
When you close your account, all associated metadata is deleted within 30 days.
Data Deletion Requests
You may request deletion of your account and all associated metadata at any time by emailing info@skintlabs.ai with the subject line "WonderwallAi Data Deletion Request" and your account email or API key identifier.
We will process deletion requests within 5 business days and send confirmation once complete.
Third-Party Services
The WonderwallAi hosted API relies on the following infrastructure providers:
- Railway: Cloud hosting for the WonderwallAi API backend. Railway Privacy Policy.
The hosted API is designed to minimise external dependencies. Scanning is performed locally within our infrastructure without routing content to third-party AI providers.
Security
We implement industry-standard security measures including encrypted data transmission (TLS), secure API key management, timing-safe authentication, and full security headers. Our infrastructure runs with automatic security updates on Railway. As an AI security product, security is central to everything we build.
Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the effective date at the top of this page. Material changes will be communicated to active API users via email. Continued use of the hosted API after changes are posted constitutes acceptance of the revised policy.
Contact
If you have any questions about this Privacy Policy or how we handle your data, please contact us:
- Email: info@skintlabs.ai
- Company: Skint Labs
- Location: Melbourne, Australia