Wardly
Map My Home

Legal · Wardly

Privacy Policy

Effective:
2026-04-30
Last updated:
2026-04-30

Privacy Policy

Effective date: 2026-04-30 Last updated: 2026-04-30

This Privacy Policy explains how Wardly ("Wardly", "we", "us", or "our") handles personal data when you use our home-security planning and blind-spot visualization service available at wdfsolutioons.com (the "Service"). Wardly is operated by WDF SOLUTIONS LTD, a private limited company registered in Scotland (company number SC437083), with its registered office at 9 Panton Green, Livingston, Scotland EH54 8RY.

We have written this policy in plain English. Where we use a defined legal term, we explain what it means. If you have any privacy question, you can always reach our privacy team at support@wdfsolutioons.com.

1. Who this policy applies to

This policy applies to anyone who uses the Service: free-tier users on the Look plan, paying subscribers on Watcher or Sentinel, people who buy one-time credit packs, visitors to our website, and people who contact our support team.

The Service is available globally to consumers. It is not intended for children under 13. Users aged 13 to 17 may use the Service only with the verifiable consent of a parent or legal guardian, which must be acknowledged at signup.

2. The data we collect

We collect the following categories of personal data.

2.1 Account data

When you create an account we collect your email address, a hashed password (or a third-party identifier if you sign in with a federated provider), your display name, your selected plan, your country (for tax and legal-basis purposes), and an age confirmation. If you are 13 to 17, we also record the guardian-consent acknowledgement.

2.2 Billing data

When you subscribe or buy credits, our payment processor (Stripe) collects payment details directly from you. We do not store full card numbers on our servers. We receive and store: the last four digits and brand of your card or other payment method, billing country and postcode, invoice history, plan or pack purchased, amount in USD, and Stripe customer and subscription identifiers.

2.3 Room photos and project content

This is the most sensitive category we handle. To use the Service you upload photos of rooms inside your home (or, with explicit consent, a home you are authorised to plan for). These images can reveal home layouts, possessions, the inside of personal spaces, and sometimes incidental images of people. We treat room photos with elevated care in our retention and access controls. They are not "special category" data under Article 9 of the GDPR, but we recognise that they are personally and emotionally sensitive.

We also store the AI-generated outputs derived from your photos: annotated blind-spot maps, before-and-after comparison images, and short simulation videos (including intruder point-of-view renderings).

2.4 Device and log data

We collect technical information that your device sends automatically when you use the Service: IP address, approximate location derived from IP, browser type and version, operating system, device type, language, time zone, referring URL, pages viewed, features used, error logs, and crash reports.

2.5 Cookie and similar technologies

We use cookies and similar storage. See our Cookie Policy for the full table. In short: strictly necessary cookies keep you signed in; analytics cookies help us understand aggregate usage; marketing cookies (only where you opt in) help us measure ad effectiveness.

2.6 Support correspondence

When you email us at support@wdfsolutioons.com or use any in-product support channel, we keep a record of the conversation, the contact details you provide, and any attachments, so we can help you and improve the Service.

3. Why we use your data and the lawful basis we rely on

Under the UK GDPR and EU GDPR, we must have a lawful basis for every use of personal data.

  • To deliver the Service (account creation, processing your photos to generate visualizations, hosting your projects, charging your subscription): the lawful basis is performance of a contract with you (Article 6(1)(b)).
  • To prevent abuse, fraud, security incidents, and to defend legal claims: the lawful basis is our legitimate interest (Article 6(1)(f)) in operating a safe Service. We balance this against your interests and we do not rely on this basis where your fundamental rights override it.
  • To send you transactional emails (receipts, password resets, security alerts, plan changes): performance of a contract.
  • To run analytics and to send marketing emails or place advertising cookies: your consent (Article 6(1)(a)). You can withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
  • To meet legal obligations (tax records, responding to lawful authority requests): legal obligation (Article 6(1)(c)).

We do not use your room photos or project content to train general-purpose AI models. We do use anonymised, non-identifying aggregate signals (for example, average processing time per region) to improve the Service, on the basis of legitimate interest.

4. How long we keep your data — including the 30-day photo retention rule

We keep personal data only for as long as we need it.

  • Room photos and the AI outputs derived from them: deleted within 30 days of upload by default. You can also delete any photo or project earlier at any time directly from your account settings: open the project, choose Delete project or Delete photo, and the file and its derivatives are removed from active storage immediately and from backups within 30 days. This early-delete pathway is available to every user on every plan.
  • Account data: kept while your account is active and for up to 12 months after closure, then deleted or fully anonymised.
  • Billing and tax records: kept for 7 years to comply with UK and international tax law.
  • Support correspondence: kept for up to 24 months after the case is closed.
  • Server logs: kept for up to 90 days for security and debugging.

When a retention period ends, we delete or irreversibly anonymise the data.

5. Who we share data with (subprocessors)

We use a small set of carefully chosen service providers ("subprocessors") to run the Service. We share with each only the data they need, under a written data-processing agreement that includes the EU and UK Standard Contractual Clauses where applicable. The categories are:

  • Cloud hosting and storage — to host the Service, store your photos, and run our database.
  • Payment processing — Stripe, to take payment, manage subscriptions, and process refunds.
  • AI inference — third-party AI model providers that generate the visualizations and simulation videos from your photos.
  • Product analytics — to understand aggregate usage and improve the Service (only where you have consented to analytics cookies, where consent is required).
  • Transactional email — to deliver receipts, password resets, and security alerts.
  • Customer support tooling — to manage your support tickets.
  • Error and performance monitoring — to detect bugs and outages.

We do not sell your personal data, and we do not share it for cross-context behavioural advertising without your opt-in (or, in the United States, without honoring your opt-out).

6. International data transfers

Wardly is operated from the United Kingdom and serves users globally. Your data may be processed in the United Kingdom, the European Economic Area, the United States, and other countries where our subprocessors operate. Where we transfer personal data outside the UK or the EEA to a country that has not received an adequacy decision, we rely on the UK International Data Transfer Agreement or the EU Standard Contractual Clauses (SCCs), supplemented by additional technical and organisational safeguards (encryption in transit and at rest, access controls, and data minimisation).

7. Your rights

7.1 If you are in the UK or the European Economic Area

Under the UK GDPR and EU GDPR you have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate or incomplete data.
  • Erase your data ("right to be forgotten") in defined circumstances.
  • Restrict how we use your data while a question is being resolved.
  • Object to processing based on legitimate interest, including profiling.
  • Portability: receive your data in a structured, commonly used, machine-readable format and, where technically feasible, have it transmitted to another controller.
  • Withdraw consent at any time where processing is based on consent.
  • Lodge a complaint with a supervisory authority. In the UK that is the Information Commissioner's Office (ICO) at ico.org.uk. In the EEA you may complain to the data-protection authority of your country of residence.

To exercise these rights, email support@wdfsolutioons.com. We will respond within 30 days. We may need to verify your identity before we act.

7.2 If you are in California

Under the California Consumer Privacy Act (CCPA), as amended by the CPRA, California residents have the right to:

  • Know what personal information we collect, use, disclose, and (if applicable) share.
  • Delete personal information we hold about you, subject to legal exceptions.
  • Correct inaccurate personal information.
  • Opt out of the "sale" or "sharing" of personal information. We do not sell personal information for money. We may "share" limited identifiers with advertising partners for cross-context behavioural advertising; you can opt out from the cookie banner or our consent center, and we automatically honor the Global Privacy Control (GPC) signal sent by your browser.
  • Limit the use of sensitive personal information.
  • Non-discrimination for exercising your rights.

We do not knowingly sell or share personal information of consumers under 16.

7.3 If you are elsewhere

Users in other regions have similar rights under applicable law, including the Brazilian LGPD, the Canadian PIPEDA, the Australian Privacy Principles, and others. Contact support@wdfsolutioons.com and we will help you exercise the rights available to you under your local law.

8. Security

We use industry-standard measures to protect your data:

  • TLS encryption in transit and AES-256 encryption at rest for stored photos and database fields containing personal data.
  • Strict access controls; only a small number of engineers can access room-photo storage, and every access is logged.
  • Multi-factor authentication for our administrative systems.
  • Regular vulnerability scanning, dependency monitoring, and incident-response drills.

No system is perfectly secure, but we work continuously to keep yours safe.

9. Data breach notification

If a personal-data breach is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of it, in line with Article 33 of the UK GDPR. Where the breach is likely to result in a high risk to you, we will also notify you directly without undue delay, with a clear description of what happened, what data was affected, what we are doing about it, and what you can do.

10. Children

The Service is not for children under 13 and we do not knowingly collect personal data from anyone under 13. If you are a parent or guardian and believe your child under 13 has created an account, contact support@wdfsolutioons.com and we will delete the account.

For users aged 13 to 17, a parent or legal guardian must consent to use of the Service. We collect the guardian's email at signup for this acknowledgement.

11. Automated decision-making

We do not make decisions producing legal or similarly significant effects about you based solely on automated processing.

12. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top. If the changes are material, we will notify you by email and / or by an in-product notice at least 14 days before the changes take effect, so you have the opportunity to review them.

13. Contact us

For any privacy question, to exercise a right, or to raise a complaint:

  • Email: support@wdfsolutioons.com
  • Postal address: WDF SOLUTIONS LTD, 9 Panton Green, Livingston, Scotland EH54 8RY, United Kingdom
  • Companies House number: SC437083

We aim to resolve every privacy question directly. You also have the right to escalate to your local data-protection authority at any time.