Privacy policy

Introduction

Wander is an AI-powered learning app that turns any question into a personalized audio podcast. This policy describes what information Wander collects, why we collect it, and how we handle it. We try to collect as little as possible — only what is needed to make the app work well for you.

By creating an account or using Wander, you agree to this policy. If you have any questions, please email us at legal@gowander.ai.

Information we collect

We collect the following categories of information:

• Account information. Your email address. If you sign in with Apple or Google, we receive a unique identifier from that provider plus the name and email associated with your account. If you choose Apple's "Hide My Email" option, we only receive the relay address.
• Profile information. Information you provide during onboarding or in settings — your display name, optional avatar image, and the topic interests you select.
• Content you generate. The prompts you submit, the podcast scripts and audio Wander generates for you, and the topic graph entries those podcasts produce.
• Listening activity. Which podcasts you have played, playback progress, and your voice and style preferences (host voice, guest voice, length, format).
• Usage and behavioral analytics. Events describing how you interact with the app — screens you view, buttons you tap, podcasts you start, finish, or skip, search queries, and session length. These events are tied to a pseudonymous identifier and sent to our analytics provider (Amplitude) so we can understand how the product is used and improve it.
• Device and technical information. Standard information your device sends when it connects, such as IP address, app version, and operating system version. We use this for security, debugging, and basic analytics.

We do not collect contacts, location, photos (beyond an avatar you explicitly upload), or any data from outside the app.

How we use your information

We use the information above to:

• Authenticate your account and keep your session active.
• Generate podcasts personalized to your prompt, interests, voice preferences, and listening history.
• Show you your library, listening progress, and the topic graph that grows as you explore.
• Diagnose problems, prevent abuse, and improve the service.
• Understand how people use Wander — which features get used, where users get stuck, what to build next — using behavioral analytics events (see "Usage and behavioral analytics" above).
• Send transactional emails — sign-in links, account notifications. We do not send marketing emails without asking first.

How we share your information

We will never sell your data. We share limited information with the service providers we use to run Wander:

• Supabase hosts our database and handles authentication. Your account, profile, podcasts, and listening history live on Supabase infrastructure.
• Google (Gemini API) generates podcast scripts and cover images from your prompts. We send your prompt and a small amount of context to Gemini on a paid API tier — Google does not use this data to train its models, and retains it for up to 55 days for abuse monitoring before deletion.
• xAI (Grok TTS) generates the audio for your podcasts. We send the script lines we want narrated; xAI's API terms govern that processing.
• Amplitude is our product analytics provider. It receives event data (screens viewed, actions taken) tied to a pseudonymous identifier so we can understand how people use the app — it does not receive your prompts or podcast content.
• Apple (policy) and Google (policy) handle sign-in when you choose those options. They share an identifier and basic profile fields with us under their own policies.
• Railway hosts our server and Vercel hosts our website.

We may also share information when required by law, to protect the safety of our users, or as part of a business transfer (acquisition, merger).

Data retention

We keep your information for as long as your account is active. You can delete your account from inside the app — Settings → Delete account — and we will remove your profile, podcasts, and listening history within 30 days. Database backups are retained for 7 days after deletion before being purged. Aggregated analytics that no longer identify you may persist beyond that.

Your rights

Everyone using Wander can:

• Access and update your profile from inside the app.
• Delete your account from inside the app.
• Request a copy of your data, or ask us to delete or correct specific information, by emailing legal@gowander.ai.

If you are in the EU, UK, or Switzerland, the GDPR and UK GDPR also give you the right to:

• Access the personal data we hold about you.
• Have inaccurate data corrected (rectification).
• Have your data deleted (erasure / "right to be forgotten").
• Restrict how we process your data.
• Receive a copy of your data in a portable, machine-readable format.
• Object to processing based on legitimate interests.
• Withdraw any consent you previously gave (without affecting processing we did before you withdrew).
• Lodge a complaint with your local data-protection authority — for example, the UK ICO or your member-state DPA in the EU.

If you live in a U.S. state with a comprehensive privacy law — including California (CCPA/CPRA), Virginia, Colorado, Connecticut, Utah, Oregon, Texas, Montana, Tennessee, and others — you have rights to know what we collect, access it, correct it, delete it, and opt out of any "sale" or "sharing" or targeted advertising. We do not sell or share personal information for cross-context behavioral advertising. Email legal@gowander.ai to exercise any of these rights and we will respond within the timeframes the law requires.

Legal basis for processing (EU/UK)

If GDPR or UK GDPR applies to you, we rely on these legal bases for processing your data:

• Contract (Art. 6(1)(b)) — to create your account and deliver the podcasts you ask for.
• Legitimate interests (Art. 6(1)(f)) — for security, debugging, abuse prevention, and basic product analytics. You can object to this processing at any time.
• Consent (Art. 6(1)(a)) — for any future marketing emails or anything else where we ask you to opt in. You can withdraw consent at any time.
• Legal obligation (Art. 6(1)(c)) — to comply with valid legal requests from law enforcement, courts, or regulators.

International data transfers

Wander is operated from Israel, and our service providers (Supabase, Google, xAI, Amplitude, Railway, Vercel) primarily process data on infrastructure in the United States. If you are in the EU, UK, or another jurisdiction with cross-border transfer restrictions, your data is transferred outside that region.

Where required, we rely on the European Commission's Standard Contractual Clauses (and the UK Addendum where applicable) with our processors. Some processors are also certified under the EU-US Data Privacy Framework. Israel itself has been recognized by the European Commission as providing an adequate level of data protection.

Categories of personal information (California)

For CCPA/CPRA disclosure, in the past 12 months we have collected the following statutory categories of personal information, obtained from you directly or from your sign-in provider, used for the purposes described above, and disclosed only to the subprocessors named under "How we share":

• Identifiers — email, sign-in provider ID, display name.
• Customer records — profile information you provide.
• Internet or other electronic activity — playback progress, in-app actions, app version.
• Audio / electronic information — the podcast audio Wander generates for you.
• Inferences — topic interests we derive from your prompts and listening to personalize future podcasts.

We do not knowingly collect "sensitive personal information" as defined by the CCPA, and we have no actual knowledge of selling or sharing the personal information of consumers under 16.

Children

Wander is not directed to children under 13, and we do not knowingly collect information from children under 13. If you believe a child has created an account, please email us and we will remove it.

Security

We protect your information with industry-standard practices: encrypted connections (TLS), encrypted storage at rest, and access controls on our infrastructure. No system is perfectly secure, but we work to limit exposure and respond quickly if anything goes wrong.

Changes to this policy

If we make material changes to this policy we will update the date at the top and, when the change is significant, notify you in the app or by email before the change takes effect. Continued use of Wander after a change means you accept the updated policy.

Contact

Questions about this policy or your data? Email legal@gowander.ai.