Wafer logo

Wafer Privacy Policy

Last updated: April 18, 2026

Wafer, Inc. (“Wafer,” “we,” “us”) operates an inference platform that serves optimized open-source large language models via API. This Privacy Policy explains what data we collect when you use our services at wafer.ai and our API endpoints, how we use it, and the choices you have.

1. Scope

This policy applies to:

  • Our website (wafer.ai and subdomains).
  • Our inference API, including Wafer Pass and any dedicated or enterprise endpoints.
  • Any account or billing interactions you have with us directly or through a reseller (e.g., an API aggregator).

It does not cover third-party services that integrate with Wafer (such as agent harnesses, IDE extensions, or aggregators); those services have their own privacy policies.

2. Data We Collect

2.1 Account and billing data

When you sign up or subscribe, we collect your name, email, and billing information. Payments are processed by our payment provider; we do not store full credit card numbers on our servers.

2.2 API request data

When you call our API, we process:

  • Prompts, completions, and any tool/function call payloads you send or receive.
  • Request metadata such as model, timestamp, token counts, latency, IP address, user agent, and API key identifier.
  • Error traces and diagnostic information when a request fails.

2.3 Website data

When you visit wafer.ai, we collect standard web analytics (pages viewed, referrer, approximate location derived from IP, device and browser type). We use cookies only where needed to operate the site and for basic analytics.

3. How We Use Data

We use the data above to:

  • Serve your inference requests and return responses.
  • Operate, monitor, and improve the reliability, performance, and security of our systems.
  • Investigate abuse, fraud, and violations of our Terms of Service.
  • Bill for usage and manage your account.
  • Communicate with you about your account, service changes, and (if you opt in) product updates.

4. Model Training

We do not train the models we serve on your prompts or completions. Inputs and outputs from your API requests are never used to train, fine-tune, or otherwise improve the capabilities or behavior of the open-source models we serve, and we do not share your prompts or completions with any third-party model provider for training.

Speculative decoding. To make inference faster and cheaper, we train small internal “draft” models used only for speculative decoding. These draft models propose candidate tokens that the main model then verifies, so every token you receive is still produced by the open-source model you selected — speculative decoding does not change model outputs, it only accelerates them. We may use prompts and completions from non-ZDR traffic to train and evaluate these draft models. Draft models are used internally for serving performance, are not exposed as a product, and are not shared with third parties. Traffic from accounts enrolled in Zero Data Retention (Section 6) is excluded from draft-model training.

We also use aggregated, non-content metadata (e.g., token counts, latency distributions, error rates) to improve our kernel optimization and serving infrastructure.

5. Data Retention

Request logs containing prompts and completions are stored in an anonymized form — stripped of direct account identifiers beyond an internal request ID — for up to 30 days, then deleted.

Operational metadata (token counts, latency, error codes) may be retained longer in aggregate form for capacity planning and billing reconciliation.

Account and billing records are retained for as long as your account is active and for the period required by applicable tax and accounting laws after closure.

6. Zero Data Retention (ZDR)

Enterprise customers and approved partners (including select API aggregators) may opt in to Zero Data Retention. Under ZDR:

  • Prompts and completions are processed in memory and are not written to persistent logs.
  • Only minimal metadata required for billing and abuse prevention (e.g., token counts, timestamps, request IDs) is retained.
  • ZDR traffic is excluded from speculative-decoding draft-model training described in Section 4.

Contact us at the address below to request ZDR for your account.

7. Sharing and Disclosure

We share data only as needed to run the service:

  • Infrastructure providers. We run inference on cloud and hardware partners under contractual confidentiality and data protection terms. These providers process data only on our instructions.
  • Payment and business tools. We share limited data with our payment processor, billing platform, and business communications tools.
  • Legal requests. We may disclose data to comply with valid legal process, to protect our rights or property, or to protect the safety of users or the public.
  • Business transfers. If Wafer is involved in a merger, acquisition, or asset sale, your data may be transferred as part of that transaction, subject to this policy.

We do not sell personal data, and we do not share prompts or completions with advertisers or data brokers.

8. Security

We use industry-standard safeguards to protect your data, including TLS encryption for data in transit, encryption at rest for stored logs, access controls on internal systems, and audit logging. No system is perfectly secure; we cannot guarantee absolute security, but we work to meet or exceed industry norms for inference providers.

9. Your Rights and Choices

Depending on where you live, you may have rights to access, correct, delete, or port your personal data, or to object to or restrict certain processing. To exercise these rights, email us at the address below. We will verify your identity before acting on a request.

You can also:

  • Delete your API keys at any time from your account.
  • Request deletion of your account and associated logs, subject to legal retention requirements.
  • Opt out of marketing emails using the unsubscribe link in any such email.

10. International Users

Inference is served from data centers in the United States. If you access Wafer from outside the U.S., your data will be transferred to and processed in the U.S., which may have different data protection laws than your jurisdiction. By using the service, you consent to this transfer.

11. Children's Privacy

Wafer is not directed to children under 13 (or the equivalent minimum age in your jurisdiction), and we do not knowingly collect personal data from them. If you believe a child has provided us personal data, contact us and we will delete it.

12. Changes to This Policy

We may update this policy from time to time. We will post the new version at wafer.ai/privacy and update the “Last updated” date. For material changes, we will provide additional notice (e.g., by email or an in-product banner) before the changes take effect.

13. Contact Us

Questions, requests, or complaints about this policy can be sent to:

Wafer, Inc.

Email: emilio@wafer.ai

Website: https://wafer.ai