Wayfinder Global Privacy Policy

Effective date - May 21, 2026

This Privacy Policy explains how Robbclan, Inc. of Delaware (Robbclan, we, us, or our) collects, uses, discloses, stores, and otherwise processes personal information in connection with:

• the Wayfinder website, marketing pages, registration, billing, support, and communications;
• the Wayfinder platform, including AI course authoring, course delivery, learning records, reporting, exams, Course Coach, SME interviews, integrations, MCP, MCP-UI, APIs, and administrator functions; and
• other services, events, demos, and business interactions that link to this Privacy Policy.

This Privacy Policy is designed for a global audience. Privacy laws vary by location, role, and context. Regional supplements below explain additional rights and disclosures for certain jurisdictions. If an agreement, order, data processing addendum, or feature-specific notice provides more specific privacy terms, those terms control for the covered processing.

1. Who We Are and How Roles Work

1.1 Robbclan as Controller

Robbclan generally acts as a controller or equivalent decision-maker for personal information we collect for our own business purposes, such as:

• website inquiries, demos, sales conversations, marketing preferences, and events;
• account registration, account security, platform administration, billing administration, fraud prevention, and support records;
• product security, audit logs, service operations, aggregated analytics, and legal compliance; and
• communications with business contacts, administrators, prospects, and vendors.

1.2 Robbclan as Processor or Service Provider

When a customer organization uses Wayfinder to create training, enroll learners, collect learner submissions, connect documentation, configure Course Coach, use personal or corporate context, or manage tenant records, that customer may determine why and how much of that data is used. For that customer-controlled tenant data, Robbclan generally processes personal information on the customer's instructions as a processor, service provider, or similar role under applicable law.

If you use Wayfinder through your employer, customer, partner, training sponsor, or another organization, that organization may control your tenant account, learning records, integrations, access permissions, retention settings, and requests involving tenant content. Please contact that organization first for questions about its use of your personal information.

2. Personal Information We Collect

The categories we collect depend on how you interact with Wayfinder.

2.1 Account and Identity Information

We may collect:

• name, username, email address, company, tenant, job role, audience type, and account permissions;
• password-derived authentication data, multi-factor authentication settings, passkey/WebAuthn registration data, session information, login challenges, and security verification records;
• trusted-access, API, MCP, or integration identifiers and authentication metadata where configured; and
• contact preferences and administrator assignments.

2.2 Billing, Purchase, and Commercial Information

We may collect plan selection, tier, entitlements, offer codes, invoices, order records, billing contacts, payment status, payment-provider customer references, payment-provider instrument references, tax-related information provided for billing, and transaction history. Card payments may be handled by a payment provider such as Finix. Wayfinder is designed to store payment-provider references rather than raw card numbers in the application.

2.3 Customer Content and Learning Content

We may process content provided to or created in Wayfinder, including:

• prompts, role descriptions, job/task analysis, SME interview responses, learning paths, course outlines, course modules, quizzes, exams, presentation criteria, templates, branding, comments, edits, approvals, and generated outputs;
• uploaded media, course packages, source documents, knowledge-base materials, documentation snapshots, SCORM or xAPI materials, presentation files, and other learning assets;
• context portfolios, corporate context, personal context, agent profiles, imported context files, and AI assistant instructions where users choose to provide them; and
• content pulled from authorized documentation integrations such as Notion, Confluence, ServiceNow, or other connectors configured by a customer.

2.4 Learner Activity and Assessment Information

We may process registrations, enrollments, section progress, completion records, quiz and exam activity, presentation submissions, grades, instructor reviews, learning-path status, reporting information, and other learning records created through the platform.

2.5 AI Interaction and Course Coach Information

AI-enabled features may process prompts, source materials, generated content, editing instructions, evaluation requests, SME interview turns, Coach questions, learner answers, feedback, missing concepts, review suggestions, module references, and quality or analytics outputs.

Course Coach privacy settings may vary by tenant. Depending on configuration, Wayfinder may retain tenant-specific Coach intelligence, short answer excerpts, summaries, attempts, feedback, or analytics for a configured period. Feature notices may state whether answer excerpts are retained, whether summaries are anonymized, and the configured retention period.

2.6 Support, Communications, and Feedback

We may collect support-ticket details, bug reports, billing questions, product feedback, email content, call or meeting notes created by our teams, page paths or screenshots you provide, and resolution history.

2.7 Device, Usage, Cookie, and Log Information

We may collect IP address, browser and device information, referring pages, timestamps, pages or features used, error reports, security logs, audit events, session cookies, authentication cookies, and operational telemetry needed to run, secure, support, and improve Wayfinder.

We do not describe all browser storage as advertising cookies. Where we use cookies or similar technologies, some may be required for login, security, session continuity, preferences, or core platform functions. If we later deploy optional analytics or marketing technologies that require consent or opt-out controls in a region, we will provide the required controls and notices.

2.8 Information from Third Parties

We may receive information from:

• customer administrators and identity or trusted-access providers;
• authorized integrations and documentation systems;
• payment, communications, hosting, security, and infrastructure providers;
• business partners or referrals; and
• publicly available business contact sources where permitted by law.

3. How We Use Personal Information

We use personal information to:

1. provide, operate, host, maintain, and secure Wayfinder;
2. create and manage accounts, tenant roles, access permissions, authentication, MFA, passkeys, sessions, and trusted-access flows;
3. enable course authoring, AI generation, approvals, learner delivery, reporting, integrations, MCP tools, MCP-UI resources, APIs, Course Coach, exams, SME interviews, and support features;
4. process orders, subscriptions, invoices, payment status, entitlement changes, offer codes, renewals, support, and customer communications;
5. personalize or configure tenant and user experiences where requested, including branding, templates, context profiles, audience access, and learning preferences;
6. detect, investigate, prevent, and respond to abuse, fraud, security incidents, service failures, policy violations, and legal claims;
7. maintain audit trails, backups, retention workflows, exports, deletion workflows, and administrative records;
8. analyze usage, quality, reliability, and product performance in order to improve Wayfinder;
9. send service communications, transactional notices, security alerts, support responses, and relevant product updates; and
10. comply with law, enforce agreements, protect rights and safety, and complete corporate transactions where lawful.

We do not use customer tenant content to make employment, admissions, credit, housing, insurance, healthcare, or similarly significant decisions on behalf of customers unless a separate feature, contract, and required compliance process expressly says otherwise.

4. AI Systems and Model Providers

Wayfinder may use AI model providers or customer-configured model environments to generate or evaluate content. Inputs sent to AI systems may include prompts, source excerpts, role or course context, learner answers where a feature requires evaluation, and other data needed to return the requested output.

Customers and users should avoid submitting personal information, confidential information, regulated data, or sensitive information that is not needed for the requested learning workflow. Customers are responsible for reviewing AI outputs and configuring integrations, audience controls, and data flows suitable for their organization.

If an Order, DPA, customer model configuration, or provider-specific notice states how a model provider handles submitted data, that more specific term applies to the covered processing.

5. How We Disclose Personal Information

We may disclose personal information:

• Within the customer tenant. To customer administrators, editors, instructors, managers, reviewers, learners, or other tenant users according to role permissions, audience settings, feature configuration, and customer instructions.
• To service providers and subprocessors. To hosting, storage, infrastructure, security, email, SMS, support, analytics, payment, AI model, and operational providers that help us deliver Wayfinder.
• To authorized integrations. To documentation systems, identity providers, AI assistants, APIs, MCP clients, or other systems a customer or user authorizes.
• For legal and safety reasons. When we believe disclosure is necessary to comply with law, legal process, regulatory requests, enforce agreements, protect rights, prevent harm, or investigate security incidents or abuse.
• For business transfers. In connection with a merger, financing, acquisition, reorganization, asset sale, or similar transaction, subject to appropriate protections.
• With consent or direction. When you or the relevant customer directs or authorizes disclosure.

We do not sell personal information for money. We do not currently share personal information for cross-context behavioral advertising as those terms are used under California privacy law. If our practices change, we will update our notices and provide required choices.

6. Legal Bases for Processing

Where a legal basis is required, Robbclan relies on one or more of the following depending on the context:

• Contract. To provide accounts, subscriptions, support, platform functions, and requested services.
• Legitimate interests. To secure and improve Wayfinder, communicate with business users, prevent fraud and abuse, maintain records, and operate a B2B service where those interests are not overridden by individual rights.
• Consent. For processing that requires consent, such as certain marketing communications or optional cookies in some regions.
• Legal obligations. To comply with tax, accounting, security, law-enforcement, regulatory, and other legal duties.
• Vital interests or other lawful grounds. Where applicable under local law and the circumstances.

For customer-controlled tenant content, the customer determines the applicable legal basis where it acts as controller.

7. Retention

We retain personal information for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide the platform, maintain business and audit records, resolve disputes, comply with law, protect security, and enforce agreements.

Retention may depend on:

• the customer contract, tenant configuration, and account status;
• the type of data and product feature involved;
• applicable legal, tax, accounting, security, and backup requirements;
• user or customer deletion, export, and retention requests; and
• whether data is needed to investigate abuse, security issues, or legal claims.

Examples in the product may include configured Course Coach retention, privacy export retention, completed privacy-request retention, audit-log retention, expired-session retention, backup retention, and customer-managed deletion or export workflows. Backups and logs may persist for limited periods after operational deletion where required for security, recovery, or legal purposes.

8. Security

We use administrative, technical, and organizational safeguards designed to protect personal information. Measures may include tenant access controls, authentication controls, role-based permissions, encryption or secret-management practices where appropriate, logging, backup controls, upload limits, maintenance restrictions, and security monitoring.

No method of transmission, storage, authentication, AI processing, or internet service is perfectly secure. Customers and users should use strong account-security practices, safeguard credentials and tokens, restrict integration scopes, and notify us promptly of suspected unauthorized access.

9. International Transfers

Wayfinder may be operated from, hosted in, or supported from countries other than where a person lives. Personal information may therefore be processed in the United States and other jurisdictions where Robbclan, customers, service providers, or subprocessors operate.

Where required for transfers of personal information from the EEA, UK, Switzerland, or other regions with transfer restrictions, we rely on applicable transfer mechanisms such as adequacy decisions, contractual safeguards, standard contractual clauses, the UK transfer addendum or equivalent mechanisms, customer instructions, or other lawful bases.

10. Your Choices and Rights

Depending on your location, the context, and whether Robbclan or a customer controls the data, you may have rights to:

• access or receive a copy of personal information;
• correct inaccurate personal information;
• delete personal information;
• object to or restrict certain processing;
• withdraw consent where processing is based on consent;
• receive portable data where applicable;
• opt out of certain sales, sharing, targeted advertising, profiling, or marketing uses where applicable;
• appeal certain rights decisions where required by law; and
• complain to a privacy regulator or supervisory authority.

To make a request about Robbclan-controlled information, contact privacy@robbclan.com. To make a request about tenant content controlled by a customer organization, contact that organization first. We may verify requests and may decline or limit requests where permitted by law.

You may unsubscribe from non-transactional marketing emails using the link in the message or by contacting us. Service, billing, security, and transactional messages may still be sent when necessary.

11. Children and Sensitive Information

Wayfinder is a business learning platform and is not directed to children. Customers should not use Wayfinder to collect children's personal information unless they have determined that the use is lawful and have arranged any required contract, consent, notice, and configuration controls.

Customers and users should not submit sensitive personal information unless it is necessary, authorized, appropriately protected, and allowed by the relevant Order, DPA, feature, and law. Sensitive information may include government identifiers, precise geolocation, health information, biometric information used for identification, financial-account details beyond payment workflows, racial or ethnic origin, religious beliefs, sexual orientation, union status, or other locally protected data.

12. Regional Privacy Supplements

12.1 EEA, UK, and Switzerland

Individuals in the EEA, UK, and Switzerland may have rights including access, correction, erasure, restriction, objection, portability, withdrawal of consent, and the right to complain to a competent supervisory authority. The legal bases and international-transfer information above apply where Robbclan acts as controller. If a customer organization controls the relevant tenant data, direct your request to that organization first.

If Robbclan is required to appoint an EU representative, UK representative, or data protection officer for a covered activity, we will identify that contact in a more specific notice.

12.2 United States State Privacy Notices

Residents of U.S. states with comprehensive privacy laws may have rights to access, correct, delete, obtain a portable copy, opt out of sale, sharing or targeted advertising, opt out of certain profiling, limit certain sensitive-data uses, and appeal a denied request, depending on the law and context.

For California residents:

• the categories described in Section 2 are the categories of personal information we may collect;
• the purposes in Section 3 describe why we collect, use, and disclose those categories;
• the disclosures in Section 5 describe categories of recipients;
• we do not sell personal information for money and do not currently share personal information for cross-context behavioral advertising;
• we do not knowingly sell or share personal information of consumers under 16 years of age; and
• retention is described in Section 7 and may vary by category and context.

To exercise applicable U.S. state privacy rights, contact privacy@robbclan.com. If we deny an appealable request, our response will explain available appeal steps where required.

12.3 Brazil

Brazilian data subjects may have rights under the Lei Geral de Protecao de Dados Pessoais (LGPD), including confirmation of processing, access, correction, anonymization, blocking or deletion where applicable, portability where regulated, information about sharing, information about consent and withdrawal, review or challenge rights where applicable, and complaint rights before the ANPD or other competent bodies.

For Robbclan-controlled processing, contact privacy@robbclan.com. For customer-controlled tenant data, contact the relevant customer organization first.

12.4 Canada

Canadian individuals may request access to and correction of personal information and may contact us with questions or complaints about Robbclan-controlled handling of personal information at privacy@robbclan.com. Where a customer organization controls tenant data, contact that organization first. Individuals may also have complaint rights with the applicable Canadian privacy commissioner or authority.

12.5 Australia and New Zealand

Individuals in Australia and New Zealand may request access to and correction of personal information and may complain about how personal information is handled. Contact privacy@robbclan.com for Robbclan-controlled processing or the relevant customer for customer-controlled tenant data. Where applicable, individuals may complain to the relevant privacy regulator after first raising the issue with us or the customer controller.

12.6 Other Regions

If local law grants additional privacy rights or requires additional notices, we will honor those rights and provide notices to the extent applicable. Contact privacy@robbclan.com for assistance.

13. Third-Party Sites and Services

Wayfinder may link to or integrate with third-party websites, documentation systems, AI assistants, payment services, identity systems, or APIs. Their privacy practices are governed by their own notices and terms. Customers should review third-party privacy and security practices before enabling an integration.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will post the updated version with a revised effective date and provide additional notice when required by law or when changes materially affect existing choices.

15. Contact Us

Privacy contact: privacy@robbclan.com Legal entity and address: Robbclan, Inc. 8 The Green, Dover, Delaware 19901 Sales and purchase inquiries until a dedicated contact is published: sales@robbclan.com