Privacy is part of the platform, not a late legal patch.

wa.lter.it now exposes the first public privacy baseline for the network. This page summarizes what the platform actually does today and points to the internal operational artifacts that govern consent, retention, processors, and incidents.

Current rule: no non-essential analytics by default, no client-side CRM writes, and contact requests are stored DB-first with explicit consent and server-side sync boundaries.

What the platform collects today

At this stage the active collection points are contact intake, authentication/session data for the internal operator surfaces, and private/internal memory captured through the MCP path.

How consent is handled

The public contact intake requires explicit consent before the request is stored. Non-essential analytics are not enabled as part of the bootstrap baseline.

Where data goes

Requests land in the main Postgres application database first. CRM sync toward self-hosted Twenty is server-side only and remains subject to configuration and review state.

Operational artifacts

The repo now carries a privacy baseline: record of processing, cookie register, retention schedule, processor register, and incident log scaffold. Those artifacts are the operating source of truth, not this page alone.

Operational next step

If you want to open a concrete conversation, use the DB-first contact intake. It already stores purpose, lawful-basis candidate, consent, and CRM sync state.

Use the contact intake