📢

Ingestion + Knowledge-Graph Foundation

This version delivers that backbone end-to-end with no real Connector logic: an Org admin can add a Source, an ingestion job runs and flips its status through the lifecycle (proving the pipeline), credentials are stored encrypted, and the Org's data can be exported. Actual crawling of external systems and the reasoning/query layer are explicitly deferred to follow-up work.

Privacy Policy

Last updated: 2 July 2026

This Privacy Policy explains how WITEK CONSULTORIA DE TECNOLOGIA LTDA (“we”, “us”, “our”), the company behind Galileo by Witek (the “Service”), collects, uses, shares and protects personal data. We are committed to processing personal data in accordance with the Brazilian General Data Protection Law (Lei Geral de Proteção de Dados, “LGPD”) and, where applicable, the EU General Data Protection Regulation (“GDPR”).

If you have questions about this policy or how we handle your data, contact us at support@updates.witek.sh.

1. About the Service and Our Role

Galileo by Witek connects to your existing knowledge sources — codebases, documentation, tickets, wikis and similar systems — and builds a knowledge graph that helps engineers and AI agents find trustworthy context.

Our role under data protection law depends on the data:

  • Account and billing data. For information about the individuals who sign up, administer an organisation, or pay for the Service, we act as the controller and this Privacy Policy governs that processing.
  • Ingested Content (“Customer Data”). For the content you connect to the Service — repositories, documents, tickets, wikis and any personal data they may contain — we act as a processor (operator, under the LGPD) that processes it on your instructions to provide the Service. The organisation that connects the source is the controller. Where required, this processing is also governed by a Data Processing Agreement (see Section 10).

2. Information We Collect

Information you provide

  • Account data: name, email address, password (stored hashed), and profile details.
  • Organisation data: organisation name, members, roles and invitations.
  • Billing data: subscription plan and billing status. Card details are handled by our payment processor (Stripe) and are never stored on our servers.
  • Support and feedback: messages, feedback submissions and correspondence you send us.

Ingested Content (Customer Data)

When you connect a source, we ingest and process its content — source code, documentation, issues/tickets, wiki pages and related metadata (for example authorship, timestamps and relationships between items). This content may incidentally contain personal data (such as author names or email addresses in commit history). We process it solely to build your knowledge graph and return context, on your instructions.

Information collected automatically

  • Usage and log data: IP address, browser and device details, timestamps, referring pages and actions taken in the Service, used for security, troubleshooting and improving the Service.
  • Cookies: see Section 8.

3. How We Use Information

We use personal data to:

  • provide, maintain and secure the Service, including building and querying your knowledge graph;
  • authenticate users, manage organisations and enforce access controls;
  • process payments and manage subscriptions;
  • send transactional and service messages, and (where permitted) product updates;
  • respond to support requests and feedback;
  • detect, prevent and investigate fraud, abuse and security incidents; and
  • comply with legal obligations.

Legal bases (GDPR) / lawful grounds (LGPD): performance of our contract with you, our legitimate interests in operating and securing the Service, your consent (where required, e.g. certain marketing communications), and compliance with legal obligations.

We do not sell personal data, and we do not use your Customer Data or Ingested Content to train foundation models.

4. AI Processing

The Service uses large language models to interpret sources and generate answers. To do this, relevant portions of your content and queries may be sent to our AI subprocessors (currently Anthropic and OpenAI) strictly to produce a response for you.

  • Our AI subprocessors process this data as our subprocessors and, under their business terms, do not use it to train their models.
  • When GDPR mode is enabled for your organisation, we take additional steps to avoid sending personal data to certain providers.

AI-generated output can be incomplete or inaccurate and should be verified before you rely on it.

5. How We Share Information

We share personal data only as needed to run the Service:

  • Subprocessors (Section 6) that provide infrastructure, payments, email and AI processing on our behalf, under contractual confidentiality and security obligations.
  • Within your organisation — content and activity may be visible to other members of your organisation according to their roles and permissions.
  • Legal and safety — where required by law, legal process, or to protect the rights, safety and property of WITEK CONSULTORIA DE TECNOLOGIA LTDA, our users or the public.
  • Business transfers — in connection with a merger, acquisition or sale of assets, subject to this policy.

6. Subprocessors

We rely on the following categories of subprocessors to deliver the Service. This list may change; material additions will be reflected here.

  • Cloud hosting & storage (Amazon Web Services) — application hosting and file storage.
  • Payments (Stripe) — subscription billing and payment processing.
  • Email delivery (Resend) — transactional and product emails.
  • AI processing (Anthropic, OpenAI) — generating answers and interpreting content.
  • Authentication (Google, GitHub) — optional single sign-on, when you choose it.
  • Error monitoring (Sentry) — diagnostics and reliability, where enabled.

7. International Data Transfers

We and our subprocessors may process data in countries other than your own, including outside Brazil and the European Economic Area. Where we transfer personal data internationally, we rely on appropriate safeguards — such as the European Commission’s Standard Contractual Clauses and equivalent mechanisms recognised under the LGPD — to protect it.

8. Cookies

We use cookies and similar technologies to keep you signed in, remember preferences, secure the Service and understand usage. You can control cookies through your browser settings; disabling some cookies may affect how the Service works.

9. Data Retention and Deletion

We retain personal data for as long as your account or organisation is active, and as needed to provide the Service, comply with legal obligations, resolve disputes and enforce agreements.

  • You can export your account data and delete your account from within the Service; deletion removes or anonymises your personal data on the schedule described in the Service, subject to limited legal retention requirements.
  • When you disconnect a source or delete Ingested Content, we remove the corresponding data from your knowledge graph. Residual copies in backups are deleted on our normal backup rotation.

10. Data Processing Agreement

If you use the Service to process personal data on behalf of your organisation, our Data Processing Agreement (“DPA”) applies to that processing and forms part of your contract with us. To request a copy of the DPA, contact support@updates.witek.sh.

11. Your Rights

Subject to the LGPD, the GDPR and other applicable laws, you may have the right to:

  • confirm whether we process your personal data and access it;
  • correct incomplete, inaccurate or outdated data;
  • request anonymisation, blocking or deletion of unnecessary or excessive data;
  • request data portability;
  • object to or restrict certain processing, and withdraw consent; and
  • obtain information about the entities with which we share your data.

To exercise these rights, contact support@updates.witek.sh. Because much Ingested Content is controlled by the organisation that connected it, we may direct certain requests to that organisation. You also have the right to lodge a complaint with the Brazilian data protection authority (ANPD) or your local supervisory authority.

12. Security

We use commercially reasonable technical and organisational measures — including encryption in transit, access controls and least-privilege practices — to protect personal data. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

13. Children

The Service is not directed to children and is intended for use by organisations and their authorised personnel. We do not knowingly collect personal data from children.

14. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a prominent notice in the Service. The “Last updated” date above reflects the latest revision.

15. Contact

For any questions, requests or concerns regarding this Privacy Policy or your personal data, contact us at support@updates.witek.sh.