Walling
Features Agents Pricing Download MCP
Sign in Get started
Legal

Privacy Policy

Last updated: June 20, 2026

This policy describes what data Walling collects when you use our website, applications, and APIs (including the Model Context Protocol server), how we use that data, who we share it with, and the choices you have. We try to keep it short and in plain language. If anything is unclear, please contact us.

At a glance

We don’t sell your data

Walling has never sold and will never sell your personal information.

Not used to train shared AI

Workspace content sent to AI providers is processed under enterprise agreements that prohibit training on it.

AI features are opt-in

Nothing is sent to a model or external client until you trigger a feature or authorize a connection.

Revoke any time

Cut off any MCP connection or scheduled agent from Settings. Takes effect on the next call.

Who we are

Walling is operated by Walling Software Inc., a Delaware corporation. We provide a visual workspace for organizing ideas, content, tasks, and projects across web and mobile, with optional AI assistance and integrations.

Data we collect

Walling collects only what it needs to operate the service. Data falls into three categories:

Account information

Email, name, authentication credentials, and profile information you provide. If you sign in with Google, Apple, or workspace SSO, we receive the basic profile that provider returns.

Workspace content

The walls, sections, bricks, tags, files, comments, and other content you create, upload, or import — including content sent in via email pipelines and connected AI clients.

Usage and device data

Standard metadata such as IP address, browser/device type, pages visited, feature interactions, and timestamps. Used for security, troubleshooting, and product improvement.

How we use your data

We use your data to:

  • Provide and operate Walling — sync content, render your workspace, and deliver collaboration features.
  • Authenticate you and protect your account from unauthorized access.
  • Power AI features you choose to use (chat, generation, organization, MCP).
  • Support and improve the product — debug issues, measure feature usage in aggregate, plan improvements.
  • Send service emails (account notices, billing, security) and, where you opt in, product updates.
  • Comply with legal obligations and enforce our Terms.

What we never do. We do not sell your personal information, and we do not use the content of your workspace to train shared machine-learning models.

Your workspace content

Content you create in Walling belongs to you. We process it on your behalf to provide the service — to store it, sync it across your devices, render it in the app, share it with people you invite, and (where you choose) pass relevant excerpts to the AI features you activate.

  • Other members of a shared workspace can see content shared with them.
  • Public links you create are accessible to anyone who has the link.
  • You can delete content at any time; see Retention.

AI features and content processing

Walling integrates large language models (LLMs) and embedding models to power features like AI Chat, wall generation, the AI Wizard, inbox organization, and scheduled AI agents. When you use these features, relevant content from your workspace is sent to our model providers for processing.

  • We use providers under enterprise-grade agreements that prohibit using your content to train their models.
  • Content is sent only when you trigger an AI feature or when you authorize a scheduled agent to run on your behalf.
  • For search and retrieval, we generate vector embeddings of your content and store them in our own infrastructure. Embeddings are not human-readable but represent your content and are protected with the same access controls as the source.
  • You can see and revoke scheduled AI agents at any time from Settings → Agents.

Connecting external AI clients (MCP)

The Walling Model Context Protocol (MCP) server lets you connect external AI clients — such as Claude, Cursor, and ChatGPT — to your Walling workspace. This is an opt-in feature: nothing is sent until you authorize a connection. Here is what happens to your data once you do:

OAuth tokens

The connecting client receives an access token scoped to the permissions you granted and tied to a specific workspace. Tokens are stored by the client; Walling stores the corresponding grant record. Revoke from Settings → Connections at any time.

walling.read walling.write walling.execute walling.manage

Requests from the client

Each tool call is logged with metadata (tool name, timestamp, connection, result status). Tool arguments and return values are not stored beyond what is needed to operate the feature.

Content sent to the client

Read tools return content from your workspace to the connecting client (Claude, Cursor, ChatGPT, etc.) — each is a third party with its own privacy policy. Review the practices of any client you connect.

Write policy

By default, writes are queued as proposals in the Walling app for you to approve before any change is applied. You may grant walling.execute to apply writes directly — do this only with clients you trust.

Cross-workspace isolation

Each MCP connection is tied to a single workspace. An authorized connection cannot read or write to other workspaces you belong to.

Service providers (sub-processors)

Walling relies on a small number of vetted service providers to operate. They process data only on our behalf and under contractual data-protection commitments.

Infrastructure

  • Supabase

    Primary database and authentication

  • Cloudflare

    Delivery, security, email ingress

  • Railway

    Application hosting

AI providers

  • Anthropic

    Language models for AI features

  • OpenAI

    Language and embedding models

Operations

  • Sentry

    Error and crash reporting

  • PostHog

    Privacy-respecting product analytics

  • Gleap

    In-app help center and support chat

  • Paddle

    Payment processing and Merchant of Record for paid plans

We may also use email delivery providers for transactional and notification email. We update this list as our infrastructure evolves; material changes are reflected here with an updated effective date.

When we share data

We share your data only in the following limited circumstances:

  • With service providers listed above, strictly to operate the service.
  • With other members of a workspace, as required to power collaboration.
  • With AI clients you authorize via MCP, scoped to the permissions you grant.
  • When required by law, in response to valid legal process, or to protect rights and safety.
  • In connection with a business transaction (merger, acquisition, etc.) — subject to commitments equivalent to this policy.

Security

We protect your data with industry-standard technical and organizational measures:

  • Encryption in transit (TLS) and encryption at rest in our primary database.
  • Scoped access controls, including row-level security on tenant data.
  • Audited infrastructure and OAuth-based API access.
  • Routine secret rotation and least-privilege service accounts.

No system is perfectly secure. We maintain an incident-response process and will notify affected users in line with applicable laws.

Retention

We keep your workspace content for as long as your account is active. When you delete content, it goes to a recycle bin you can restore from; items in the recycle bin are permanently deleted after a grace period. You can request deletion of your account at any time — see Your rights.

Operational logs (request metadata, errors, security events) are retained for a limited window for security, debugging, and abuse prevention. Aggregated, de-identified analytics may be kept for longer.

Your rights

Depending on where you live, you may have rights to access, correct, export, or delete your personal data, to object to or restrict certain processing, and to withdraw consent. You can exercise most of these directly in the app:

Access and export

Export your content from Walling in standard formats.

Delete

Delete bricks, walls, or your entire account from Settings → Account.

Revoke MCP connections

Cut off any external AI client from Settings → Connections. Effective immediately.

Marketing email

Unsubscribe from any product email with a single click.

For anything you cannot do directly in the app, email privacy@walling.io and we will respond within the timeframe required by applicable law.

Cookies and similar technologies

We use cookies and local storage to keep you signed in, remember your preferences, and measure product usage. We do not use third-party advertising cookies. Where required by law, we will ask for your consent before non-essential cookies are set.

Children

Walling is not directed to children under 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal data from children. If you believe a child has provided us personal data, please contact us so we can delete it.

International transfers

Walling is hosted and operated in the United States. If you access Walling from outside the United States, your data will be transferred to and processed in the United States and other jurisdictions where our service providers operate. Where required, we rely on appropriate safeguards (such as Standard Contractual Clauses) for these transfers.

Changes to this policy

We may update this policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you in the app or by email. Continued use of Walling after the effective date constitutes acceptance of the revised policy.

Contact us