WAYF is 'data processor' on behalf of the institution where you log in.
WAYF does not store any person-identifiable data about users.
A user may ask WAYF to store information about his consent to data exchange for one or more services. This information is kept in an encrypted form which cannot, in any way, be made human-readable (one-way destructive encryption, so-called 'hash values').
When you log into a service through WAYF, the information about you released from your institution may be re-used for up to eight hours (one working day), provided that you do not close your browser. This re-use of data enables 'single-sign-on', i.e. your ability to access any WAYF-enabled service through the browser once you have performed a single log-in at your institution's log-in page.