Privacy Policy

A comprehensive yet accessible guide to how we collect, use, and protect your personal information—designed for both individual users and business partners.

1. WHAT INFORMATION DO WE COLLECT?

Personal information you provide to us

We collect personal information that you voluntarily provide when you interact with our services. The types of information we collect include:

Identity & Contact Information

• Names, usernames, or similar identifiers
• Email addresses
• Login credentials and authentication data

Technical & Usage Information

• IP addresses and device identifiers
• Browser type, version, and settings
• Operating system and platform information
• Authentication tokens and session data

Account Preferences

• Account settings and configurations
• Communication preferences
• Language and regional settings

Information automatically collected

We automatically collect certain information when you visit, use, or navigate our services. This information does not reveal your specific identity but may include:

• Log and Usage Data: Date/time stamps, pages viewed, searches performed, features used, and device event information
• Device Data: Computer, phone, tablet information including IP address, application identification numbers, location, hardware model, and Internet service provider
• Location Data: State, country, and regional information based on IP address or device settings

Aggregated Data

We also collect and use aggregated data (statistical or demographic data) that does not directly identify you. However, if we combine aggregated data with your personal information in a way that can identify you, we treat the combined data as personal information protected by this policy.

Information from third parties

We may receive information about you from various third-party sources, including:

• Analytics providers (Google Analytics, similar services)
• Identity verification and authentication services
• Payment processors and financial service providers
• Customer support and CRM platforms
• Publicly available sources and business directories

2. HOW DO WE COLLECT YOUR INFORMATION?

We use different methods to collect data from and about you:

Direct Interactions

You provide information when you:

• Create an account or register for our SaaS platform
• Subscribe to our services or upgrade your account
• Configure your account settings and preferences
• Contact customer support or request assistance
• Participate in surveys, feedback programs, or beta testing
• Request marketing information or newsletters
• Provide feedback or contact us for any other reason

Automated Technologies

As you interact with our services, we automatically collect technical information using:

• Cookies and similar tracking technologies
• Server logs and analytics tools
• Web beacons and pixels

Third-Party Sources

We receive information from business partners, service providers, and publicly available sources as described in Section 1.

3. WHY & HOW DO WE USE YOUR INFORMATION?

Primary Purposes

We use your personal information for the following purposes:

• Service Delivery: Provide access to our SaaS platform, features, and services
• Account Management: Create and manage user accounts, authentication, and account security
• Customer Support: Respond to inquiries, provide technical support, and resolve issues
• Communication: Send administrative information, service updates, and policy changes
• Platform Analytics: Analyze usage patterns to improve our services, features, and user experience
• Feature Development: Develop new features and improve existing ones based on usage data
• Marketing: Deliver relevant content about new features, best practices, and service improvements
• Business Operations: Manage vendor relationships, enforce terms, and comply with legal requirements
• Security: Protect against fraud, troubleshoot problems, and maintain platform security
• Billing & Subscriptions: Process payments, manage subscriptions, and handle billing inquiries

Purpose Compatibility

We only use your information for the purposes for which we collected it, unless we reasonably need to use it for another compatible purpose. If we need to use your information for an unrelated purpose, we will notify you and explain the legal basis that allows us to do so.

4. WHAT LEGAL BASES DO WE RELY ON?

General Legal Bases

Depending on your location and circumstances, we may rely on the following legal bases to process your information:

Consent

We may process your information if you have given us permission to use it for a specific purpose. You can withdraw your consent at any time by contacting us or updating your preferences. Note that withdrawal does not affect the lawfulness of processing before withdrawal.

Performance of a Contract

We may process information when necessary to fulfill our contractual obligations, including providing services or at your request before entering into a contract.

Legal Obligations

We may process information where necessary to fulfill legal requirements, such as cooperating with law enforcement.

Vital Interests

We may process information when necessary to protect vital interests or safety, such as preventing harm.

Legitimate Interests

We may process information for our legitimate business interests, provided they are not overridden by your rights and freedoms. We carefully balance any potential impact on you before processing for legitimate interests.

Additional Legal Bases

Depending on your location, we may rely on the following additional legal bases:

• Legitimate Interest: Conducting and managing our business to provide the best services
• Contract Performance: Processing necessary for contract performance or steps at your request
• Legal Requirements: Processing necessary to fulfill legal obligations

Multiple Legal Bases

We may process your information for more than one lawful ground depending on the specific purpose. We process information without your knowledge or consent only when required or permitted by law.

Data Controller vs. Processor

In some cases, we act as the "data controller" (determining processing purposes and means). In other cases, we process information on behalf of our clients as a "data processor" following their instructions. When we are a data processor, the client is responsible for your information and their privacy policies apply.

5. DO WE USE COOKIES AND TRACKING?

Cookie Usage

We use cookies and similar tracking technologies (web beacons, pixels) to:

• Distinguish you from other users and remember your preferences
• Maintain security and prevent crashes
• Assist with basic site functions and improve user experience
• Analyze usage patterns and improve our services

Your Cookie Choices

Most web browsers accept cookies by default. You can usually choose to:

• Set your browser to refuse cookies
• Remove cookies from your device
• Opt-out of specific tracking technologies

If you choose to refuse cookies, some features or services may not function properly. For specific information about our cookies and how to refuse certain cookies, please refer to Wokay's Cookie Policy.

Google Analytics & Third-Party Tracking

We may share information with Google Analytics and similar services to track and analyze service usage. To opt-out of Google Analytics tracking, visit https://tools.google.com/dlpage/gaoptout. Other opt-out means include:

• http://optout.networkadvertising.org/
• http://www.networkadvertising.org/mobile-choice

6. DO WE SHARE YOUR INFORMATION?

Internal Sharing

We may share your information within our group of companies for the purposes described in this policy.

External Sharing

We may share your information with the following external parties:

• Service Providers: IT and system administration services, hosting, analytics, and customer support
• Professional Advisers: Lawyers, bankers, auditors, and insurers providing legal, financial, or accounting services
• Regulators & Authorities: When required by law or to protect our rights
• Business Transfers: If we sell, transfer, or merge parts of our business, your information may be transferred to new owners

Third-Party Requirements

We require all third parties to:

• Respect the security of your information
• Treat information in accordance with applicable law
• Only process information for specified purposes and per our instructions
• Not use your information for their own purposes

8. HOW DO WE KEEP YOUR INFORMATION SAFE?

Security Measures

We have implemented appropriate technical and organizational security measures designed to:

• Prevent unauthorized access, alteration, or disclosure
• Protect against accidental loss or misuse
• Limit access to employees and contractors with business need
• Ensure confidentiality through contractual obligations

Breach Notification

We have procedures to deal with suspected data breaches and will notify you and applicable regulators when legally required to do so.

Important Disclaimer

Despite our safeguards, no electronic transmission or storage is 100% secure. We cannot guarantee that hackers will not bypass our security. You access our services at your own risk and should only do so in a secure environment.

9. HOW LONG DO WE KEEP YOUR INFORMATION?

Retention Periods

We keep your information only as long as necessary for the purposes described in this policy, unless:

• A longer retention period is required or permitted by law (tax, accounting, or other legal requirements)
• There is a prospect of litigation or complaint regarding our relationship with you

Deletion & Anonymization

When we no longer need your information:

• We will delete or anonymize it
• If immediate deletion isn't possible (e.g., backup archives), we will securely store it and isolate it from further processing
• We may anonymize information for research or statistical purposes and use it indefinitely

Account Deletion

Upon account termination, we will deactivate or delete your account from active databases. However, we may retain some information to:

• Prevent fraud and troubleshoot problems
• Assist with investigations
• Enforce legal terms
• Comply with legal requirements

10. DO WE COLLECT SENSITIVE OR SPECIAL DATA?

Restricted Data Types

We do not knowingly process the following types of sensitive information unless specifically agreed upon:

• Protected Health Information (PHI): Health data and medical information
• Cardholder Data: Payment card information
• Sensitive PII: Information requiring special protection
• Minor Data: Personal data of children under 18

Special Processing Requirements

If you need to process sensitive data types, you must:

• Enter into a specific agreement permitting such processing
• In the case of PHI, execute a Business Associate Agreement (BAA) with us

Refusal Consequences

Where we need to collect information by law or contract, and you fail to provide it, we may not be able to perform our services. In such cases, we will notify you if this affects our ability to provide services.

11. DO WE COLLECT INFORMATION FROM MINORS?

Age Restrictions

We do not knowingly collect or solicit data from children under 18 years of age, nor do we knowingly market to children. By using our services, you represent that you are at least 18 years old or that you are the parent/guardian consenting to such minor's use.

Accidental Collection

If we learn that personal information from users under 18 has been collected, we will:

• Immediately deactivate the account
• Take reasonable measures to promptly delete the data
• Notify parents/guardians if appropriate

Parent Contact

If you become aware of any data collected from children under 18, please contact us at privacy@wokay.com.

12. WHAT ARE YOUR PRIVACY RIGHTS?

General Rights

Depending on your location, you may have the following rights:

Right to Access

You can request access to and a copy of your personal information, including confirmation of whether we process your data.

Right to Correction

You can request correction of inaccurate or incomplete personal information we hold about you.

Right to Erasure

You can request deletion of your personal information where there is no compelling reason for us to continue processing it. However, we may not always comply due to specific legal reasons, which we will explain at the time of your request.

Right to Restrict Processing

You can request that we suspend processing of your information in certain circumstances:

• To establish data accuracy
• Where use is unlawful but you don't want deletion
• Where you need us to hold data for legal claims
• While we verify overriding legitimate grounds

Right to Object

You can object to processing based on legitimate interests, particularly for direct marketing. In some cases, we may demonstrate compelling legitimate grounds that override your objection.

Right to Data Portability

You can request transfer of your information to you or a third party in a structured, commonly used, machine-readable format. This applies to information you provided consent for or where we used it to perform a contract.

Right to Withdraw Consent

Where we rely on consent, you can withdraw it at any time. Withdrawal does not affect lawfulness of processing before withdrawal. If you withdraw consent, we may be unable to provide certain services that rely on that consent.

Right to Automated Decision Information

Our platform does not engage in automated decision-making that produces legal or similarly significant effects. This right is not applicable.

Additional Rights

Depending on your location, you may have additional rights, including the right to complain to local data protection authorities and the rights listed above.

13. HOW CAN YOU CONTROL YOUR INFORMATION?

Account Management

If you would like to review, update, or delete your account information, you can:

• Contact us using the information provided below
• Access account settings through our platform
• Update preferences directly where available

Verification Process

To protect your information, we may need to:

• Request specific information to confirm your identity
• Contact you for additional details to speed up response
• Verify your right to access the information

Response Times

We strive to respond to all legitimate requests in a timely manner. If we anticipate delays, we will notify you and keep you updated on your request status.

14. DO WE RESPOND TO DO-NOT-TRACK SIGNALS?

DNT Browser Settings

Most web browsers include a Do-Not-Track (DNT) feature you can activate to signal your privacy preference. However:

• No uniform technology standard for recognizing DNT signals has been finalized
• We do not currently respond to DNT browser signals
• Our third-party partners may not honor DNT settings

Future Adoption

If a standard for online tracking is adopted that we must follow, we will inform you in an updated version of this policy.

15. DO WE UPDATE THIS POLICY?

Updates and Notifications

We may update this policy from time to time. When we do:

• We will indicate the updated "Revised" date at the top
• We may notify you of material changes by prominent notice or direct communication
• We encourage you to review this policy regularly

Previous Versions

We make prior versions of our privacy policies available for review upon request.

16. HOW CAN YOU CONTACT US?

17. WHO IS RESPONSIBLE FOR THIS POLICY?

Policy Governance

Exceptions

Any exceptions to this policy must be authorized by management, the CISO, DPO, or specifically designated personnel. Currently, there are no established exceptions.

Related Documents

• Wokay Terms of Service
• Wokay Cookie Policy
• Wokay Data Processing Agreement (for business clients)