Cookie Policy

Outlines the use of cookies and similar tracking technologies, with types, purposes, and your choices.

Wooli Cookie Policy Last Updated: June 5, 2026

This Cookie Policy explains how Wooli, Inc. ("Wooli," "we," "us," or "our") uses cookies and similar tracking technologies across the Wooli websites and online services operated under the wooli.com domain: the public marketing website at www.wooli.com, the free resource application Explore at explore.wooli.com, and the Wooli Subscription Service at apps.wooli.com (the "Service," and together with the marketing website and Explore, the "Wooli Sites"). The Service supports the upload, storage, and management of diverse data (including documents, personal information, and information on others) and features (such as task assignment, file sharing, and team coordination). Subscriptions to the Service are sold and billed by Wooli and may include content or features provided by affiliated organizations, such as Wooli Safety, Inc.

This Cookie Policy is incorporated into and supplements the Wooli Privacy Policy, the Wooli Terms of Service (ToS), the Data Processing Agreement (DPA), and the Acceptable Use Policy (AUP). In the event of a conflict between this Cookie Policy and another Wooli policy regarding cookies and tracking technologies, this Cookie Policy controls for cookie-specific matters; otherwise, the Privacy Policy and ToS prevail.

We comply with applicable data protection laws. By continuing to use the Wooli Sites after accepting our cookie banner, you consent to the use of cookies and tracking technologies as described in this Cookie Policy, except where consent is not legally required (for example, for Essential Cookies).

Table of Contents

• 1 Introduction
• 2 Definitions
  • 2.1 Cookie
  • 2.2 Tracking Technology
  • 2.3 First-Party Cookie
  • 2.4 Third-Party Cookie
  • 2.5 Session Cookie
  • 2.6 Persistent Cookie
  • 2.7 Do Not Track (DNT)
  • 2.8 Global Privacy Control (GPC)
• 3 Types of Cookies and Tracking Technologies
  • 3.1 Essential / Strictly Necessary
  • 3.2 Functional / Preferences
  • 3.3 Analytics / Performance
• 4 Purposes of Use
• 5 Third-Party Cookies and Integrations
• 6 Consent Mechanism
• 7 Managing Your Preferences
• 8 Children's Privacy
• 9 Jurisdiction-Specific Provisions
• 10 Updates to This Policy
• 11 Contact Information
• 12 Reference Links

1 Introduction

This Cookie Policy applies to all users and visitors of the Wooli Sites, including individuals and Organizations. It explains what cookies and similar tracking technologies are, the categories we use and who provides them, the bases on which we set them, and how you can review, change, or withdraw your consent. This Cookie Policy operates alongside Section 11 of the Privacy Policy, which gives a high-level summary of cookie use across the Service; where this Cookie Policy provides more detail, it is the controlling reference for cookie-specific matters. If you do not agree with this Cookie Policy, you should reject non-Essential Cookies via the cookie banner or stop using the Service. For questions or to exercise data rights related to cookies, contact us as described in Section 11.

2 Definitions

The following terms supplement those defined in the Terms of Service and the Privacy Policy. Where shared terms appear (e.g., Personal Information, Customer Data, Subprocessor), the Privacy Policy definitions apply.

2.1 Cookie

A small text file placed on your device by a web server when you visit or interact with the Service. Cookies allow the Service to recognize your device, store preferences, maintain authenticated sessions, and collect aggregated usage data.

2.2 Tracking Technology

Any technology, other than cookies, used to identify or analyze user activity, including but not limited to web beacons, pixel tags, local storage (e.g., HTML5 localStorage and IndexedDB), session storage, software development kits (SDKs), and device or browser fingerprinting techniques.

2.3 First-Party Cookie

A cookie set by the domain you are visiting (i.e., wooli.com or its subdomains).

2.4 Third-Party Cookie

A cookie set by a domain other than the one you are visiting, typically by a Subprocessor or integrated service provider.

2.5 Session Cookie

A temporary cookie that is deleted when you close your browser or session.

2.6 Persistent Cookie

A cookie that remains on your device for a defined period or until you delete it manually.

2.7 Do Not Track (DNT)

A browser-level signal that requests websites not to track the user. We acknowledge DNT signals but do not currently honor them automatically; control your preferences through the cookie banner described in Section 6.

2.8 Global Privacy Control (GPC)

A browser- or extension-level signal that communicates a user's privacy preferences (e.g., opt-out of the sale or sharing of Personal Information). We acknowledge GPC signals but do not currently honor them automatically; control your preferences through the cookie banner described in Section 6. Automatic recognition of GPC signals is on our roadmap and will be reflected in a future update to this Cookie Policy.

3 Types of Cookies and Tracking Technologies

We classify the cookies and tracking technologies we set (or allow our Subprocessors to set) into the categories below. We do not use Marketing Cookies, Advertising Cookies, retargeting cookies, social media tracking pixels, or embedded social media content cookies on the Service.

3.1 Essential / Strictly Necessary

Essential Cookies are required for the Service to function and cannot be disabled through the cookie banner. They support actions you take, such as signing in, maintaining a secure session, balancing load across servers, preventing fraudulent or malicious requests, and remembering security-relevant settings (e.g., multi-factor authentication state). Examples include authentication tokens, session identifiers, anti-CSRF tokens, and load-balancer affinity cookies. Because Essential Cookies are required to provide the Service you request, we set them without prior consent, as permitted by applicable law. Disabling Essential Cookies through your browser will prevent the Service from functioning correctly.

3.2 Functional / Preferences

Functional Cookies remember choices you make to personalize your experience on the Service, such as your preferred language, time zone, UI theme, accessibility settings, and recently used workspaces or tabs. They do not track you across other sites. We set Functional Cookies with your consent where required by applicable law. You can disable Functional Cookies through the cookie banner; if disabled, the Service will revert to default settings on each visit.

3.3 Analytics / Performance

Analytics Cookies help us understand how the Service is used so we can improve its reliability, performance, and feature design. We use PostHog as our sole analytics provider for application usability — for example, to measure feature adoption, identify navigation issues, and detect errors. We do not use analytics data for marketing or advertising purposes, and we do not use analytics data to build cross-site advertising profiles. PostHog operates under a data processing agreement consistent with the DPA and is included in the Subprocessor List. Where required by applicable law, we set Analytics Cookies only after you grant consent through the cookie banner. You can withdraw consent at any time through the preference center described in Section 7.

4 Purposes of Use

We use cookies and tracking technologies to authenticate users and maintain secure sessions (Essential); protect the Service against fraud, abuse, and security threats (Essential); remember your preferences across sessions (Functional); measure feature adoption, performance, and reliability of the Service (Analytics, via PostHog); detect and diagnose errors that affect the user experience (Analytics, via PostHog); and comply with legal obligations, including recording consent choices for audit purposes (Essential).

We do not use cookies or tracking technologies to sell or share Personal Information for cross-context behavioral advertising, to deliver personalized advertising, to combine data across unrelated services, or to profile users for marketing decisions.

5 Third-Party Cookies and Integrations

Most cookies set by the Service are first-party cookies under the wooli.com domain. We engage one third-party Subprocessor that may set or read cookies on your device:

• PostHog (analytics) — application usability analytics, including event tracking, session replay where enabled, and feature flag delivery. PostHog's privacy policy is available at posthog.com/privacy. PostHog is included in the Subprocessor List and operates under the DPA terms.

The Service does not embed third-party social media buttons, third-party advertising tags, third-party retargeting pixels, or other cross-site tracking technologies. If we add a new third-party Subprocessor that sets cookies, we will update this Cookie Policy and the Subprocessor List, and where consent is required we will re-prompt you through the cookie banner. Disabling third-party cookies in your browser will prevent PostHog cookies from being set; this will not affect the core Service but will limit our ability to detect performance and usability issues.

6 Consent Mechanism

When you first visit the Service, we present a cookie banner that describes the categories of cookies in use and lets you accept all, reject all non-Essential, or set per-category preferences. Your choices are recorded as a Functional Cookie so that we can apply them on subsequent visits, in accordance with applicable law. Where Wooli is the data controller, we record consent for our own audit purposes; where Wooli acts as a service provider (processor) on behalf of a Customer, the Customer remains responsible for ensuring lawful collection and consent for any data their Users provide.

You can change your preferences at any time through the preference center described in Section 7. Withdrawing consent does not affect the lawfulness of processing carried out before the withdrawal. We do not currently honor browser-level Do Not Track or Global Privacy Control signals automatically; please use the cookie banner or preference center to express your choices.

7 Managing Your Preferences

You have several options for managing cookies and tracking technologies on the Service:

• Wooli preference center: Use your Cookie Settings to review the categories of cookies in use and update your consent at any time. Changes take effect immediately and apply to the device and browser you are using.
• Browser controls: Most browsers allow you to view, manage, block, or delete cookies through their settings. Refer to your browser's help pages for instructions (e.g., Chrome, Firefox, Safari, Edge).
• Mobile OS controls: On mobile devices, you can reset advertising identifiers, opt out of personalized advertising, and limit ad tracking through the privacy settings of iOS or Android. We do not use these identifiers for advertising; this guidance is provided for completeness.
• PostHog opt-out: You can disable PostHog analytics for the Service through the cookie banner or preference center; you may also use PostHog's general opt-out instructions at posthog.com/privacy.

If you disable Essential Cookies, the Service will not work correctly. If you disable Analytics or Functional Cookies, the Service will continue to operate, but we will lose visibility into usability issues and you may need to reset preferences each session.

8 Children's Privacy

The Service is not intended for use by individuals under 13, and we do not knowingly set cookies — Essential, Functional, or Analytics — for users we know to be children under 13, consistent with the Children's Online Privacy Protection Act (COPPA). We do not use cookies to target advertising to minors (we do not use advertising cookies at all). If you believe a child has used the Service and that cookies have been set in connection with such use, contact us via the Privacy Contact to request deletion.

9 Jurisdiction-Specific Provisions

This Cookie Policy is designed to comply with applicable U.S. data protection laws:

• California (United States): Under the CCPA, you have the right to know about, delete, and limit the use of Personal Information, including data collected via cookies. We do not sell or share Personal Information for cross-context behavioral advertising; therefore, the "Do Not Sell or Share My Personal Information" right does not currently apply to cookie-based collection by Wooli.
• Other United States jurisdictions: We comply with applicable state-level privacy laws (e.g., Virginia, Colorado, Connecticut), including consent requirements for sensitive data.

Where applicable law requires stricter handling than this Cookie Policy describes, the stricter requirement applies.

10 Updates to This Policy

We may update this Cookie Policy to reflect changes in the Service, our Subprocessors, or applicable law. For material changes — such as the addition of a new cookie category, a new Subprocessor that sets cookies, or a change to the basis for processing — we will notify you by email (to the address associated with your Account) or through in-Service notifications, and we will re-prompt you through the cookie banner where consent is required for the change. Continued use of the Service after an update takes effect constitutes acceptance of the updated Cookie Policy.

11 Contact Information

For questions about this Cookie Policy, to update your consent, or to exercise data rights related to cookies, contact us at:

• Email: privacy@wooli.com
• Address: Wooli, Inc., PO Box 39, Estero, FL 33929
• Online: through the Wooli Website

Wooli is responsible for responding to cookie and privacy inquiries.

12 Reference Links

The websites, pages, policies, and contact addresses referenced in this Cookie Policy are listed below. Where this Cookie Policy refers to a Wooli website, page, policy, or contact by name (for example, the Wooli Website, the Privacy Policy, the Terms of Service, the Data Processing Agreement, the Acceptable Use Policy, the Subprocessor List, or the Cookie Settings), that reference means the corresponding resource identified in this section. Wooli may update the links below from time to time without altering the substance of this Cookie Policy.

Resource	Link
Wooli Website	www.wooli.com
Explore (Free Resources)	explore.wooli.com
Subscription Service (App)	apps.wooli.com
Terms of Service (ToS)	www.wooli.com/legal/terms
Privacy Policy	www.wooli.com/legal/privacy
Data Processing Agreement (DPA)	www.wooli.com/legal/dpa
Acceptable Use Policy (AUP)	www.wooli.com/legal/aup
Subprocessor List	www.wooli.com/legal/subprocessors
Cookie Settings	apps.wooli.com
Privacy Contact	privacy@wooli.com