Privacy Policy

Governs the collection, use, and protection of Personal Information processed through the Service.

Wooli Privacy Policy Last Updated: June 5, 2026

Table of Contents

• 1 Introduction
• 2 Definitions
  • 2.1 Personal Information
  • 2.2 Sensitive Personal Information
  • 2.3 Customer Data
  • 2.4 User Content
  • 2.5 System Data
  • 2.6 Consumer
  • 2.7 Data Subject
  • 2.8 Processing
  • 2.9 Subprocessor
  • 2.10 Security Event
  • 2.11 Partner
• 3 Information We Collect
  • 3.1 Identification and Contact Data
  • 3.2 Financial Information
  • 3.3 IT and Technical Data
  • 3.4 Authentication and Security Data
  • 3.5 Usage and Interaction Data
  • 3.6 Communication Data
  • 3.7 Third-Party and Integrated Service Data
  • 3.8 Customer Data and User Content
  • 3.9 Metadata and Analytics Data
  • 3.10 Demographic Data
  • 3.11 Sensitive Personal Information
• 4 How We Collect Information
  • 4.1 Directly from You
  • 4.2 Automated Collection
  • 4.3 From Affiliated Organizations
  • 4.4 From Other Users
  • 4.5 From Third-Party Integrations
• 5 How We Use Information
  • 5.1 Service Provision
  • 5.2 Authentication and Security
  • 5.3 Subscription Management
  • 5.4 Platform Improvement
  • 5.5 Support and Maintenance
  • 5.6 Legal Compliance
  • 5.7 Marketing (Optional)
• 6 How We Share Information
  • 6.1 Subprocessors
  • 6.2 Affiliated Organizations
  • 6.3 Collaborative Features
  • 6.4 Third-Party Integrations
  • 6.5 Legal Disclosures
  • 6.6 Anonymized Data
• 7 Data Security
  • 7.1 Technical Measures
  • 7.2 Organizational Measures
  • 7.3 User Responsibilities
  • 7.4 HIPAA Compliance
  • 7.5 Confidentiality
• 8 Data Retention and Deletion
• 9 User Rights
  • 9.1 Access and Portability
  • 9.2 Correction
  • 9.3 Deletion
  • 9.4 Opt-Out
  • 9.5 Request Process
  • 9.6 Wooli Assistance
• 10 International Data Transfers
• 11 Cookies and Tracking Technologies
• 12 Third-Party Services and Integrations
• 13 Children's Data
• 14 Breach Notification
• 15 Changes to the Privacy Policy
• 16 Contact Information
• 17 Jurisdiction-Specific Provisions
• 18 Reference Links

1 Introduction

This Privacy Policy governs the collection, use, protection, and sharing of Personal Information and other data processed through the Wooli Subscription Service (the "Service") at apps.wooli.com. It also covers data we collect through the public Wooli marketing website at www.wooli.com (the "Website") and the free resource application Explore at explore.wooli.com (together with the Service and the Website, the "Wooli Sites"). The Service, provided by Wooli, Inc. ("Wooli," "we," "us," or "our"), supports the upload, storage, and management of diverse data (including documents, personal information, and information on others) and features (such as task assignment, file sharing, and team coordination). Subscriptions to the Service are sold and billed by Wooli and may include content or features provided by affiliated organizations, such as Wooli Safety, Inc.

This Privacy Policy applies to all users and visitors of the Wooli Sites, including individuals and Organizations. Where Wooli Processes Personal Information on behalf of a Customer, it acts as a service provider (processor), as set out in the Data Processing Agreement (DPA). We are committed to protecting your privacy and complying with applicable data protection laws. This Privacy Policy is incorporated into and governed by the Wooli Terms of Service (ToS) and should be read together with the Acceptable Use Policy (AUP).

The Service is offered in, and intended for users in, the United States. If you do not agree with this Privacy Policy, do not access or use the Service. For questions or to exercise your data rights, contact us as described in Section 16.

2 Definitions

The following terms have the meanings set forth below.

2.1 Personal Information

Any information relating to an identified or identifiable individual that is processed through the Service.

2.2 Sensitive Personal Information

Categories of Personal Information that require additional protection under applicable law, such as Social Security numbers, precise geolocation, health information, biometric data, or financial account information.

2.3 Customer Data

All information, data, documents, or content you or your Users upload, submit, store, or process through the Service, including Personal Information.

2.4 User Content

A subset of Customer Data that you or your Users directly upload, submit, or process, including documents, personal information, and data shared in collaborative features.

2.5 System Data

Anonymized, aggregated data (e.g., usage statistics and analytics) that is not attributable to any individual, used to operate and improve the Service. System Data does not include audit, security, or activity logs that identify, or are reasonably attributable to, a specific user; such logs are treated as Personal Information and handled in accordance with this Privacy Policy.

2.6 Consumer

A natural person whose Personal Information is processed, as understood under applicable U.S. state privacy laws.

2.7 Data Subject

An individual whose Personal Information is processed.

2.8 Processing

Any operation performed on Personal Information, such as collection, storage, use, disclosure, or deletion, whether automated or manual.

2.9 Subprocessor

A third-party service provider engaged by Wooli to process Personal Information on your behalf.

2.10 Security Event

Unauthorized access to, acquisition of, or use of Personal Information that compromises its security and requires notification under applicable law.

2.11 Partner

An organization affiliated with Wooli, Inc. (a sister company), such as Wooli Safety, Inc., that provides content or features made available through the Service.

3 Information We Collect

We collect the following types of information to provide the Service:

3.1 Identification and Contact Data

Name, address, title, phone number, and email provided during account creation or subscription management.

3.2 Financial Information

Credit card details, account and billing details, and payment data processed through our online payment process.

3.3 IT and Technical Data

IP addresses, cookies, location data, browser type and version, operating system, and device identifiers (e.g., UUID, MAC address) collected during use of the Service.

3.4 Authentication and Security Data

Login credentials (usernames, hashed passwords) and multi-factor authentication details for Account access.

3.5 Usage and Interaction Data

Application logs, user activity within the Service (e.g., page views, features used, time spent), and clickstream data.

3.6 Communication Data

Messages sent through the platform (e.g., chat, support requests, comments) and your communications with customer support, including recordings or transcripts where applicable.

3.7 Third-Party and Integrated Service Data

Information from third-party integrations (e.g., Google, Stripe, Slack) or social media profile data if you link such accounts.

3.8 Customer Data and User Content

Documents, personal information, third-party data (e.g., client information), or custom data fields you or your Users upload or share through the Service, including in collaborative features.

3.9 Metadata and Analytics Data

Analytics-derived data and anonymized or aggregated data (e.g., System Data) used to improve the Service.

3.10 Demographic Data

Age, gender, or language preference, collected only if you provide it or it is required for Service functionality.

3.11 Sensitive Personal Information

Health data, biometric data, or government-issued identifiers, processed only if explicitly enabled in your Subscription with appropriate consents and safeguards, including a Business Associate Agreement (BAA) for HIPAA-regulated data.

Note: We do not process Sensitive Personal Information (e.g., Protected Health Information under HIPAA, or nonpublic personal information under GLBA) unless explicitly enabled in your Subscription with appropriate consents and safeguards. You must not upload such data without prior authorization.

4 How We Collect Information

We collect information through the following methods:

4.1 Directly from You

When you create an Account, subscribe, or upload Customer Data or User Content, including custom data fields or documents.

4.2 Automated Collection

Via cookies, trackers, and analytics tools when you interact with the Service (e.g., accessing the Service, using collaborative features, or generating clickstream data). We use consent prompts (e.g., a cookie banner) for non-essential cookies.

4.3 From Affiliated Organizations

Contact or subscription details that an affiliated organization (Partner) provides in connection with content or features included in your Subscription.

4.4 From Other Users

Data shared by other Users in collaborative features (e.g., shared tasks, files, or chat messages).

4.5 From Third-Party Integrations

Data from authorized integrations (e.g., Google, Stripe, Slack) or social logins, if you enable them.

5 How We Use Information

We process Personal Information and Customer Data for the following purposes:

5.1 Service Provision

To host, store, process, and display User Content, enable collaborative features (e.g., task sharing, file storage), and deliver the Service as specified in your Order Form.

5.2 Authentication and Security

To manage login credentials and multi-factor authentication for secure Account access.

5.3 Subscription Management

To process payments and manage Subscriptions, including billing and financial data.

5.4 Platform Improvement

To analyze System Data (e.g., usage logs and analytics) to optimize Service performance and functionality.

5.5 Support and Maintenance

To provide technical support, respond to support requests (including chat or transcripts), and maintain the Service.

5.6 Legal Compliance

To comply with tax reporting, data protection laws, and other legal obligations.

5.7 Marketing (Optional)

For promotional communications, only with your opt-in consent.

We do not sell Personal Information, and we do not share it for purposes outside our direct relationship with you, except as permitted by law or the ToS. If we determine that we can no longer meet our obligations under applicable data protection law, we will promptly notify you at the email associated with your Account so you can take steps to address the issue.

6 How We Share Information

We share Personal Information and Customer Data only as necessary to provide the Service or comply with legal obligations:

6.1 Subprocessors

With third-party service providers (e.g., cloud hosting and payment processors such as Stripe) to deliver the Service, under data protection terms at least as protective as this policy. A list of subprocessors is available in the Subprocessor List.

AI Subprocessors: Certain Features use third-party artificial-intelligence providers — currently OpenAI, L.L.C. and Anthropic, PBC — to process the prompts and User Content you choose to submit to AI-powered Features. These providers act as subprocessors, are bound by written agreements consistent with the DPA, and process your inputs only to return results to you. We do not permit these providers to use your User Content to train their models. We send data to an AI subprocessor only when you actively use an AI Feature. The current AI subprocessors are listed in the Subprocessor List.

6.2 Affiliated Organizations

With affiliated organizations (Partners), such as Wooli Safety, Inc., that provide content or features included in your Subscription; they do not access your User Content except as authorized by you.

6.3 Collaborative Features

Among Users in collaborative features (e.g., shared tasks, files, chat messages), where you are responsible for obtaining any consents required for shared Personal Data.

6.4 Third-Party Integrations

With integrated services (e.g., Google, Slack) that you choose to enable, subject to your verification of their compliance.

6.5 Legal Disclosures

When required by law, court order, or governmental authority, with notice to you where permitted.

6.6 Anonymized Data

System Data may be shared in aggregated, anonymized form for analytics or platform improvement, where it is not attributable to any individual.

7 Data Security

We implement industry-standard security measures to protect Personal Information and Customer Data:

7.1 Technical Measures

Encryption, access controls, secure transmission protocols, and hashed passwords for authentication data.

7.2 Organizational Measures

Regular security reviews, employee training, and internal security policies.

7.3 User Responsibilities

You must use strong passwords, enable multi-factor authentication where available, and follow secure practices for your Account and User Content.

7.4 HIPAA Compliance

For HIPAA-enabled Subscriptions, we execute a Business Associate Agreement (BAA) to safeguard Protected Health Information.

7.5 Confidentiality

Personnel authorized to process Personal Information are bound by confidentiality obligations.

Further details of our security practices are described in the DPA. You must notify us of any suspected security breach via the Privacy Contact without undue delay.

8 Data Retention and Deletion

We retain Personal Information and Customer Data for the duration of your Subscription and for 30 days after termination to allow you to export your data through the Account Management Page. After this period, we delete data from live databases, except where retention is required by law or for legitimate business purposes (e.g., archived backups). Data shared in collaborative features (e.g., tasks, files, chat messages) may persist in other Users' accounts, subject to their rights. Upon your request, we will return or destroy Personal Information, including copies, extracts, and summaries, unless retention is legally required. You are responsible for exporting your data before termination.

9 User Rights

You have the following rights regarding your Personal Information, subject to applicable law:

9.1 Access and Portability

Request access to, or a copy of, the Personal Information we hold about you.

9.2 Correction

Request correction of inaccurate or incomplete Personal Information.

9.3 Deletion

Request deletion of your Personal Information.

9.4 Opt-Out

Opt out of the sale or sharing of Personal Information. We do not sell Personal Information.

9.5 Request Process

Submit requests through the Account Management Page or by contacting the Privacy Contact. We respond within the time required by applicable law.

9.6 Wooli Assistance

Where Wooli acts as a service provider (processor), we assist Customers in fulfilling individual rights requests, as described in the DPA.

You represent that your instructions for Processing Personal Information comply with applicable law and that you have obtained all necessary consents and provided required notices to individuals.

10 International Data Transfers

We primarily store and process Customer Data in the United States. Certain limited data — currently product-analytics data — is processed by a subprocessor in the European Union, as identified in the Subprocessor List. Where we transfer Personal Information across borders, we do so in accordance with applicable data protection law and implement appropriate safeguards. For information about where your data is hosted, contact the Privacy Contact or review the DPA.

11 Cookies and Tracking Technologies

We use cookies and similar technologies to operate and improve the Service:

• Types of Cookies:
  • Essential Cookies: Required for the Service to function (e.g., authentication and session management).
  • Analytics Cookies: Collect usage data (e.g., page views and clickstream data) to improve the Service.
  • Marketing Cookies: Used for promotional communications, only with your consent.
• Purposes: Enable platform access, analyze anonymized System Data, and deliver personalized content (with consent).
• Consent and Opt-Out: We provide a cookie banner so you can manage non-essential cookies. You can adjust your preferences at any time through your cookie settings.

Our Cookie Policy provides further details.

12 Third-Party Services and Integrations

We engage third-party services (e.g., cloud providers and payment processors such as Stripe, and integrations with Google or Slack) to deliver the Service; a list is available in the Subprocessor List. Affiliated organizations (Partners), such as Wooli Safety, Inc., may provide content or features included in your Subscription but do not access your User Content except as authorized by you. You are responsible for verifying that any third-party integrations you enable comply with applicable law. We require subprocessors to meet data protection standards at least as protective as this policy.

13 Children's Data

The Service is not intended for individuals under 13, and we do not knowingly collect Personal Information from children under 13 without verified parental consent, consistent with the Children's Online Privacy Protection Act (COPPA). If you believe we have collected such data, contact the Privacy Contact to request deletion.

14 Breach Notification

In the event of a Security Event (unauthorized access to, acquisition of, or use of Personal Information requiring notification under applicable law), we will:

• Notify you without undue delay after becoming aware, and within the time required by applicable law, at the email associated with your Account.
• Investigate promptly and, if required by law or at your direction, notify affected individuals.
• Provide information reasonably necessary to demonstrate our compliance.

You must report any suspected Security Event to us via the Privacy Contact without undue delay.

15 Changes to the Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in the Service, legal requirements, or our business practices. We will notify you of material changes (for example, new data uses or sharing practices) by email and through in-Service notifications. Your continued use of the Service after a change takes effect constitutes acceptance of the updated policy. If you do not agree to a change, you may stop using the Service and cancel your Subscription as described in the ToS.

16 Contact Information

For privacy inquiries, data rights requests, or to report an issue, contact us at:

• Email: privacy@wooli.com
• Address: Wooli, Inc., PO Box 39, Estero, FL 33929
• Online: through the Wooli Website

Wooli is responsible for responding to your privacy inquiries. You may also manage certain data and privacy settings through the Account Management Page.

17 Jurisdiction-Specific Provisions

This Privacy Policy is designed to comply with applicable U.S. data protection laws.

• United States: To the extent the California Consumer Privacy Act (CCPA) applies to you, you have the right to know what Personal Information we collect and how we use and disclose it, to request access, correction, and deletion, and to opt out of the sale or sharing of Personal Information. We do not sell Personal Information. You may exercise these rights through the Account Management Page or by contacting the Privacy Contact, and we will not discriminate against you for exercising them.

For jurisdiction-specific questions, contact the Privacy Contact.

18 Reference Links

The websites, pages, policies, and contact addresses referenced in this Privacy Policy are listed below. Where this Privacy Policy refers to a Wooli website, page, policy, or contact by name (for example, the Wooli Website, the Wooli Terms of Service, the Acceptable Use Policy, the Data Processing Agreement, the Account Management Page, the Cookie Policy, or the Subprocessor List), that reference means the corresponding resource identified in this section. Wooli may update the links below from time to time without altering the substance of this Privacy Policy.

Resource	Link
Wooli Website	www.wooli.com
Explore (Free Resources)	explore.wooli.com
Subscription Service (App)	apps.wooli.com
Wooli Terms of Service (ToS)	www.wooli.com/legal/terms
Acceptable Use Policy (AUP)	www.wooli.com/legal/aup
Data Processing Agreement (DPA)	www.wooli.com/legal/dpa
Account Management Page	apps.wooli.com
Cookie Policy	www.wooli.com/legal/cookies
Subprocessor List	www.wooli.com/legal/subprocessors
Privacy Contact	privacy@wooli.com