Privacy Policy

⚠ Template notice: This Privacy Policy is a working draft intended for development and testing. Before public launch, this document must be reviewed and customized by a qualified attorney. Use at your own risk until then.

1. Introduction

WiseHQ ("we," "us," "our") respects your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

2. Information We Collect

Information you provide

• Account information: name, email, password (hashed), organization name
• Profile information: avatar, phone number, job title
• Organization data: work orders, events, assets, vendors, documents, photos, etc.
• Payment information: processed by Stripe (we do not store card details)
• Communications: support tickets, emails, in-app messages

Information collected automatically

• Device information: browser, OS, IP address, device type
• Usage data: pages visited, features used, timestamps, session duration
• Cookies and similar technologies (see Cookie Policy section)

Information from third parties

• OAuth providers (Google) if you sign in with them
• Integration data (Google Drive, Dropbox) if you connect them

3. How We Use Your Information

• To provide, maintain, and improve the Service
• To process payments and manage subscriptions
• To send transactional emails (verification, receipts, invites, security alerts)
• To send product updates and marketing (you can opt out)
• To provide customer support
• To detect and prevent fraud, abuse, and security issues
• To comply with legal obligations
• To analyze usage patterns and improve product decisions
• To train our AI features (only with anonymized, aggregated data — never with your private content)

4. Third-Party Subprocessors

We use the following subprocessors to operate the Service. Each has its own privacy policy governing their handling of your data:

5. Data Sharing

We do not sell your data. We may share data:

• With subprocessors listed above, to operate the Service
• With your organization administrators (if you're part of a multi-user org)
• With your explicit consent
• To comply with legal process (subpoena, court order)
• To protect our rights, property, or safety of users
• In connection with a merger, acquisition, or asset sale (with notice to you)

6. Your Rights (GDPR / CCPA / Similar Laws)

Depending on your location, you have rights including:

• Access: Request a copy of all personal data we hold about you
• Rectification: Correct inaccurate data
• Erasure: Request deletion of your account and personal data
• Portability: Export your data in a machine-readable format
• Restriction: Limit how we process your data
• Objection: Opt out of marketing communications
• Withdrawal of consent: Revoke previously granted permissions

To exercise these rights: use the export and delete buttons in Settings → Privacy, or email us at privacy@getwisehq.com. We respond within 30 days.

7. Data Security

We implement industry-standard security measures including:

• TLS/HTTPS encryption in transit
• AES-256 encryption at rest (via Supabase)
• Row-level security isolation between organizations
• Access controls and role-based permissions
• Regular security audits and backups
• Password hashing with industry-standard algorithms

No system is perfectly secure. In the event of a data breach affecting your personal data, we will notify you within 72 hours in accordance with applicable law.

8. Data Retention

We retain your data for as long as your account is active. After account deletion:

• Personal data is deleted within 30 days
• Anonymized usage data may be retained for analytics
• Legal records (invoices, tax records) retained per applicable law (typically 7 years)
• Backups are rotated out within 90 days

9. Cookies and Tracking

We use cookies for:

• Essential: Authentication, security, session management (always on)
• Preferences: Theme, language, view settings (stored locally)
• Analytics: Usage tracking (requires consent for EU visitors)

You can manage cookie preferences via your browser settings. A cookie consent banner is planned for EU visitors; until then, analytics cookies are not set without an explicit user action.

10. Children's Privacy

WiseHQ is not intended for children under 13 (or 16 in EU). We do not knowingly collect data from children. If you believe a child has provided personal data, contact us and we will delete it.

11. International Data Transfers

Your data may be processed in the United States or other countries where our subprocessors operate. By using the Service, you consent to these transfers. For EU customers, we rely on Standard Contractual Clauses and other legal mechanisms for lawful transfer.

12. Religious and Denominational Content

WiseHQ does not review, endorse, or moderate religious or denominational content uploaded by customers. User-uploaded documents and messages are not scanned for theological content.

13. California Privacy Rights (CCPA)

California residents have specific rights under the CCPA, including the right to know what personal information we collect, the right to delete it, and the right to opt out of sale (we do not sell your data). See "Your Rights" above.

14. Changes to This Policy

We may update this Privacy Policy. Material changes will be announced by email and in-app notice at least 30 days before taking effect. Current version: 2026-04-17.

15. Contact

Privacy inquiries: privacy@getwisehq.com

Data Protection Officer (for EU): dpo@getwisehq.com

Mailing address: [Your business address]