User Privacy Policy

Updated: March 12th, 2019

Introduction

This Privacy Policy provides guidance and information to users who make use of the Services (defined below) provided by Woebot Labs (“Woebot”) regarding the processing of User personal data by the Woebot.

Woebot ("us", "we" or "our") is committed to protecting and respecting your privacy. This Privacy Policy describes how we collect, store, use and distribute personal data through our software, website, documentation, and related services (together, the “Services”).

Please read this Privacy Policy carefully to understand our treatment and use of personal data.

In this Privacy Policy, references to “you” means the person whose personal information we collect, use and process.

We will use your personal data only for the purposes and in the manner outlined below, which describes the steps we take to ensure the processing of your personal data is in compliance with the Data Protection Act 2018 and any subsequent data protection and privacy legislation, European Union law including Regulation (EU) 2016/679 (known as the General Data Protection Regulation or GDPR) and any subsequent amendments (collectively referred to as “Data Protection Legislation”).

Please note that by using the Woebot Services, you acknowledge that you have read, understood and agree to this Privacy Policy.

We seek to maintain the privacy, accuracy, and confidentiality of data (including your personal data) that we obtain during your use of the Services.

All Woebot Platforms

If you choose to create a user account, you will be asked to provide an email address so that we can identify you to comply with your potential request to delete or access your data. If you decline to provide your email address, your information is not linked to you in any identifiable way.

Conversations with Woebot are not shared with any other company or service. We will never sell or give away your personal data or conversation history.

Facebook Messenger

Woebot only sees your activity within the conversation. We receive basic information from Facebook: first name, locale, timezone, to personalize the experience. We do not access your Facebook profile, and do not have access to your news feed or friend list.

We do not post anything to your Facebook wall or notify your friends that you are using Woebot. If you choose to share a GIF or video from your conversation with Woebot, however, they may see that it’s from the Woebot page.

Conversations with Woebot within Facebook Messenger are subject to the Facebook privacy policy. Facebook can see that you are talking to Woebot, and they can see the content of the conversations.

iOS and Android Apps

We use your email to create a user account. This step is optional; it is not required in order to use the platform. You can also bypass providing your email address if you wish. We use your time zone to personalize the experience.

Conversations with Woebot within Mobile App are not shared with any other company or service. We will never sell or give away your personal data or conversation history.

Identity of the Controller of Personal Information

For the purposes of Data Protection Legislation, the Data Controller for Woebot Platforms is Woebot, a company and registered in the United States (EIN 38-4034738) and having its registered office address at 650 5th Street Suite 303 San Francisco CA 94103

Contact Details of the Data Protection Officer / Representative

The contact details of Woebot’s data protection officer / representative are as follows:
Name: Athena Robinson, PhD
Email Address: athena@woebot.io
Address: 650 5th Street Suite 303, San Francisco, CA 94107

When does this Privacy Policy apply

The Privacy Policy applies to personal data that we collect, use and otherwise process about you in connection with your use of the Services

Processing of your Personal Data

How and why do we process your personal data?

When you use the Services, we may collect and process different personal data about you. The personal data we process, the basis of processing and the purposes of processing are detailed below. Sometimes, these activities are carried out by third parties (see “Sharing of Personal Data” section below).

We encourage you to supply only the information you are comfortable with.

Personal data Basis of processing Purpose of processing
Personal information (including first name) and email address. It is necessary to take steps for entering into a contract with you or for the performance of our contract with you. This is required to provide the Services, to maintain our customer/visitor lists, to respond to your inquiries or provide feedback, for identification and authentication purposes, for service improvement, and to address issues like malicious use of the Services.
Financial and billing information (when purchasing the Services) (including billing name, address and credit card number), as applicable. It is necessary to take steps for entering into a contract with you or for the performance of our contract with you. We use a 3rd party processor (i.e., Stripe Inc.).
Data, diagnostic and login information:

Information, data, text, graphics, video, messages or other materials,

Diagnostic information (including crash report along with certain logging information from your system documenting the error)

Information regarding your Operating System version, hardware, browser version (and .NET version information in case of Windows systems), and your email address, if provided.

Additionally, certain login information may be maintained in a cookie stored locally on your personal computing device (i.e. not on a server) in order to streamline the login process.

It is necessary to take steps for entering into a contract with you or for the performance of our contract with you. To enable us to administer and improve our Services to you.
Analytics information collected through the use of cookies, log files and Web beacons (such information may include standard information regarding your mobile device, browser type, browser language, Operating System, Internet Protocol address, and the actions you take on our web site (such as the web pages viewed and the links clicked) or while using the Services. It is necessary to take steps for entering into a contract with you or for the performance of our contract with you. We use this information to provide you with the Services.

We may also use your Analytics Information in a de-identified, anonymous way in conjunction with an analytics service such as Google Analytics and Mixpanel to monitor and analyze use of the Services, for the Services’ technical administration, to increase the Services’ functionality and user-friendliness, and to verify users have the authorization needed for the Services to process their requests.

Where does Woebot obtain my personal data from?

Most of the personal data we process is obtained from you when, through the application you: register for a Woebot account and exchange text or button messages with Woebot. Other types of personal data may be obtained from third parties, including, for example, your name and timezone from Facebook. We do not obtain data from any other 3rd parties.

Sharing of Personal Data

1. Internally within Woebot

Your personal data will be held by Woebot’s team. Your personal data will only be shared internally with members of the team, managers and IT staff if access to the data is necessary for the performance of their roles. Woebot takes appropriate steps to ensure that such personnel is bound to duties of confidentiality with respect to your personal data.

2. Service Providers

We use third party service providers who provide technical and support services to help us improve the product. In providing the services, these third party service providers may have limited access to databases of user information or registered member information solely for the purpose of helping us to improve the product and they will be subject to contractual restrictions prohibiting them from using the personal data of our members for any other purpose. Such agents or third parties do not have any rights to use personal data beyond what is necessary to assist us.

We will check any third party that we use to ensure that they can provide sufficient guarantees regarding the confidentiality and security of your personal data. We will have written contracts with them which provide assurances regarding the protections that they will give to your personal data and their compliance with our data security standards and international transfer restrictions.

3. Disclosure through Facebook Messenger with third parties

You may be able to share Personal Information with third parties through use of the Services. The privacy policies of these third parties are not under our control and may differ from ours. The use of any information that you may provide to any third parties will be governed by the privacy policy of such third party or by your independent agreement with such third party, as the case may be. If you have any doubts about the privacy of the information you are providing to a third party, we recommend that you contact that third party directly for more information or to review its privacy policy.

Users that access Woebot via the Facebook Messenger platform are also subject to Facebook’s privacy policy.

Facebook’s Privacy Policy can be found here: https://www.facebook.com/privacy/explanation.

4. Disclosure to other third parties

In certain circumstances, we share and/or are obliged to share your personal data with third parties for the purposes described above and in accordance with Data Protection Legislation.

These third parties include:

  • administrative authorities (tax or social security authorities)
  • financial institutions
  • insurances
  • police, public prosecutors
  • external advisors

We may also disclose your personal data in connection with a corporate re-organization, a merger or amalgamation with another entity, a sale of all or a substantial portion of our assets or stock, including any due diligence exercise carried out in relation to the same, provided that the information disclosed continues to be used for the purposes permitted by this Privacy Policy by the entity acquiring the information.

Tranfer outside the European Economic Area

Your personal information may be transferred, stored and processed in one or more countries outside the European Economic Area (“EEA”), for example, when one of our service providers use employees or equipment based outside the EEA. For transfers of your personal data to third parties outside of the EEA, we take additional steps in line with Data Protection Legislation. We will put in place adequate safeguards with respect to the protection of your privacy, fundamental rights and freedoms, and the exercise of your rights, e.g. we will establish an adequate level of data protection through EU Standard Contractual Clauses based on the EU Commission’s model clauses.

If you would like to see a copy of any relevant provisions, please contact Woebot’s Data Protection Officer / Representative (see “Contact Us” section below).

How is my Personal Data secured

Woebot operates and uses appropriate technical and physical security measures to protect your personal data.

We have in particular taken appropriate security measures to protect your personal data from accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access, in connection with your job application.

Access is only granted on a need-to-know basis to those people whose roles require them to process your personal data. [In addition, our service providers are selected carefully to ensure they have an appropriate level of technical, organisational and security measures.]

You are also responsible for helping to protect the security of your Personal Information. For instance, never give out your Facebook password, and safeguard your user name, password and personal credentials when you are using the Services, so that other people will not have access to your Personal Information. Furthermore, you are responsible for maintaining the security of any personal computing device on which you utilize the Services.

Storage of Personal Data

Your personal data will be encrypted and stored in our primary datastore for analytical processing (i.e., graph images).

We will keep your personal data for as long as it is necessary to fulfil the purposes for which it was collected as described above and in accordance with our legal and regulatory obligations. This may mean that some information is held for longer than other information.

If you would like further information about our data retention practices you can ask for this at any time (see “Contact Us” section below).

Your rights

You may have various rights under data protection legislation in your country (where applicable).

These may include (as relevant):

  1. The right of access enables you to check what type of personal data we hold about you and what we do with that personal data and to receive a copy of this personal data;
  2. The right to object to processing of your personal data where that processing is carried out on the basis of our legitimate interests. We will stop using your personal data unless we can demonstrate an overriding legitimate ground for the continued processing of this personal data;
  3. The right to rectification enables you to correct any inaccurate or incomplete personal data that we hold about you;
  4. The right to erasure enables you to request that we erase personal data held about you in certain circumstances;
  5. The right to restrict processing of your personal data by us in certain cases, including if you believe that the personal data held about you is inaccurate or our use of the personal data is unlawful; and
  6. The right to data portability enables you to receive your personal data in a structured, commonly used and machine readable format and to have that personal data transmitted to another data controller.

1. For Android and iOS apps:

Upon request of the data, the User will be emailed a link to a personalized dashboard page, hosted on our website (woebot.io) protected by the User’s login information (that is provided by the User on first download of the app). On the dashboard, the User will find a button to request a copy of their data. Users who indicate that they would like to retrieve their data, will be sent an email that contains an individualized link to use to download a .zip file containing their data files. This link can be used one-time only and is only active for 60 minutes.

2. Facebook Messenger

Currently there is no ability to wipe conversation history from messenger which prevents us from fully implementing our privacy process above. For this reason, Woebot will not send data to Facebook Messenger users, however, they may retrieve it from Facebook by following their procedures outlined in their privacy policy.

If you wish to exercise any of the above rights, please contact us (see “Contact Us” below).

Your right to lodge a complaint with a Supervisory Authority

If you are unhappy about any aspect of the way we collect, share or use your personal data, please let us know using the contact details below.

You also have a right to complain to the Office of the Data Protection Commission at Canal House, Station Road, Portarlington, Co. Laois by telephone at 1890 25 2231 and/or by email to info@dataprotection.ie.

Changes to this Information

We may need to make changes to this Privacy Policy at any time. If we make any material changes to how we collect your personal data, or how we use or share it, we will post or provide appropriate notice. Any non-material change (such as clarifications) to this Privacy Policy will become effective on the date the change is posted, and any material changes will become effective 30 days from their posting on https://woebot.io/privacy.

When notifying you of such changes, we will also explain what the likely impact of those changes will be to you, if any. In order to ensure fairness of the processing, we encourage you to review the content of this Privacy Policy regularly.

Contact Us

For further information or if you have any questions or queries about this Privacy Policy, please contact Woebot’s Data Protection Officer, Athena Robinson PhD; email: athena@woebot.io; postal: 650 5th Street Suite 303, San Francisco, CA 94107.

/ and/or please contact us at: Woebot Help Center.