We will use your personal data only for the purposes and in the manner outlined below, and in compliance with applicable laws.
All Woebot platforms
If you choose to create a user account, you will be asked to provide an email address and password so that we can identify you across devices and comply with any potential request to delete or access your data. We will also ask you for an optional referral code, which we may use to track your participation in special programs, described in more detail below. You can also choose to skip account creation and create an account locally on your device: note that without an account, you will not be able to recover your data or log in on a different device.
iOS and Android apps
We use your email to create a user account. This step is optional; it is not required in order to use the platform. You can also bypass providing your email address if you wish. We use your time zone to personalize the experience.
Identity of the controller of personal information
The data controller for Woebot Platforms is Woebot, a company and registered in the United States and having its registered office address at 650 5th Street Suite 303, San Francisco CA 94103.
Contact details of the Data Protections Officer / Representative
Woebot’s Data Protection Officer can be contacted at:
Email Address: email@example.com Address: 650 5th Street Suite 303, San Francisco, CA 94107
Processing of your personal data
When you use the Services, we may collect and process different personal data about you. The personal data we process, the basis of processing and the purposes of processing are detailed below. Sometimes, these activities are carried out by third parties (see “Sharing of Personal Data” section below).
We encourage you to supply only the information you are comfortable with.
Information from other sources
We may obtain information about you from other sources, including through third party services and organizations to supplement information provided by you. For example, if you access our Services through a third-party application, such as an app store, a third-party login service, or a social networking site, we may collect information about you from that third-party application that you have made public via your privacy settings. This supplemental information allows us to verify information that you have provided to us and to enhance our ability to provide you with information about our business, products, and Services.
We may also use Google Analytics and other service providers such as Bugsnag to collect information regarding visitor behavior and visitor demographics on our Services.
For more information about Google Analytics, please visit Google Privacy. You can opt out of Google’s collection and processing of data generated by your use of the Services clicking this link: Deactivate Google Analytics.
For more information about Bugsnag, visit http://www.bugsnag.com.
Use of de-identified and aggregated information
We may use personal information and other data about you to create de-identified and aggregated information, such as general location information, information about the computer or device fromwhich you access our Services, or other analyses we create.We mayshare this information with the parties listed in “Sharing of Personal Data” below.
Where does Woebot obtain my personal data from?
Most of the personal data we process is obtained from you when, through the application you: register for a Woebot account and exchange messages with Woebot. Other types of personal data may be obtained from third parties, including, for example, your name and time zone from Facebook.
Sharing of personal data with third parties
We do not share your personal data with third parties, except as provided below.
1. Service providers
We use third party service providers who provide technical and support services to help us provide and improve the product and Services. In providing the Services, these third party service providers may have limited access to databases of user information or registered member information solely for the purpose of helping us to improve the product and they will be subject to contractual restrictions prohibiting them from using the personal data of our members for any other purpose.
2. Disclosures to third parties for special programs
If you participate in the special program, we will share the outcome of your participation in the program (as measured by your survey responses, engagement and satisfaction metrics) with the program partner, which may include your employer, certification authorities, or other medical and academic partners who help conduct the study. The results of your study do not contain your messages with Woebot.
At any point you may also withdraw your consent to have your personal data used in the special program by [contacting us as set forth below.] If you withdraw your consent to share personal data, you may continue to use Woebot’s standard features.
3. Disclosure to other third parties
In certain circumstances, we share and/or are obliged to share your personal data with third parties for the purposes described above and in accordance with applicable law, including if we, in good faith, believe doing so is required or appropriate to comply with law enforcement or national security requests and legal process, such asa court order or subpoena; protect your, our or others’ rights, property, or safety; enforce our policies or contracts; collect amounts owed to us; assist with an investigation or prosecution of suspected or actual illegal activity or as otherwise allowed under applicable law.
These third parties include:
- administrative authorities (tax or social security authorities)
- financial institutions
- insurance companies
- police, public prosecutors, regulators
- external advisors
Transfer outside the European Economic area/UK
Your personal data may be transferred, stored and processed in one or more countries outside the European Economic Area (“EEA”) or the UK, for example, when one of our service providers use employees or equipment based outside the EEA or UK. For transfers of your personal data to third parties outside of the EEA or UK, we take additional steps in line with applicable law. We will put in place adequate safeguards with respect to the protection of your privacy, fundamental rights and freedoms, and the exercise of your rights, e.g. we will establish an adequate level of data protection through EU Standard Contractual Clauses based on the EU Commission’s model clauses.
If you would like to see a copy of any relevant provisions, please contact Woebot’s Data Protection Officer / Representative (see “Contact Us” section below).
How is my personal data secured
Woebot operates and uses appropriate technical and physical security measures to protect your personal data.
We have, in particular, taken appropriate security measures to protect your personal data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.
Access is only granted on a need-to-know basis to those people whose roles require them to process your personal data.
You are also responsible for helping to protect the security of your personal data. For instance, safeguard your user name, password and personal credentials when you are using the Services, so that other people will not have access to your personal data. Furthermore, you are responsible for maintaining the security of any device on which you utilize the Services. Unfortunately, no system is 100% secure, and we cannot ensure or warrant the security of any personal data you provide to us. To the fullest extent permitted by applicable law, we do not accept liability for unintentional disclosure.
Storage of personal data
We will keep your personal data for as long as it is necessary to fulfilthe purposes for which it was collected as described above and in accordance with our legal and regulatory obligations.
If you would like further information about our data retention practices you can ask for this at any time (see “Contact Us” section below).
You may have various rights under data protection legislation in your country (where applicable).
These may include (as relevant):
- The right of access enables you to check what type of personal data we hold about you and what we do with that personal data and to receive a copy of this personal data;
- The right to rectification enables you to correct any inaccurate or incomplete personal data that we hold about you;
- The right to erasure enables you to request that we erase personal data held about you in certain circumstances;
- The right to restrict processing of your personal data by us in certain cases, including if you believe that the personal data held about you is inaccurate or our use of the personal data is unlawful; and
- The right to data portability enables you to receive your personal data in a structured, commonly used and machine readable format and to have that personal data transmitted to another data controller.
Note that we will require you to take steps to verify your identity in accordance with applicable law.
1. For Android and iOS apps
Upon request of the data, the User will be emailed a link to a personalized dashboard page, hosted on our website woebot.io protected by the User’s login information (that is provided by the User on first download of the app). On the dashboard, the User will find a button to request a copy of their data. Users who indicate that they would like to retrieve their data, will be sent an email that contains an individualized link to use to download a .zip file containing their data files. This link can be used one-time only and is only active for 60 minutes.
2. Facebook Messenger
If you wish to exercise any of the above rights, please contact us (see “Contact Us” below).
"Do not Track"
Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.
The Services are not directed to children under 13 (or other age as required by local law), and we do not knowingly collect personal data from children. If you learn that your child has provided us with personal data without your consent, you may contact us as set forth below. If we learn that we have collected any personal data in violation of applicable law, we will promptly take steps to delete such personal data and terminate the child’s account.
Your right to lodge a complaint with a supervisory authority
If you are unhappy about any aspect of the way we collect, share or use your personal data, please let us know using the contact details below. You also have a right to complain to your local Data Protection Authority if you prefer. Contact details for Data Protection Authorities in the EU are available at Data Protection.
Changes to this policy
postal: 650 5th Street Suite 303, San Francisco, CA 94107