Privacy policy


Woebot Health (“Woebot”, “us”, “we” or “our”) is committed to protecting and respecting your privacy. This Privacy Policy describes how we collect, store, use and distribute personal data through our software, website, mobile application (“App”), documentation, and related services (together, the “Services”).

In this Privacy Policy, references to “you” means the person whose personal data we collect, use and process. Please read this Privacy Policy carefully to understand our treatment and use of personal data.

We will use your personal data only for the purposes and in the manner outlined below, and in compliance with applicable laws.

Please note that by using the Services, you acknowledge that you have read and understand this Privacy Policy.

All Woebot platforms

If you choose to create a user account, you will be asked to provide an email address and password so that we can identify you across devices and comply with any potential request to delete or access your data. We will also ask you for an optional referral code, which we may use to track your participation in special programs, described in more detail below. You can also choose to skip account creation and create an account locally on your device: note that without an account, you will not be able to recover your data or log in on a different device.

iOS and Android apps

We use your email to create a user account. This step is optional; it is not required in order to use the platform. You can also bypass providing your email address if you wish. We use your time zone to personalize the experience.

Identity of the controller of personal information

The data controller for Woebot Platforms is Woebot, a company and registered in the United States and having its registered office address at 650 5th Street Suite 303, San Francisco CA 94103.

Contact details of the Data Protections Officer / Representative

Woebot’s Data Protection Officer can be contacted at:

Email Address: Address: 650 5th Street Suite 303, San Francisco, CA 94107

When does this privacy policy apply?

The Privacy Policy applies to personal data that we collect, use and otherwise process about you in connection with your use of the Services

Processing of your personal data

How and why do we process your personal data?

When you use the Services, we may collect and process different personal data about you. The personal data we process, the basis of processing and the purposes of processing are detailed below. Sometimes, these activities are carried out by third parties (see “Sharing of Personal Data” section below).

We encourage you to supply only the information you are comfortable with.


Personal data

Legal basis of processing

Purpose of processing

Account information:

Personal information (including first name), password, referral code for participation in special programs, and email address.

– Contractual necessity

– Consent

This is required to provide the Services, to maintain our customer/visitor lists, to respond to your inquiries or provide feedback, for identification and authentication purposes, for service improvement, and to address issues like malicious use of the Services.

Your communications with us:

Your email address, full name, platform, operating system version, communications with us, and any attachments you submit via our help portal, such as an optional profile photo or phone number.

– Contractual necessity

– Consent

– Legitimate interest

We collect this information when you request information about our services, register for our newsletter, request customer or technical support, or otherwise communicate with us.

You can unsubscribe at any time by clicking the unsubscribe link in each email or by contacting us via the methods described in “Contact Us” below.

Financial and billing information (when purchasing the Services) (including billing name, address and credit card number), as applicable.

– Contractual necessity

– Consent

– Legitimate interest

We may use a 3rd party processor (i.e., Stripe Inc.) to collect and administer payments.

Conversation data:

Information, participation data, text, graphics, video, messages, responses to treatment and satisfaction surveys, or other materials generated through your interactions with Woebot.

– Contractual necessity

– Consent

– Legitimate interest

We collect this information to enable us to administer and improve our Services to you.

Hardware Diagnostic and login information:

Crash reports, along with logging information from your system documenting the error.

Information regarding your operating system version, hardware, browser version (and .NET version information in case of Windows systems), and your email address, if provided.

Additionally, certain login information may be maintained in a cookie stored locally on your device in order to streamline the login process.

– Contractual necessity

– Legitimate interest

We collect this information to enable us to administer and improve our Services to you.

Your use of our Services:

Analytics information collected through the use of cookies, log files and web beacons (such information may include standard information regarding your mobile device, browser type, browser language, operating system, Internet Protocol address, and the actions you take on our website (such as the web pages viewed and the links clicked) or while using the Services.

– Contractual necessity

– Legitimate interest

We collect this information to enable us to administer and improve our Services to you.

We may also use your Analytics Information in conjunction with an analytics service such as Google Analytics and Bugsnag to monitor and analyze use of the Services, for the Services’ technical administration, to increase the Services’ functionality and user-friendliness, and to verify users have the authorization needed for the Services to process their requests.

Product surveys, promotional activities and social media content.

– Contractual necessity

– Consent

– Legitimate interest

Within or outside the App, we may offer the ability to participate in surveys or run sweepstakes or contests to promote the Services. Contact information you provide may be used to reach you about the sweepstakes or contest and for other promotional, marketing and business purposes, as permitted by law. In some jurisdictions, we are required to publicly share information about winners.

We may offer forums, blogs, or social media pages. Any content you provide on these channels will be considered “public” and is not subject to privacy protections.

Information from other sources

We may obtain information about you from other sources, including through third party services and organizations to supplement information provided by you. For example, if you access our Services through a third-party application, such as an app store, a third-party login service, or a social networking site, we may collect information about you from that third-party application that you have made public via your privacy settings. This supplemental information allows us to verify information that you have provided to us and to enhance our ability to provide you with information about our business, products, and Services.

Analytics vendors

We may also use Google Analytics and other service providers such as Bugsnag to collect information regarding visitor behavior and visitor demographics on our Services.

For more information about Google Analytics, please visit Google Privacy. You can opt out of Google’s collection and processing of data generated by your use of the Services clicking this link: Deactivate Google Analytics.

For more information about Bugsnag, visit

Use of de-identified and aggregated information

We may use personal information and other data about you to create de-identified and aggregated information, such as general location information, information about the computer or device fromwhich you access our Services, or other analyses we create.We mayshare this information with the parties listed in “Sharing of Personal Data” below.

Where does Woebot obtain my personal data from?

Most of the personal data we process is obtained from you when, through the application you: register for a Woebot account and exchange messages with Woebot. Other types of personal data may be obtained from third parties, including, for example, your name and time zone from Facebook.

Sharing of personal data with third parties

We do not share your personal data with third parties, except as provided below.

1. Service providers

We use third party service providers who provide technical and support services to help us provide and improve the product and Services. In providing the Services, these third party service providers may have limited access to databases of user information or registered member information solely for the purpose of helping us to improve the product and they will be subject to contractual restrictions prohibiting them from using the personal data of our members for any other purpose.

2. Disclosures to third parties for special programs

If you participate in the special program, we will share the outcome of your participation in the program (as measured by your survey responses, engagement and satisfaction metrics) with the program partner, which may include your employer, certification authorities, or other medical and academic partners who help conduct the study. The results of your study do not contain your messages with Woebot.

Note that your participation in special programs may be governed by terms outside of this Privacy Policy.

At any point you may also withdraw your consent to have your personal data used in the special program by [contacting us as set forth below.] If you withdraw your consent to share personal data, you may continue to use Woebot’s standard features.

3. Disclosure to other third parties

In certain circumstances, we share and/or are obliged to share your personal data with third parties for the purposes described above and in accordance with applicable law, including if we, in good faith, believe doing so is required or appropriate to comply with law enforcement or national security requests and legal process, such asa court order or subpoena; protect your, our or others’ rights, property, or safety; enforce our policies or contracts; collect amounts owed to us; assist with an investigation or prosecution of suspected or actual illegal activity or as otherwise allowed under applicable law.

These third parties include:

  • administrative authorities (tax or social security authorities)
  • financial institutions
  • insurance companies
  • police, public prosecutors, regulators
  • external advisors

We may also disclose your personal data in connection with a corporate re-organization, a merger or amalgamation with another entity, a sale of all or a substantial portion of our assets or stock, including any due diligence exercise carried out in relation to the same, provided that the information disclosed continues to be used for the purposes permitted by this Privacy Policy by the entity acquiring the information.

Transfer outside the European Economic area/UK

Your personal data may be transferred, stored and processed in one or more countries outside the European Economic Area (“EEA”) or the UK, for example, when one of our service providers use employees or equipment based outside the EEA or UK. For transfers of your personal data to third parties outside of the EEA or UK, we take additional steps in line with applicable law. We will put in place adequate safeguards with respect to the protection of your privacy, fundamental rights and freedoms, and the exercise of your rights, e.g. we will establish an adequate level of data protection through EU Standard Contractual Clauses based on the EU Commission’s model clauses.

If you would like to see a copy of any relevant provisions, please contact Woebot’s Data Protection Officer / Representative (see “Contact Us” section below).

How is my personal data secured

Woebot operates and uses appropriate technical and physical security measures to protect your personal data.

We have, in particular, taken appropriate security measures to protect your personal data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.

Access is only granted on a need-to-know basis to those people whose roles require them to process your personal data.

You are also responsible for helping to protect the security of your personal data. For instance, safeguard your user name, password and personal credentials when you are using the Services, so that other people will not have access to your personal data. Furthermore, you are responsible for maintaining the security of any device on which you utilize the Services. Unfortunately, no system is 100% secure, and we cannot ensure or warrant the security of any personal data you provide to us. To the fullest extent permitted by applicable law, we do not accept liability for unintentional disclosure.

Storage of personal data

We will keep your personal data for as long as it is necessary to fulfilthe purposes for which it was collected as described above and in accordance with our legal and regulatory obligations.

If you would like further information about our data retention practices you can ask for this at any time (see “Contact Us” section below).

Your rights

You may have various rights under data protection legislation in your country (where applicable).

These may include (as relevant):

  1. The right of access enables you to check what type of personal data we hold about you and what we do with that personal data and to receive a copy of this personal data;
  2. The right to rectification enables you to correct any inaccurate or incomplete personal data that we hold about you;
  3. The right to erasure enables you to request that we erase personal data held about you in certain circumstances;
  4. The right to restrict processing of your personal data by us in certain cases, including if you believe that the personal data held about you is inaccurate or our use of the personal data is unlawful; and
  5. The right to data portability enables you to receive your personal data in a structured, commonly used and machine readable format and to have that personal data transmitted to another data controller.

Note that we will require you to take steps to verify your identity in accordance with applicable law.

1. For Android and iOS apps

Upon request of the data, the User will be emailed a link to a personalized dashboard page, hosted on our website protected by the User’s login information (that is provided by the User on first download of the app). On the dashboard, the User will find a button to request a copy of their data. Users who indicate that they would like to retrieve their data, will be sent an email that contains an individualized link to use to download a .zip file containing their data files. This link can be used one-time only and is only active for 60 minutes.

2. Facebook Messenger

Currently there is no ability to wipe conversation history from messenger which prevents us from fully implementing our privacy process above. For this reason, Woebot will not send data to Facebook Messenger users, however, they may retrieve it from Facebook by following their procedures outlined in Facebook’s Privacy Policy.

If you wish to exercise any of the above rights, please contact us (see “Contact Us” below).

"Do not Track"

Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.

Children’s information

The Services are not directed to children under 13 (or other age as required by local law), and we do not knowingly collect personal data from children. If you learn that your child has provided us with personal data without your consent, you may contact us as set forth below. If we learn that we have collected any personal data in violation of applicable law, we will promptly take steps to delete such personal data and terminate the child’s account.

Your right to lodge a complaint with a supervisory authority

If you are unhappy about any aspect of the way we collect, share or use your personal data, please let us know using the contact details below. You also have a right to complain to your local Data Protection Authority if you prefer. Contact details for Data Protection Authorities in the EU are available at Data Protection.

Changes to this policy

We may need to make changes to this Privacy Policy at any time. If we make any material changes to how we collect your personal data, or how we use or share it, we will post or provide appropriate notice in accordance with applicable law.

In order to ensure fairness of the processing, we encourage you to review the content of this Privacy Policy regularly.

Contact us

For further information, to exercise your rights, or if you have any questions or queries about this Privacy Policy, please contact Woebot’s Data Protection Officer:

postal: 650 5th Street Suite 303, San Francisco, CA 94107