This Privacy Policy has been developed taking into account Our awareness of the importance and significance of Your Personal Data. Maintaining Your privacy is Our top priority. The main purpose of this Policy is to help You understand how We Process and protect Your Personal Data when You use the Platform.

‍

This Privacy Policy is developed and operates taking into account the General Data Protection Regulation (GDPR), the General Data Protection Regulation of Great Britain (UK GDPR), the California Consumer Privacy Act of 2018, the California Online Privacy Protection Act of 2003, as well as other regulations and practices on the protection of Personal Data.

‍

In order to make the most of Our Platform, please read Our regulations. Please carefully read this Policy before using the Platform. Anyone may read, print, download, and store this Policy at any time. The Policy is regularly updated and is always accessible on the Platform. 

‍

By using the Platform and agreeing to the terms of the Privacy Policy, You confirm that:

(I) You have read, understood, and agree to this Policy;

(II) You have reached the age from which the legislation of the country of Your stay allows You to give Consent to the Processing of Your Personal Data. In any case, in order to use the Platform, You must be at least 16 years old (at least 13 years old in certain regions) or one of Your legal representatives or guardians must have read and agreed to the terms of the Privacy Policy on behalf of You. 

‍

If You do not agree or cannot confirm the above, You must immediately stop using the Platform. In this case, You must (a) contact Us and request the deletion of Your Personal Data; (b) leave the Platform and not use it.

1.1. “Privacy Policy” – this document, which is available at the following link: https://wois.io/privacy (hereinafter — “Privacy Policy”, “Policy”).

1.2. “Company” — VRTCL OÜ, a private limited company incorporated under the laws of the Republic of Estonia with a registry number 16281254 and a registered address at Harju maakond, Tallinn, Kesklinna linnaosa, Maakri tn 19/2, 10145 (hereinafter — “Company”, “We”, “Us”, “Our”).

1.3. “Personal Data” — any information relating to a natural person who is identified or can be identified using this information (hereinafter — “Personal Data”, “Data”).

1.4. “Processing of Personal Data” – any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction (hereinafter — “Processing”, “Processing of Personal Data”).

1.5. “Platform” — the website https://wois.io/, mobile application “Wois: Inspire and be Inspired”, which can be downloaded and accessed via the following links: https://play.google.com/store/apps/details?id=com.wois.app, https://apps.apple.com/us/app/wois-inspire-and-be-inspired/id1643867412, and all content contained therein.

1.6. “Subject of Personal Data” – a person who visits and/or uses the Platform within the scope of its available functionality and in accordance with the documentation contained on the Platform (hereinafter — “Subject of Personal Data”, “User”, “You”, “Your”).

1.7. “Controller” – the Company, which determines the purposes and means of Personal Data Processing, establishes the composition of this Personal Data, and sets the procedures for its Processing.

1.8. “Processor” – the Company or other persons that are authorized by the Controller or by law to Process Personal Data on behalf of the Controller.

1.9. “Services” — the suite of functionalities and features provided by the Company through the Platform, including but not limited to granting Users access to a digital library of knowledge contributed by various individuals, enabling interaction via an AI-driven chat system, facilitating the sharing and dissemination of Users' own thoughts, ideas, opinions, and interviews, permitting the exploration and engagement with User content shared by other Users, and providing any additional tools, features, functionalities, or content that may be offered as part of the Platform from time to time.

1.10. “Consent” — any freely given, specific, informed, and unequivocal indication of the Subject of Personal Data wishes by which he or she, through clear affirmative actions, signifies agreement to the Processing of his or her Personal Data.

1.11. “Third Party” — a legal person, public authority, agency, or body other than the Subject of Personal Data, Controller, Processor, and persons who, under the direct authority of the Controller or Processor, is authorized to Process Personal Data, other services which are integrated into the Platform and individuals who can receive User lists or other information from the Platform.

Name of the legal person: VRTCL OÜ 
Registry number: 16281254 
Legal address: Harju maakond, Tallinn, Kesklinna linnaosa, Maakri tn 19/2, 10145

The Company is the Controller and is responsible for the Processing of Your Personal Data as described in the Privacy Policy.

1) ​​During the registration process and while creating or updating Your User profile on the Platform, You may be required or have the option to provide certain Personal Data. This may include, but is not limited to:

• Email address;
• Password;
• First name and last name;
• Age;
• Gender;
• Profile bio (You may choose to provide a short description about Yourself, which will be displayed publicly on Your User profile);
• Profile photo.

‍

If the User decides to log in to the Platform using a third-party authentication service, such as Google or Apple, the Company may receive the User's Personal Data or other information accessed by such third party.

If required, You have the right to change the Personal Data You provided during registration.

2) When You use the Services, We collect Personal Data that is included in the input, file uploads, or feedback that You provide to Our Services (“User Content”). This may include identifiable information, biographical details, or visual data embedded within the content You create, share, or interact with on the Platform. This content may constitute or contain Personal Data, depending on the substance and how it is associated with Your account.

3)  In case of contacting Us through the means of communication available on the Platform, You additionally provide Us with Personal Data that may be necessary to resolve Your request / problem. 

4) We may collect other Data that You may provide to Us when using the Platform and/or the Services.

We automatically gather various details about You in addition to the Personal Data You provide to Us personally. While Users are navigating the Platform, We directly gather usage Data from them. Usage Data is gathered by Us when Users browse or use the Platform, and it consists of: 

• browser type; 
• browser version; 
• the type of device You are using; 
• pages of the Platform that You have visited; 
• Your visit to the Platform at what time and on what date;
• the time You spent on these pages of the Platform;
• unique device identifiers; 
• IP address; 
• geolocation Data; 
• other diagnostic Data.

We Process Personal Data from other sources, including publicly available information on the internet, to enhance and develop the models that power Our Services. This information may include, but is not limited to, Data sourced from publicly accessible websites, social media platforms, publications, and other online content.

Ensuring the privacy and safety of children online is a top priority for Us. We are committed to complying with the privacy laws, particularly concerning the protection of children's Personal Data.

We knowingly do not Process the Personal Data of children under the age of 13 (applies to Users who are residents of countries with a reduced minimum age for Personal Data Processing) and children under 16, and We also do not offer them to use the Platform. 

If We become aware that a person who has not reached the age from which it is permitted to Process their Personal Data has provided Us with their Personal Data without the Consent of a legal representative, guardian, or other person authorized to provide such Consent, We will take all necessary measures to delete such Data. If You believe We might have any information from or about a child under 16 (or 13 if applicable), please contact Us at hello@wois.io.

We Process the Personal Data provided by You only for the specific and limited purposes specified below:

• Account registration and management. To create and manage Your account, including verifying Your identity, providing access to the Platform, and maintaining Your account security.
• Services delivery. To provide, operate, and maintain Our Services, including generating personalized content, responding to inquiries, and offering customer support.
• Keep things up & running (i.e., operate, deliver, and maintain Our Services). We use the information We collect in order to operate, deliver, and maintain Our Services. The Personal Data You provide can give You access to different functionalities of the Services that are available to You as a registered User. We also use some of Your Personal Data to help keep Our Platform up to date, for example, to make sure that Our Services work with the latest operating systems and devices.
• Creating and maintaining digital libraries. To develop and maintain digital libraries associated with User or other individual profiles on the Platform, which may include integrating Personal Data from User contributions, external sources, and publicly available information. 
• Providing and enhancing outputs. To generate and deliver personalized outputs, including responses and recommendations based on the digital libraries and User content. This involves using Your Data to enhance the relevance and accuracy of the AI-driven chat system and other related features.
• Management and improvement of the Platform. All the time, We try to improve the functions that support the operation of the Platform. This allows Users to use the Platform smoothly, quickly and efficiently.
• Analytics. In order to understand what to build or how to improve the Services, We need to understand trends and demand for Our features. 
• Enhance the safety and security of Our Services. We may use Your Personal Data to enhance the safety and security of Our Services, and prevent fraud or other unauthorized or illegal activity. We monitor failures of the Platform and create software solutions to eliminate them, detect violations of this Policy, and monitor the use, abuse and potential abuse of the Platform.
• Sending of newsletter. Personal Data may be used for sending informational and marketing messages deemed by the Company to align with the preferences of the Users. You can find out more about sending such letters in the section “Sending marketing and informational materials to the User”.
• User support. Personal Data Processing is utilized for providing customer support Services, including responding to inquiries, resolving issues, and facilitating communication between Users and the support team.
• Compliance and security. Personal Data Processing is essential for ensuring compliance with legal obligations, as well as for implementing security measures to protect against unauthorized access, fraud, and other security threats. 

Enforce Our Terms & Policies. We use the Data We collect to enforce Our Terms and Conditions, Policy and the law. This includes enforcing, investigating, and reporting conduct that violates Our Terms and Conditions, Policy, or the law, responding to requests from law enforcement, and complying with legal requirements. In some cases, We may also use or share Your Personal Data to cooperate with law enforcement requests, escalate safety issues to law enforcement, industry partners, or others, or comply with Our legal obligations.

To Process Your Personal Data, We rely on the following lawful bases:

• performance of the contract — for the Processing of Personal Data necessary for the negotiation, conclusion, and performance of a contract (mainly, the Terms and Conditions) with You;
• legitimate interest — for the Processing necessary for the development of Our Services, taking into consideration Your interests, rights, and expectations;
• legal obligation — for the Processing as required by applicable laws or if requested by a law enforcement agency, court, supervisory authority, or another state-authorized public body;

Consent — for additional specific purposes.

We will store Your Personal Data for the period necessary to fulfill the purposes set forth in the Policy. When determining the duration of such periods, We first decide whether We need to collect Personal Data at all, and, if such a need really exists, We keep it only for the period necessary to realize the purposes of collection, or until the moment You make a corresponding request to delete Your Personal Data.

The specific retention period for Your Personal Data may vary depending on factors such as the type of Personal Data, the purposes for which it was collected, and legal requirements. 

We regularly review the Personal Data We hold and implement measures to ensure that it is accurate, up-to-date, and necessary for the purposes for which it was collected.

When We have no ongoing legitimate business need to Process Your Personal Data, We will either delete or anonymize such Data, or, if this is not possible (for example, because Your Personal Data has been stored in backup archives), then We will securely store Your Personal Data and isolate it from any further Processing until deletion is possible.

We adhere to generally accepted industry standards to protect Your Personal Data both during transmission and after receipt.

For the storage of Personal Data, the Company uses the Amazon Web Services platform, which is maintained by Amazon.com, Inc., and on servers operated by OpenAI, L.L.C. and its affiliates.

Processing of Personal Data is carried out using computers and/or automated means in accordance with procedures and methods that correspond to the purposes of collecting Personal Data.

Your Personal Data that We Process may be transferred and stored outside the European Economic Area (EEA):

• if there is no adequate decision by the European Commission regarding the country We transfer Data to, We use adopted standard contractual clauses based on legislation assessments for Data protection during transfer and storage;
• if there is an adequate decision by the European Commission regarding the country We transfer Data to, We can transfer Personal Data to that third country without any further safeguards being necessary.

The security of Your Personal Data is important to Us, but remember that no method of transmission over the Internet, or method of electronic storage, is 100% secure. While We strive to use commercially acceptable means to protect Your Personal Data, We cannot guarantee its absolute security.

We apply a variety of security measures appropriate to the possible risks.

In some cases, Personal Data may be available to certain categories of Company’s responsible persons (officials), whose activities are related to ensuring the proper functioning of the Platform, or to Third Party organizations (such as independent providers of technical services, postal organizations, hosting service providers, companies — providers of information technologies, communication services), contractors, and partners of the Company, whom We may entrust with performing the functions of the Processor if necessary. You can additionally ask Us for a list of the above-mentioned persons.

IT service providers. We may engage other companies (including foreign ones) that provide administrative and IT services, including hosting services, the use of cloud services, and databases, which will Process the User's Personal Data on Our behalf in order to provide technical support and proper functioning of the Platform. Such companies may access the User's Personal Data only if it is necessary to carry out the above purposes and in accordance with the provisions of the agreements with these companies on the non-disclosure of confidential information, and such companies are not entitled to use it for any other purpose.

We use the services of Amazon.com, Inc., OpenAI, L.L.C. and their subsidiaries and affiliates to store Personal Data. You can find Amazon.com, Inc.'s privacy policy at the following link: https://aws.amazon.com/privacy/, and the policy of OpenAI, L.L.C. can be found here: https://openai.com/policies/row-privacy-policy/. 

We use Adapty to manage and analyze User engagement and app performance metrics. Adapty helps Us understand User behavior and optimize Our Services. Personal Data collected by Adapty is used in accordance with their privacy policy. To learn more about how Adapty handles Your Personal Data, please visit Adapty's privacy policy at https://adapty.io/privacy/.

We use Mailgun for email communication, including sending notifications, updates, and marketing materials. Mailgun assists Us in managing and delivering Our email communications efficiently. For more details on how Mailgun Processes Your Personal Data, please refer to Mailgun's privacy policy at https://www.mailgun.com/legal/privacy-policy/.

Financial institutions (banks, payment services / tools). We can involve financial institutions that provide financial, banking services, as well as payment services / tools, for the possibility of payment for orders submitted on the Platform. In the event that during the payment You go to the website / form of such a financial institution (bank, payment service / tool), We advise You to familiarize yourself with their privacy policy. Online payments on the Platform may be carried out using the services of the Stripe payment system (Stripe, Inc. and its affiliates, to find out which legal entity can engage in relationships with You, please visit the following link: https://stripe.com/legal/consumer/contracting-entity).

You can find out more about the privacy policy of Stripe Inc. at the following link: https://stripe.com/privacy.

In the event that You provide Your Personal Data directly on the Platform (except when You enter Personal Data in third-party widgets), financial institutions (banks, payment services / tools) may access Your Personal Data only if it is necessary to perform the above-mentioned purposes, and they have no right to use it for any other purpose.

The Company does not have access to Your Personal Data (payment card number, payment cardholder, CVV code, card validity period) that You provide to financial institutions when making payments through the websites of such institutions or with the help of widgets of such institutions placed on the Platform.

‍Authorities (of the European Union, or other countries). We reserve the right to disclose and/or report any Personal Data of the User, if this is required by any law of the European Union or another normative legal act, or a confirmed legal requirement of state authority and/or local authorities, for the purpose of compliance with the requirements of the legislation of the European Union, protection of the integrity of the Platform, to fulfill the requests of Users, state authorities and/or local authorities, or for the purpose of facilitating any investigation by law enforcement agencies or an investigation aimed at guaranteeing public (national) security. In some cases, We may also provide the User's Personal Data to the authorities of the European Union (both national and supranational) and to the authorities of other countries, if such provision of Personal Data is required by law, or in the event of an official request from such an authority as part of a criminal investigation.

You, as a Subject of Personal Data, have the right to interact with its Data directly or through a request to Us. This section describes these rights and how You can exercise them:

• Right to access: You can request an explanation of the Processing of Your Personal Data, as well as details regarding the processing activities, such as the manner in which the Personal Data are processed, the purpose for which the Processing is done, the recipients or the categories of Personal Data recipients, etc.;
• Right to rectification: You have the right to obtain the correction, without justified delay, by the Company of inaccurate / unjustified Personal Data, as well as the completion of incomplete Personal Data;
• Right to erasure (“right to be forgotten”): You can send Us a request to delete Your Personal Data from Our systems and/or databases. We will remove it unless otherwise provided by law;
• Right to restrict the Processing: You may partially or completely prohibit Us from Processing Your Personal Data;
• Right to Data portability: You can request to receive all the Personal Data You provided to Us in a structured way, commonly used and in an easy-to-read format, as well as the right for this Data to be transmitted by the Company to another controller, to the extent that the conditions provided for by law are met; 
• Right to object: You may object to the Processing of Your Personal Data;
• Right not to be subject to an automated individual decision: the right not to be the subject of a decision taken solely on the basis of automated processing activities, including the creation of profiles, which produce legal effects concerning the Subject of Personal Data or similarly affect him in a significant measure;
• Right to withdraw Consent: You can withdraw Your Consent at any time;
• Right to file a complaint: If Your request was not satisfied, You could file a complaint to the regulatory body for the Processing of Personal Data or competent courts, to the extent You deem necessary.

To exercise Your rights, please contact Us using the following email address: hello@wois.io. Please note that before providing the information according to Your request, We may ask You to provide additional Data to confirm Your identity.

If You are a UK resident, You may lodge a complaint at the other Authority in the UK – Information Commissioner’s Office.

You can contact them at 0303 123 1113 or go online at www.ico.org.uk/concerns.

Periodically, with the prior Consent of the User, the Company may send informational and promotional messages regarding the Services, news, and other relevant updates. These messages may include, but are not limited to: 

• Service Updates: information regarding updates, improvements, or changes to the Services offered by the Company. 
• Newsletters: periodic newsletters containing industry news, tips, and other relevant information related to the Services. 
• Special Offers and Promotions: notifications about special offers, discounts, promotions, or deals available to Users. 
• New Features and Products: announcements about new features, products, or Services that may be of interest to the User.
• Other messages that the Company believes may be of interest and importance to the User.

Consent to receive such messages is given by the User by ticking the appropriate checkbox during registration on the Platform, which confirms the User's desire to receive such messages and materials.

In the event that the User did not opt in a corresponding mark in the checkbox or provided Us with a separate email address for marketing purposes, We will not send marketing messages listed above but will only communicate with the User regarding his / her specific request.

If the User agreed to receive such informational and promotional messages, they will be sent by Us for any reason that We consider to be in the User's interests.

At the same time, the User has the right to withdraw the Consent for the further receipt of the above-mentioned materials by submitting an appropriate objection to their receipt by using the “Unsubscribe” function available at the bottom of the received email message, or by contacting Us at hello@wois.io.

We may post active links to sites that are not maintained by the Company. If You visit such sites, You should review their privacy policies and operating principles. We are not responsible for the Personal Data Processing policies and practices of other companies, and any information You provide to such companies is subject to their Company policies.

Before filing a claim in court in disputes arising from the relationship between the User and Us, it is mandatory to submit a claim (a written proposal for voluntary settlement of the dispute). The recipient of the claim shall, within 30 (thirty) calendar days from the date of receipt of the claim, notify the applicant of the claim in writing about the results of the consideration of the claim.

All claims shall be considered by the Company in writing and sent to the Company's email address, namely: hello@wois.io.

In case of failure to reach a compromise, the dispute will be referred to the court of Arbitration of the Estonian Chamber of Commerce and Industry (ACECCI). The arbitral tribunal shall be composed of a sole arbitrator. The seat, or legal place, of arbitration shall be Tallinn, Estonia. The language to be used in the arbitral proceedings shall be English. The governing law of the Policy shall be the substantive law of the Republic of Estonia.

We have the right to make changes to the Policy at any time and for any reason by posting a new version of the Policy at the above link. We strongly recommend that You check the Policy and the date of the last change from time to time to stay informed of the latest changes.

If You do not agree with any changes made to the Policy, You must stop using the Platform, and You can also request the deletion of Your Personal Data.

If there are material changes to the Policy or the Platform that affect Your Data privacy rights, We will notify You by displaying information on the Platform and, if necessary, ask for Your Consent.

If You have any comments, doubts, or questions regarding the Policy, please contact Us at hello@wois.io.

We will try to answer You as soon as possible, but no longer than within 30 (thirty) calendar days.

This section applies only if You are a resident of certain U.S. states that have implemented state-level privacy laws. You, as a Subject of Personal Data, have some special privacy rights. To use them, please contact Us at hello@wois.io.

Please note! Depending on the state and legislative requirements, We have from 30 to 60 days to exercise Your request, with the right to postpone it for 30 days more.

If Your complaint is not satisfied, You can file a complaint with the Federal Trade Commission.

Your rights vary depending on the laws that apply to You, but may include:

Access to specific Data and the right to transfer Data

With certain exceptions, if You are a resident of the state of California, USA, You have the right to request a copy of the Personal Data (defined as Personal information for the purposes of this section) We have collected about You in the 12 (twelve) months prior to Your request. After receiving Your request and establishing Your identity, We will inform You of:

– categories of Personal information that We have collected about You;

– Our business or commercial purpose for collecting such Personal information;

– categories of Third Parties with whom We share this Personal information.

‍

Non-discrimination

We will not discriminate against You for exercising Your rights related to the Processing of Your Personal information, as well as Your right to refuse to receive Our Services in the future, or for refusing to receive further marketing, informational / advertising materials from Us.

‍

Do not sell my Personal information

California residents have the right under the California Consumer Privacy Act to opt out of the “sale” of their Personal information by a company governed by CCPA. We do not and will not “sell” Your Personal information, but We recognize that the CCPA defines “Personal information” in such a way that providing access to identifiers associated with You may be considered a “sale”. In the event that these Platform visitor identifiers and inferences may be identified as a sale under the CCPA, please use the “Do not sell my Personal information” setting on the Platform's home page. After receiving Your request through the “Do not sell my Personal information” setting, the Company makes a corresponding entry in its database of Personal information / Platform Users, which indicates that the Company is aware of the impossibility of further selling Your Personal information. Also, if You would like to record Your preference that We will not “sell” Your Personal information in the future, please contact Us via hello@wois.io.

We generally do not collect information that is considered sensitive Personal information (as defined under the CCPA). In the limited circumstances that We do, such as the collection of Your username and password, We do not collect this information for the purpose of inferring characteristics about You.

The conditions of this section apply only to residents of Ukraine, which is contained in the Privacy Policy and relates to specific requirements, in accordance with the provisions of the legislation of Ukraine, in particular, the Law of Ukraine “On Personal Data Protection” №2297-VI dd. 01.06.2010. 

Each User’s personal non-proprietary rights regarding Personal Data are inalienable and inviolable. 

The User, resident of Ukraine, has the following rights in relation to the provided Personal Data:

- to know about the sources of collection, location of the provided Personal Data, purposes of their Processing, and location of the Company;

- to receive information about the conditions for providing access to Personal Data, in particular, information about Third Parties to whom Your Personal Data is transferred;

- to access his / her Personal Data;

- to receive, no later than 30 (thirty) calendar days from the date of receipt of the request, except in cases provided for by law, a response on whether his or her Personal Data is Processed, as well as to receive the content of such Personal Data;

- to submit a reasoned request to the Controller with an objection to the Processing of his / her Personal Data;

- to submit a reasoned request to change or destroy his / her Personal Data by the Company if this Data is Processed illegally or is unreliable;

- to protect his / her Personal Data from unlawful Processing and accidental loss, destruction, damage due to intentional concealment, failure to provide or untimely provision, as well as to protect against the provision of information that is inaccurate or discrediting the honor, dignity and business reputation of the User;

- to file complaints about the Processing of Personal Data to the Ukrainian Parliament Commissioner for Human Rights or to the court;

- to apply legal remedies in case of violation of the legislation on the protection of Personal Data;

- to make warnings regarding the restriction of the right to Process his / her Personal Data when giving Consent;

- if We Process Your Personal Data on the basis of the User’s prior Consent to this Processing – to withdraw the Consent to the Processing of Personal Data, after which such Processing will cease;

- if the Personal Data is exclusively processed automatically, including profiling, which may have legal consequences for the User – to receive protection from an automated decision.

In order to exercise any of the above rights, the User shall contact the Company in writing at the following email address: hello@wois.io. 

The Subject of Personal Data is obliged to submit a request for access to Personal Data to the Controller, in accordance with the requirements provided for in Part 3 of Article 16 of the Law of Ukraine “On Personal Data Protection” №2297-VI dd. 01.06.2010. The period for examining the request for its satisfaction will not exceed 10 (ten) business days from the date of its receipt. During this period, the Controller will inform the User submitting the request that the request will be granted, or the relevant Personal Data will not be provided, indicating the grounds specified in the relevant regulatory legal act. The request shall be satisfied within 30 (thirty calendar days from the date of its receipt, unless otherwise provided by law.

The Controller will notify the Ukrainian Parliament Commissioner for Human Rights of the Processing of Personal Data that poses a particular risk to the rights and freedoms of Personal Data Subjects within 30 (thirty) business days from the date of commencement of such Processing.