How we handle your data.

What we collect

We try to collect the minimum we need to make Wootality work for you. In practice, that breaks down into four categories:

Account information

• The email address you use to sign in.
• Profile metadata you set yourself (display name, profile picture).
• Account preferences (default model, UI settings).

Content you create

• Conversations you have with the assistant, including the messages you send and the responses it returns.
• Knowledge-base documents and notes you save in the app.
• Agents, flows, skills, schedules, and API keys you configure.
• Workspace connector credentials you choose to connect (Notion, Slack, Google Drive, GitHub, and so on).

Usage data

• Which actions you take in the app and when, so we can debug issues and bill correctly.
• Token-level AI usage and cost, so you can see your own spend on the usage dashboard.
• Audit log entries for security-relevant events (sign in, key creation, permission changes).

Technical data

• Server-side request logs (IP address, user agent, requested URL, response status) used for security and abuse prevention.
• A small, security-related cookie set on your first visit and a session cookie after you sign in. No third-party advertising trackers.

Why we collect it

Every category above maps to one of a small number of reasons:

• To deliver the service. We can't answer your messages without sending them to the AI model provider. We can't show you your conversations without storing them.
• To prevent abuse. Rate limits, audit logs, and IP records exist so that one user can't degrade the service for everyone else.
• To bill correctly. Usage numbers feed your dashboard and (when billing is enabled) your invoice.
• To improve quality. We look at anonymous, aggregated metrics — error rates, latency, which features get used — to decide what to fix next. We do not read your conversations for product research, and we do not use them to train models.

How long we keep it

In general, we keep your data for as long as your account is active. That's the simplest honest answer: we don't proactively delete your conversations or documents, because you may want to come back to them.

When you delete an item in the app (a conversation, a document, a connector), it is removed from the active database. Database backups roll off on their own schedule (typically within 30 days). Server-side request logs are retained for a short window — long enough to investigate incidents, short enough to limit exposure.

If you ask us to delete your account, we delete it and the data attached to it. See How to request deletion.

Who we share it with

Two categories of third party, both required to deliver the product:

• AI model providers. When you send a message, the conversation is forwarded to the model provider that generates the response. We use commercial AI providers under their standard API terms; we do not opt into any program that lets them train their models on your data.
• Infrastructure vendors. The companies that host our servers, database, email, payments, and error reporting. They process data on our behalf, under contract, only as necessary to run the service.

We do not sell your data. We do not share it with advertisers or data brokers. We will disclose data when required to by law (subpoena, court order, lawful government request) and will tell you about it where we are legally allowed to.

If you need a specific list of subprocessors for a procurement review, email hello@wootality.com and we'll send it.

Security

We take reasonable, industry-standard measures to protect your data:

• Connections to Wootality are served over HTTPS.
• Workspace connector tokens and OAuth credentials are encrypted at rest with AES-256-GCM.
• Authentication uses HttpOnly, Secure, SameSite cookies and short-lived JWTs.
• Access to production systems is limited to the team members who need it, and is logged.

No system is unbreakable. If you discover a vulnerability, please email hello@wootality.com and we'll get back to you quickly.

Your choices

You can:

• Review and update your profile and account settings inside the app.
• Delete individual conversations, documents, agents, flows, skills, schedules, API keys, and workspace connectors from the app at any time.
• Disconnect a workspace integration to revoke the OAuth grant we hold for it.
• Export the data you've put into the app — email us and we'll help.
• Ask us to delete your account and the data attached to it.

How to request deletion

Email hello@wootality.com from the address on your Wootality account and ask us to delete your account. We'll confirm by reply, do it, and let you know when it's done.

Some records — for example, billing and tax records, or audit entries we are legally required to keep — may persist after account deletion. We hold only what we need to for the period required by law, and we don't use it for anything else.

Children

Wootality is not intended for use by children under 13. If you believe a child has created an account, email hello@wootality.com and we'll remove it.

Changes to this policy

We'll update this page when our practices change. The "Last updated" date at the top will reflect the most recent revision. If a change is material, we'll let active accounts know by email before it takes effect.

Contact

Privacy questions, deletion requests, procurement reviews, or anything else covered on this page: hello@wootality.com.