Wolfia Inc. Privacy Policy
Last updated: June 3, 2025
1. Introduction and Scope
Welcome to Wolfia Inc. ("Wolfia," "we," "us," or "our"). This Privacy Policy details how we collect, use, share, secure, and otherwise process information relating to identified or identifiable individuals ("Personal Information") in connection with our business activities.
This policy applies when you visit our websites (such as wolfia.com and docs.wolfia.com), use the Wolfia Platform (our AI-powered answer engine and related features), interact with our marketing, sales, or customer support teams, or otherwise engage with our Services (collectively, the Services).
Please note this policy does not cover third-party websites, applications, or services that may integrate with or be linked from our Services (Third-Party Services). We encourage you to review the privacy policies of those third parties. Additionally, the use of the Wolfia Platform by our business customers (Customers) is governed by our Master Subscription Agreement (MSA). The Customer controls their instance of the Platform and the associated data ("Service Data") processed within it. In relation to Service Data, Wolfia acts primarily as a "processor" or"service provider" on behalf of the Customer, who is the "controller" or "business". This policy primarily describes how Wolfia processes Personal Information for its own purposes (where Wolfia is the controller), such as website visitor data, marketing contact information, and account administration data ("Other Information").
2. Personal Information We Collect
We collect Personal Information from various sources to provide and improve our Services:
2.1 Information You Voluntarily Provide
| Account and Profile Data | When you or your organization (our Customer) registers for an account, we collect information such as your name, email address, phone number, password, company name, job title, and similar contact or professional details. |
| Payment Data | For paid Services, we or our third-party payment processors collect payment details like credit card numbers or bank account information, billing address, and transaction history. We do not store full payment card numbers ourselves. |
| Communications Data | If you contact us via email, support channels, surveys, feedback forms, or social media, we collect the content of your messages, your contact details, and associated metadata. |
| Marketing Data | When you subscribe to newsletters, register for webinars, download content, or attend events, we collect your contact information and marketing preferences. |
| Job Applicant Data | If you apply for a job with Wolfia, we collect information included in your application, such as your resume, cover letter, employment history, and references. |
2.2 Information Collected Automatically via Technology
| Log Data | Like most websites and online services, our servers automatically record information when you access our Services. This includes your Internet Protocol (IP) address, browser type and settings, operating system, device identifiers, date/time stamps, referring/exit pages, and clickstream data. |
| Usage Data | We collect information about how you interact with our Services, such as features accessed, time spent on pages, actions taken within the platform, performance metrics, and error reports. |
| Cookies and Similar Technologies | We use cookies (small text files stored on your device) and similar tracking technologies (like web beacons or pixels) to operate and personalize the Services, analyze usage, and support marketing efforts. These may collect identifiers, usage data, and preferences. Types of cookies we may use include essential, functional, analytics, and advertising cookies. You can typically manage cookie preferences through your browser settings. |
| Location Data | We may infer your general geographic location (e.g., city, country) based on your IP address. More precise location data may be collected if enabled on your device settings, typically for specific features. |
2.3 Information from Other Sources
| Customers (Service Data) | Our Customers upload or connect data sources to the Wolfia Platform (Service Data). While Wolfia processes this data as instructed by the Customer, it may contain Personal Information about the Customer's employees, users, or contacts. |
| Third-Party Services | If you or your Customer integrates Third-Party Services with Wolfia (e.g., Google Drive, Google Workspace, SSO providers, or data repositories), we may receive information from those services according to the permissions granted during the integration setup. For Google Drive integration specifically, we only access file metadata (such as file names, types, sizes, modification dates, and folder structure) and file contents of documents that you explicitly choose to import into Wolfia. We do not scan, index, or access other files in your Google Drive account beyond those you specifically select for import. |
| Partners and Public Sources | We may receive information from business partners, data brokers, or publicly available sources (like LinkedIn) to supplement our records, identify potential customers, or enhance marketing accuracy. |
3. How and Why We Use Personal Information (Legal Basis)
We process your Personal Information only for specific, legitimate purposes and rely on one or more legal bases for doing so, depending on the context:
| To Provide and Manage the Services | Basis: Contractual Necessity, Legitimate Interests. Operating, maintaining, securing, and improving our websites and the Wolfia Platform; creating and managing user accounts; processing payments; providing customer support; fulfilling our obligations under the MSA. For Google Drive integration, this includes providing document search functionality, generating summaries of your imported files, and enabling AI-powered question answering based on your document content within your private Wolfia workspace. |
| To Communicate with You | Basis: Legitimate Interests, Contractual Necessity, Consent. Responding to inquiries; sending important service-related announcements (e.g., maintenance, security alerts, policy updates); sending marketing communications about products, promotions, or events (where consent is obtained or otherwise permitted). You can opt-out of marketing emails at any time. |
| For Research and Development | Basis: Legitimate Interests. Analyzing usage patterns and feedback to understand user needs, enhance existing features, develop new products and services, and improve user experience. We prioritize using aggregated or de-identified data for this purpose where feasible. Google Drive content is never used for developing or training general AI models that serve other users. |
| For Security and Fraud Prevention | Basis: Legitimate Interests, Legal Obligation. Detecting, preventing, and responding to security threats, fraud, abuse, technical issues, or violations of our terms. |
| To Comply with Legal Obligations | Basis: Legal Obligation. Meeting legal and regulatory requirements; responding to lawful requests from public authorities (e.g., subpoenas, court orders). |
| For Business Operations and Analytics | Basis: Legitimate Interests. Performing data analysis, audits, financial reporting, measuring marketing effectiveness, and general business administration. |
Service Data Processing: When processing Service Data on behalf of a Customer, we do so solely based on the Customer'sinstructions as outlined in the MSA. The Customer is responsible for ensuring they have a valid legal basis for processing the Personal Information within their Service Data.
AI Training Limitation: As stated in our MSA, we commit not to use Customer's Service Data (content indexed or queries made within their specific instance) to train general-purpose AI models offered externally by Wolfia or third parties, without explicit, prior written consent. Aggregated, anonymized usage statistics may be used for internal model refinement related to service performance and reliability, but not in a way that exposes Customer-specific content.
4. Data Sharing and Disclosure
We share Personal Information only when necessary and in the following circumstances:
| Service Providers | With trusted third-party companies that help us operate our business (e.g., cloud hosting providers like AWS/GCP/Azure, payment processors, CRM systems, analytics tools, email service providers). These providers are contractually obligated to protect the data and use it only for the services they provide to us. |
| Customer Instructions | Service Data is shared as directed by the Customer, for example, when they grant access to Authorized Users or enable integrations with Third-Party Services. |
| Corporate Affiliates | Within the Wolfia group of companies for operational efficiency and purposes consistent with this policy. |
| Business Transactions | In connection with a potential or actual merger, acquisition, financing, reorganization, bankruptcy, sale of assets, or transition of service, information may be transferred to the relevant third parties, subject to confidentiality agreements. |
| Legal Compliance and Safety | If required by law or if we believe in good faith that disclosure is necessary to protect our rights, property, or safety, or that of our users, employees, or the public (e.g., responding to legal requests, preventing fraud). |
| Aggregated/De-identified Data | We may share data that has been aggregated or de-identified such that it cannot reasonably be used to identify an individual. |
| With Your Consent | For any other purpose disclosed to you at the time we collect the information or pursuant to your explicit consent. |
5. Data Security
We implement robust technical and organizational security measures designed to protect Personal Information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These include measures like data encryption (in transit and at rest), access controls, network security monitoring, vulnerability management, regular security testing, employee security training, and incident response procedures.
However, please understand that no security system is impenetrable. While we strive to protect your information, we cannot guarantee absolute security. You also play a role in security by safeguarding your account credentials and using secure networks.
OAuth access and refresh tokens are stored and backed up in an encrypted, access-controlled secrets vault and are never written to application logs. All customer data stored in backups is encrypted using AES-256 at rest.
6. Data Retention
We retain Personal Information for as long as is necessary to fulfill the purposes for which it was collected, including providing our Services, complying with legal obligations (e.g., tax, accounting, E-discovery), resolving disputes, enforcing agreements, and pursuing legitimate business interests.
Retention periods vary depending on the type of information and the context. For example, account information is generally kept for the duration of your active relationship with us, plus a reasonable period for operational or legal needs. Google Drive files and their metadata are kept until the customer (a) deletes the import in Wolfia, (b) disconnects the Google integration, or (c) terminates the account—whichever happens first. Service Data retention is primarily governed by the Customer's agreement (MSA) and their configuration choices within the Service. When retention is no longer necessary, we securely delete or anonymize the information. If deletion is not immediately possible (e.g., due to backup archives), we will securely store the data and isolate it from further processing. Encrypted backups containing Google Drive data are automatically purged on a 90-day rolling basis to ensure complete data removal.
7. Your Privacy Rights and Choices
Depending on your geographic location and applicable data protection laws, you may have certain rights concerning your Personal Information. These rights may include:
| Access | Requesting a copy of the Personal Information we hold about you. |
| Correction (Rectification) | Requesting correction of inaccurate or incomplete data. |
| Deletion (Erasure) | Requesting deletion of your data under certain circumstances (e.g., if it's no longer needed for the original purpose). |
| Restriction of Processing | Requesting that we limit how we use your data in certain situations. |
| Data Portability | Requesting your data in a structured, machine-readable format, where applicable. |
| Objection | Objecting to processing based on legitimate interests or for direct marketing purposes. |
| Withdrawal of Consent | If processing is based on consent, you can withdraw it at any time (this doesn't affect past processing). |
| Opt-Out of Marketing | You can unsubscribe from marketing emails using the link provided in the emails or by contacting us. |
Additional Disclosures for California Residents (CCPA/CPRA)
California residents may have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including the rights to access, delete, and opt-out of the sale or sharing of personal information (as those terms are defined). The rights listed above (access, correction, deletion, etc.) map to these statutes.
To exercise applicable rights, please contact us using the details in the Contacting Wolfia section below. We will respond to verifiable requests within the timeframe required by law. We may need to request additional information to verify your identity. Please note that certain rights may be limited, for example, if fulfilling your request would impede our legal obligations or affect the rights of others. If your request pertains to Service Data controlled by one of our Customers, we will direct you to contact the Customer administrator.
You may also have the right to lodge a complaint with your local data protection supervisory authority.
8. Children's Privacy
Our Services are not designed for or directed at individuals under the age of 16 (or other applicable minimum age). We do not knowingly collect Personal Information from children. If we become aware that we have inadvertently collected Personal Information from a child, we will take steps to delete it promptly. Please contact us if you believe a child has provided us with Personal Information.
9. Third-Party Links
Our Services may contain links to external websites or services operated by third parties. This Privacy Policy does not apply to the practices of those third parties. We encourage you to review their privacy policies before providing them with any Personal Information.
10. Google API Services User Data Policy
For features involving Google integrations, Wolfia's use and transfer of information received from Google APIs adhere strictly to the Google API Services User Data Policy, including its Limited Use requirements. Information obtained via Google APIs is used exclusively to provide document search functionality, generate summaries of your imported files, and enable AI-powered question answering within your private Wolfia workspace. Google Drive data is not used for developing or training general AI models, for serving advertising, for product development unrelated to your specific use case, or transferred to others except as necessary for providing the specific features you have enabled, security purposes, legal compliance, or with your explicit consent.
We use only the drive.readonly scope to access Google Drive data, ensuring least-privilege access. You maintain full control over which Google Drive files are imported into Wolfia through selective file and folder import controls. We only access Google Drive files that you explicitly choose to import and do not scan, index, or access other files in your Google Drive account. You can selectively import specific files or folders and remove any imported content at any time through your Wolfia dashboard.
You may revoke Wolfia's access to your Google account at any time by using the Disconnect Google option in your account settings or by visitingGoogle's app permissions page at https://myaccount.google.com/permissions. Revoking access immediately invalidates our OAuth tokens, and all Google Drive files previously imported into Wolfia are queued for deletion within 24 hours. Encrypted backups are automatically purged on a 90-day rolling basis to ensure complete data removal.
11. Changes to This Privacy Policy
We may revise this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service offerings. The Last updated date at the top indicates the latest revision. If we make significant changes, we will provide more prominent notice, such as by email or through a notification within the Services, and may seek consent if required by law. We encourage you to review this policy periodically.
12. Contacting Wolfia
If you have any questions, concerns, or requests regarding this Privacy Policy or our handling of your Personal Information, please contact our Privacy Team:
| privacy@wolfia.com | |
| Postal Mail | Wolfia Inc., Attn: Privacy Team, 10500 Avery Club Drive Unit 6, Austin TX 78717 |