Privacy Policy

This Privacy Policy describes how Wocky Inc. (“Wocky,” “we,” “us,” or “our”) collects, uses, stores, shares, and protects your personal information when you use the wocky.ai platform, website, application programming interfaces, and associated services (collectively, the “Service”).

This Privacy Policy applies to all users of the Service, including visitors to our website, registered account holders, and any individual whose information we process in connection with the Service. By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your information as described herein.

We are committed to protecting your privacy and handling your data with transparency and care. If you have any questions about this Privacy Policy or our data practices, please contact us at privacy@wocky.ai.

We collect several categories of information to provide, maintain, and improve the Service. The types of information we collect include:

2.1 Account Information

When you create a wocky.ai account, we collect your email address and a password that you set during registration. If you choose to provide additional profile information, such as your name or organization name, we collect that information as well. We use your email address as your primary identifier and for account-related communications, including billing notifications, security alerts, and service updates.

2.2 Social Media Credentials

To enable the Service to log into and manage your social media accounts on their respective platforms, you provide us with your social media usernames and passwords. These credentials are stored in encrypted form using AES-256 encryption and are used exclusively for the purpose of automated login on your assigned ghost phones. Social media credentials are never stored in plaintext, are never shared with third parties, and are accessible only to the automated systems that perform login operations on your ghost phones.

2.3 Usage Data

We automatically collect information about how you interact with the Service, including the features you access, the pages you visit within the dashboard, the actions you take (such as creating projects, adding accounts, scheduling posts, and modifying settings), timestamps of your activity, and the frequency and duration of your sessions. This data helps us understand how the Service is used and enables us to improve functionality and user experience.

2.4 Device and Browser Information

When you access the Service through a web browser, we automatically collect certain technical information, including your IP address, browser type and version, operating system, screen resolution, referring URL, and language preference. This information is collected through standard web server logs and is used for security monitoring, analytics, and service optimization.

2.5 Cloud Phone Activity Logs

We maintain logs of activity performed on the ghost phones assigned to your account. These logs include records of login attempts (successful and failed), content posting events, warmup activity summaries, app interactions, network requests, proxy connection status, and device health metrics. Activity logs are used for troubleshooting, security monitoring, service optimization, and to provide you with visibility into the operations performed on your behalf.

2.6 Social Media Analytics Data

The Service periodically collects publicly available analytics and performance data from the social media accounts you manage through the platform. This includes follower counts, following counts, total views, total likes, comment counts, engagement rates, post performance metrics, and profile information. This data is scraped at regular intervals determined by your subscription plan and is stored in your account for display in the analytics dashboard. We use this data to provide you with growth tracking and engagement reporting features.

We use the information we collect for the following purposes:

• Service Operation: To provide, maintain, and operate the core functionality of the Service, including provisioning ghost phones, logging into social media accounts, executing scheduled posts, performing account warmup, and collecting analytics data on your behalf.
• Service Improvement: To analyze usage patterns, identify bugs and performance issues, develop new features, and optimize the user experience. We may use aggregated, anonymized data for research and statistical analysis.
• Customer Support: To respond to your inquiries, troubleshoot technical issues, and provide assistance with account and billing matters. Support interactions may be logged for quality assurance and training purposes.
• Security: To detect, prevent, and respond to fraud, abuse, security incidents, and other harmful activity. This includes monitoring for unauthorized access, suspicious login patterns, and violations of our Terms of Service.
• Communications: To send you transactional emails related to your account (such as billing receipts, password reset requests, and security alerts), as well as service-related announcements about new features, maintenance windows, and policy changes. We do not send unsolicited marketing emails without your opt-in consent.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, and enforceable governmental requests, and to enforce our Terms of Service and protect the rights, property, and safety of Wocky, our users, and the public.

Your account data is stored in a managed database with enterprise-grade infrastructure, automated backups, encryption at rest, and high availability.

Social media credentials are encrypted before being stored and are decrypted only at the point of use by automated systems that operate ghost phones. They are never exposed in plaintext in logs, API responses, or administrative interfaces.

All communication between your browser and our servers is encrypted using HTTPS. Our infrastructure is secured with industry-standard measures including firewalls, encrypted data transmission, and least-privilege access controls.

While we implement robust security measures, no method of electronic transmission or storage is 100% secure. In the event of a data breach, we will notify affected users and relevant authorities in accordance with applicable laws.

We use third-party service providers for infrastructure, hosting, authentication, payment processing, and cloud device management. These providers may process certain data on our behalf in order to deliver the Service.

Your payment information is collected and processed directly by our payment processor and is never stored on our servers. We receive only a tokenized reference and basic transaction details.

We select providers that maintain high standards of data protection and security. However, we are not responsible for the privacy practices of third-party providers and encourage you to review their respective policies.

We do not sell, rent, lease, or trade your personal information to third parties for marketing or advertising purposes. We do not share your data with any third party for their own independent use, except as described below.

We may share your information in the following limited circumstances:

• Service Providers: We share data with the third-party service providers described in Section 5, strictly as necessary to operate and deliver the Service. These providers are contractually obligated to use your data only for the purposes of providing services to us and to maintain the confidentiality and security of your information.
• Legal Requirements: We may disclose your information if required to do so by law, regulation, legal process, or enforceable governmental request. This includes responding to subpoenas, court orders, or other legal obligations. We may also disclose information when we believe in good faith that disclosure is necessary to protect the rights, property, or safety of Wocky, our users, or the public.
• Business Transfers: In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of the transaction. We will notify you via email or a prominent notice on our website of any change in ownership or uses of your personal information, as well as any choices you may have regarding your information.
• With Your Consent: We may share your information with third parties when you have given us explicit consent to do so.

We use cookies and similar technologies on our website and in the Service for the following purposes:

• Authentication Cookies: We use session cookies to maintain your login state and authenticate your identity as you navigate the dashboard. These cookies are essential for the Service to function and are set when you log in. They expire when you log out or after a period of inactivity.
• Preference Cookies: We may use cookies to remember your preferences and settings, such as your selected dashboard view or billing cycle preference. These cookies enhance your experience by personalizing the Service to your preferences.
• Security Cookies: We use cookies to detect and prevent fraudulent activity, such as unauthorized login attempts or session hijacking.

We do not use third-party advertising cookies, tracking pixels, or retargeting technologies. We do not serve ads on our platform, and we do not allow third-party advertisers to place cookies or tracking technologies on our website. Your browsing activity on wocky.ai is not tracked by external advertising networks.

Most web browsers allow you to control cookies through their settings. You can configure your browser to reject cookies, delete existing cookies, or alert you when a cookie is being set. However, disabling authentication cookies will prevent you from logging into the Service.

Depending on your jurisdiction, you may have certain rights regarding your personal information. We are committed to honoring these rights and providing you with control over your data. Your rights may include:

• Right of Access: You have the right to request a copy of the personal information we hold about you. You can access most of your data directly through the dashboard, including your account information, project configurations, post history, and analytics data. For a complete data export, contact us at privacy@wocky.ai.
• Right to Correction: You have the right to request correction of any inaccurate or incomplete personal information we hold about you. You can update your email address and password directly in your account settings. For other corrections, contact us at privacy@wocky.ai.
• Right to Deletion: You have the right to request the deletion of your personal information. You can delete your account through your account settings, which will initiate the 30-day data retention and deletion process described in Section 9. If you wish to request immediate deletion, contact us at privacy@wocky.ai.
• Right to Data Export: You have the right to receive your personal data in a structured, commonly used, and machine-readable format. You can request a data export by contacting us at privacy@wocky.ai. We will provide your data in JSON or CSV format within 30 days of your request.
• Right to Object: You have the right to object to the processing of your personal information in certain circumstances, such as processing based on legitimate interests. To exercise this right, contact us at privacy@wocky.ai with a description of the processing activity to which you object.
• Right to Restrict Processing: In certain circumstances, you have the right to request that we restrict the processing of your personal information, such as when you contest the accuracy of the data or when processing is unlawful.

To exercise any of these rights, contact us at privacy@wocky.ai. We will respond to all legitimate requests within 30 days. We may request additional information to verify your identity before processing your request. We will not discriminate against you for exercising any of these rights.

We retain your personal information for as long as your account is active and as necessary to provide you with the Service. The specific retention periods for different categories of data are as follows:

• Account Data: Your account information (email, password hash, profile details) is retained for the duration of your active subscription. Upon account cancellation or termination, account data is retained for 30 days to allow for reactivation or data export, after which it is permanently deleted.
• Social Media Credentials: Encrypted social media credentials are retained while the associated social media account is active in your wocky.ai account. When you remove a social media account from the platform, or when your wocky.ai account is cancelled, credentials are permanently deleted within 30 days.
• Usage and Activity Logs: Usage data and cloud phone activity logs are retained for 90 days for active accounts for troubleshooting and security purposes. Upon account cancellation, these logs are deleted within 30 days.
• Analytics Data: Social media analytics data (follower counts, view counts, engagement metrics) is retained for the duration of your active subscription. After account cancellation, individual analytics records are deleted within 30 days. However, we may retain aggregated, anonymized analytics data that cannot identify you or your accounts for the purpose of improving the Service, conducting research, and generating industry benchmarks.
• Post Records: Records of scheduled and published posts, including associated media files, are retained while your account is active. Upon cancellation, post records and media files are deleted within 30 days.
• Billing Records: Transaction records and billing history may be retained for up to 7 years after your last transaction, as required by applicable tax and financial reporting regulations.

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect, use, or disclose personal information from anyone under 18 years of age. By creating an account and using the Service, you represent and warrant that you are at least 18 years old.

If we discover or are notified that we have collected personal information from a user under 18, we will take immediate steps to delete that information and terminate the associated account. If you believe that we may have inadvertently collected information from a person under 18, please contact us immediately at privacy@wocky.ai so that we can take appropriate action.

Parents and guardians who become aware that their child has provided personal information to us without their consent should contact us at privacy@wocky.ai. We will work promptly to remove the information and close the account.

Wocky is operated from the United States. If you access the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States or other countries where our infrastructure providers maintain data centers, including countries in the European Union.

Data protection laws in these countries may differ from those of your country of residence. By using the Service, you consent to the transfer of your information to the United States and other jurisdictions as described in this Privacy Policy. We take appropriate measures to ensure that your personal information receives an adequate level of protection in the jurisdictions in which we process it.

For users in the European Economic Area (EEA), the United Kingdom, or Switzerland, we rely on the following legal bases for processing your personal information: (a) your consent, where you have provided it; (b) the performance of our contract with you (the Terms of Service); (c) our legitimate interests in operating and improving the Service, provided that such interests are not overridden by your rights and interests; and (d) compliance with our legal obligations.

Where we transfer personal data from the EEA, UK, or Switzerland to countries that have not been deemed to provide an adequate level of data protection, we use appropriate safeguards such as Standard Contractual Clauses approved by the European Commission to protect your data.

We may update this Privacy Policy from time to time to reflect changes in our data practices, legal requirements, or business operations. When we make material changes to this Privacy Policy, we will update the “Last updated” date at the top of this page and provide notice through one or more of the following methods: a prominent notification within the Service, an email to the address associated with your account, or a banner on our website.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of the Service after the effective date of any revised Privacy Policy constitutes your acceptance of the updated terms. If you do not agree to the changes, you should discontinue your use of the Service and delete your account.

For material changes that significantly affect how we process your existing data, we will provide at least 30 days’ advance notice before the changes take effect, giving you the opportunity to review the changes and, if you choose, to export your data and close your account.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: