Skip to content
Witara

Privacy Policy

A clearer privacy baseline for a serious product.

This page is intentionally more complete than a placeholder trust surface. It explains what data Witara uses, why we use it, how long we keep it, what rights people have, and where to go when they need help.

Effective date: April 11, 2026

We collect what the product needs

That includes account data, workspace content, connection data for integrations, and service logs needed to operate the platform.

We do not sell personal information

We do not sell private workspace content and we do not use it for unrelated advertising or hidden profiling.

We keep rights actionable

You can request access, correction, deletion, export, or account help by writing to help@witara.site.

1. Scope and who is responsible

This Privacy Policy applies to the Witara website, product applications, onboarding flows, integrations, support interactions, and operational systems that are linked to this policy.

For the purposes of this policy, “Witara,” “we,” “our,” and “us” refer to the operator of the Witara service. Questions, rights requests, and privacy notices can be sent to help@witara.site. Product and trust-related review can also be directed to councillor@witara.site.

This page is intended to provide a clear operating baseline for data protection across early access and production use. It should be read together with our Security page and Terms of Use.

2. The information we collect

  • Account and identity data: name, email address, authentication credentials, session identifiers, and account preferences.
  • Workspace content: tasks, events, notes, contexts, circles, reminders, preferences, transaction records, and other content you intentionally add to the service.
  • Integration data: calendar connection details, provider metadata, sync status, and event data imported from services you choose to connect.
  • Communications data: support emails, verification messages, onboarding responses, referral metadata, and product feedback you submit to us.
  • Technical and operational data: IP address, browser and device information, approximate location inferred from IP, service logs, error logs, security events, and analytics events needed to improve reliability and product understanding.
  • Payment or billing data, if and when a paid plan exists: transaction references and billing state. We do not intend to store raw payment card numbers ourselves.

3. Where that information comes from

  • Directly from you when you register, log in, create content, connect integrations, or contact us.
  • Automatically from your use of the website and product, including cookies, logs, analytics events, and device/browser signals.
  • From third-party providers you authorize, such as Google Calendar, Microsoft Outlook, or public iCal feeds.
  • From service providers who help us host infrastructure, deliver email, monitor availability, or maintain security.

4. Why we use personal information

  • To create and secure accounts, verify email ownership, manage sessions, and prevent unauthorized access.
  • To provide the core Witara product, including storing your workspace, generating recommendations, syncing connected services, and returning your data inside the application.
  • To communicate with you about onboarding, support, product changes, security events, and account notices.
  • To monitor quality, investigate incidents, prevent abuse, and maintain the safety, integrity, and availability of the service.
  • To understand adoption and improve product flows through aggregated or event-level analytics that help us evaluate what is working and what is not.
  • To comply with legal obligations, enforce our terms, respond to valid legal requests, and protect our users, service, and company.

5. Our legal bases for processing

Where laws such as the GDPR or UK GDPR apply, we rely on one or more of the following legal bases depending on the context: performance of a contract, legitimate interests, consent, and compliance with legal obligations.

  • Contract: when we need data to provide the service you asked us to provide, such as creating your account, storing your workspace, or operating a connected integration.
  • Legitimate interests: when we need data to keep the product secure, improve reliability, understand usage patterns, and prevent abuse in a proportionate way.
  • Consent: when a feature depends on permission you can control, such as a third-party integration you explicitly connect or certain optional communications.
  • Legal obligation: when we must retain or disclose information to comply with applicable law, lawful requests, or regulatory requirements.

6. Cookies, sessions, and analytics

  • We use essential cookies and related browser storage to keep you logged in, protect sessions, and preserve product behavior that is necessary for the service to function.
  • We also use analytics events and limited website analytics to understand product adoption, reliability, and funnel performance.
  • We do not use private workspace content for behavioral advertising, and we do not currently treat user content as inventory for sale or ad targeting.
  • If our cookie or analytics posture materially changes, we will update this policy and the relevant product surfaces clearly.

7. Sharing and disclosure

We share personal information only when it is needed to run the service, comply with law, or protect the product and our users.

  • Infrastructure and hosting providers, including providers used for web delivery, backend hosting, and database storage.
  • Email and communications providers used to send verification codes, operational messages, and support-related email.
  • Integration providers you choose to connect, such as Google or Microsoft, when your actions require us to exchange data with them.
  • Professional advisers, auditors, regulators, or law enforcement when disclosure is required or reasonably necessary.
  • A buyer, investor, or successor entity in the context of a merger, acquisition, financing, restructuring, or sale of assets, subject to appropriate confidentiality and transfer protections.

8. International transfers

Our providers and technical infrastructure may process data in countries other than the one where you live. When that happens, we expect appropriate safeguards to be used for cross-border transfers where required by law.

Because we use global internet infrastructure, your personal information may be processed in jurisdictions that do not offer the same level of protection as your home jurisdiction. We design our service and vendor choices with that reality in mind.

9. Retention

  • We keep account and workspace data for as long as your account remains active and for a limited period afterward when needed for security, recovery, dispute handling, or legal compliance.
  • We keep service logs, security events, and diagnostics only for as long as they remain reasonably necessary for operating, securing, and improving the service.
  • We may retain aggregated or de-identified analytics that no longer reasonably identify you.
  • If you request deletion, we will delete or anonymize data as required by applicable law, except where retention is still necessary for legitimate security, fraud prevention, or legal reasons.

10. Security

We use administrative, technical, and organizational measures that are designed to protect personal information against unauthorized access, loss, misuse, or alteration. No system is perfect, but we treat security as part of the product rather than an afterthought.

Our current security posture is summarized separately on our Security page, including our use of authentication controls, operational monitoring, and infrastructure protections.

11. Your rights and choices

Depending on where you live, you may have rights to access, correct, delete, export, restrict, object to, or request portability of personal information. You may also have rights to withdraw consent, complain to a regulator, or designate an authorized agent where local law permits.

  • Access: ask what personal information we hold and how we use it.
  • Correction: ask us to fix inaccurate or incomplete personal information.
  • Deletion: ask us to delete data that is no longer needed or that must be deleted under applicable law.
  • Export or portability: ask for a copy of certain personal information in a usable format where applicable.
  • Objection or restriction: ask us to limit certain processing where local law gives you that right.
  • Marketing and communications: you can opt out of non-essential communications at any time.

To exercise a right, write to help@witara.site from the email associated with your account or include enough information for us to verify your identity safely. We may ask for additional information when needed to protect your account or prevent fraud. We will respond within the time required by applicable law.

12. Regional privacy notes

  • European Economic Area, United Kingdom, and Switzerland: you may have rights including access, rectification, erasure, restriction, objection, and data portability, along with the right to complain to your local supervisory authority.
  • California: if California law applies to you, you may have rights to know, delete, and correct certain personal information, and rights relating to the sale or sharing of personal information. We do not currently describe our service as selling personal information or using private workspace content for cross-context behavioral advertising.
  • Colombia: if Colombian law applies, you may exercise the rights of access, update, rectification, and deletion, and you may revoke authorization in the cases allowed by law by contacting help@witara.site.

13. Children and age limits

Witara is not directed to children and is not intended for use by anyone under the age required by applicable law to use the service independently. If you believe a child has provided personal information to us without proper authorization, contact us and we will investigate and take appropriate action.

14. Changes to this policy

We may update this Privacy Policy as the product, legal environment, or infrastructure changes. When we make material changes, we will update the effective date and, where appropriate, provide additional notice in the product or through email.

Rights and contact

Privacy requests, security concerns, and account data questions can be sent to help@witara.site. If you need founder-level context for enterprise or trust review, you can also write to councillor@witara.site.

Review security
Read terms
Contact us