Privacy Policy

Effective date: March 28, 2026

Introduction

Workwiz B.V. ("Workwiz", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you use our website and platform at workwiz.ai (the "Service").

Workwiz is a company registered in the Netherlands. We process personal data in accordance with the General Data Protection Regulation (GDPR) and the Dutch Implementation Act (Uitvoeringswet AVG).

Data We Collect

We collect the following categories of personal data:

Account information

  • Full name
  • Email address
  • Company name and role
  • Password (stored securely hashed, never in plain text)

Usage data

  • Pages visited and features used
  • Interactions with the platform (clicks, searches, content viewed)
  • Device type, browser type, and operating system
  • IP address (anonymized for analytics purposes)

How We Use Your Data

We use your personal data for the following purposes, each with a lawful basis under GDPR:

  • Providing and operating the Service (contractual necessity)
  • Improving and personalizing the user experience (legitimate interest)
  • Sending service updates and, with your consent, marketing communications (consent / legitimate interest)
  • Ensuring platform security and preventing fraud (legitimate interest)
  • Complying with legal obligations (legal obligation)

Cookies

Cookies are small text files stored on your device. We use the following types of cookies:

Essential cookies

These cookies are necessary for the website to function. They include session cookies and the consent preference cookie (workwiz_consent). Essential cookies do not require your consent under GDPR.

Analytics & error monitoring cookies

We use Sentry for error monitoring, which may set cookies to track error sessions. These cookies are only activated if you accept cookies via our consent banner.

You can change your cookie preferences at any time by clearing your browser cookies and revisiting the site. The consent banner will reappear.

Payment Data (Stripe)

Payments are processed by Stripe, Inc. When you make a payment, your payment details (card number, billing address) are sent directly to Stripe and are never stored on our servers. Stripe is a PCI DSS Level 1 certified payment processor.

We only store payment metadata from Stripe: transaction IDs, amounts, dates, and subscription status. For details on how Stripe handles your data, see Stripe's privacy policy at stripe.com/privacy.

Error Monitoring (Sentry)

We use Sentry (Functional Software, Inc.) for error monitoring to identify and fix technical issues. Sentry only collects data when you have accepted cookies via our consent banner.

When active, Sentry may collect:

  • Browser type and version
  • Operating system
  • Page URL where the error occurred
  • Error messages and stack traces (technical data, not personal content)

Sentry data is retained for 90 days. For more information, see Sentry's privacy policy at sentry.io/privacy.

Data Sharing

We do not sell your personal data. We share data only with the following third-party processors, each bound by data processing agreements:

  • Stripe, Inc. — payment processing (USA, EU Standard Contractual Clauses)
  • Functional Software, Inc. (Sentry) — error monitoring (USA, EU Standard Contractual Clauses)
  • Hetzner Online GmbH — hosting infrastructure (Germany, EU)

We may also disclose data when required by law or to protect our legal rights.

Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of accessRequest a copy of the personal data we hold about you.
  • Right to rectificationRequest correction of inaccurate or incomplete data.
  • Right to erasureRequest deletion of your personal data ("right to be forgotten").
  • Right to data portabilityReceive your data in a structured, machine-readable format.
  • Right to restrictionRequest that we limit how we process your data.
  • Right to objectObject to data processing based on legitimate interest.

To exercise any of these rights, contact us at privacy@workwiz.ai. We will respond within 30 days as required by GDPR.

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this policy. Account data is retained for the duration of your account and deleted within 30 days of account closure.

Some data may be retained longer where required by law (e.g., financial records for tax purposes) or for the establishment, exercise, or defense of legal claims.

International Transfers

Our primary infrastructure is hosted in Germany (Hetzner Online GmbH) within the European Economic Area (EEA). Some of our third-party processors (Stripe, Sentry) are based in the United States.

For transfers outside the EEA, we rely on EU Standard Contractual Clauses (SCCs) approved by the European Commission. This ensures your data receives an adequate level of protection regardless of where it is processed.

Children's Privacy

The Service is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at privacy@workwiz.ai and we will promptly delete it.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you by email or by placing a prominent notice on our website. The "Effective date" at the top of this page indicates when the policy was last updated.

Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us:

Data Controller: Workwiz B.V., Amsterdam, the Netherlands

Email: privacy@workwiz.ai

You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.