Privacy Policy

How we handle your information.

Last updated 19 June 2026

In short

  • We collect only what we need to run WoneSuite, secure it, and support you.
  • We don't sell your personal information and we don't use third-party advertising trackers.
  • When you use WoneSuite to manage your customers and staff, you control that data and we process it on your instructions.
  • You can access, export, correct or delete your information — see Your rights below or email privacy@wonesuite.com.

This summary is for convenience; the full Policy below governs.

Scope & our role

This Policy applies to our website, marketing and the WoneSuite application. WoneSuite is the controller of information about website visitors and account holders. When you use WoneSuite to process information about your own customers and employees, you are the controller of that data and we are your processor, handling it on your documented instructions under our Terms of Service and Data Processing terms.

Information we collect

  • Account information — name, work email, company and credentials when you sign up or are invited.
  • Usage & device information — pages visited, actions taken, IP address, and browser/device type, to operate, secure and improve the service. Our website analytics are first-party and privacy-respecting (no third-party advertising cookies). See our Cookie Policy.
  • Customer Data — the records you create or upload in WoneSuite (invoices, contacts, documents, payroll, etc.), processed on your behalf as your processor.
  • Payment information — handled by our payment sub-processors; we do not store full card numbers.
  • Communications — messages you send us through forms, email or support.

How we use information

We use personal information to provide, secure, maintain and improve WoneSuite; to authenticate you and prevent fraud and abuse; to respond to enquiries and provide support; to send service and (where permitted) relevant product communications you can opt out of; and to comply with legal obligations. We do not sell personal information or share it for cross-context behavioural advertising.

Legal bases (GDPR / UK GDPR)

Where these laws apply, we rely on: performance of our contract with you (to provide the service); our legitimate interests (to secure, run and improve our business), balanced against your rights; your consent (e.g. optional marketing or non-essential cookies), which you can withdraw anytime; and legal obligations.

Sharing & sub-processors

We share personal information only as needed: with service providers (sub-processors) who host, process payments, send email or provide analytics on our behalf under contract — see the current list; when required by law or to protect rights, safety and security; and in connection with a merger or acquisition, subject to this Policy. We do not sell personal information.

International transfers & data residency

We may process information in countries other than your own. Where we transfer personal information across borders we use appropriate safeguards (such as Standard Contractual Clauses). Where you require it, we support regional data-residency commitments — see Security or contact us.

Security

We protect information with encryption in transit and at rest, strict tenant isolation, access controls, audit logging and monitoring. No system is perfectly secure, but we work hard to safeguard your data and will notify you of any breach presenting a real risk of harm, as required by law. Details: Security & Trust.

Data retention

We keep personal information for as long as your account is active or as needed to provide the service, then only as long as necessary to meet legal, tax and accounting obligations or resolve disputes. You can export your data at any time; cancelling your subscription does not immediately delete it, and you may request deletion subject to those obligations.

Your rights

Depending on where you live — under the GDPR / UK GDPR, Canada's PIPEDA and Quebec's Law 25, and US state laws (e.g. California's CCPA/CPRA) — you may have the right to access, correct, delete or port your personal information, to object to or restrict certain processing, to withdraw consent, and (in California) to know about and limit sharing — noting again that we do not sell or share your personal information for advertising.

To exercise any right, email privacy@wonesuite.com; we'll respond within the time the law requires and won't discriminate against you for it. You can also complain to your local data protection authority.

Cookies

We use a small number of strictly necessary cookies plus privacy-respecting first-party analytics, and no third-party advertising trackers. Full details and your controls are in our Cookie Policy.

Children's privacy

WoneSuite is a business product, not directed to children, and we do not knowingly collect personal information from anyone under 16. If you believe a child has given us information, contact us and we'll delete it.

Changes & contact

We may update this Policy; we'll post the new version here with a revised date and, for material changes, give additional notice. Questions or requests? Email privacy@wonesuite.com or use our contact page. See also our Terms of Service.