Wonesuite (“we,” “our,” or “us”) is committed to protecting your privacy and securing your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our cloud-based Enterprise Resource Planning (ERP) software-as-a-service platform, accessible via our website wonesuite.com and associated subdomains (collectively, the “Service”).

This policy applies to all visitors to our marketing website, users of our Service, and our customers’ designated end-users (“Client Users”). By registering for, accessing, or using the Service, you consent to the data practices described in this policy. If you do not agree with these practices, you must not access or use the Service.

2. Definitions

  • “Customer” or “you”: The entity or individual that contracts with Wonesuite to use the Service.
  • “Customer Data”: Any data, information, or material that you or your Client Users submit or upload into the Service in the course of using it, including but not limited to client details, employee records, project information, financial data, invoices, and messages.
  • “Personal Data”: Any information relating to an identified or identifiable natural person.
  • “Service Data”: Data we collect about your use of the Service, such as login times, feature usage, and IP addresses.

3. Data We Collect and How We Use It

A. Data You Provide to Us:

  • Account Information: Name, email address, company name, phone number, billing address, and payment information (processed by our third-party payment processors).
  • Customer Data: As part of using the Service, you will input Customer Data. We process this data strictly on your behalf to provide the Service. You are the data controller for this data, and we are the data processor.
  • Communications: Records of your correspondence with us, including support requests and survey responses.

B. Data Collected Automatically:

  • Service Data: IP address, device type, browser type, operating system, log data, and usage information (e.g., features accessed, clickstream data, session duration). We use this to maintain, secure, and improve the Service, and to analyze performance.
  • Cookies and Tracking Technologies: We use essential, functional, analytics, and advertising cookies. For details, please see our separate [Cookie Policy] or manage your preferences via the [Cookie Settings] link in our website footer.

Legal Basis for Processing (for EEA/UK users):
We rely on the following legal bases:

  • Performance of a Contract: To fulfill our obligations under our Terms of Service with you.
  • Legitimate Interests: For security, analytics, and marketing our services to existing customers.
  • Consent: For non-essential cookies and for marketing communications where required by law.

4. How We Share Your Information

We do not sell your Personal Data or Customer Data. We may share it only in the following circumstances:

  • With Your Consent: For specific purposes you have explicitly approved.
  • Service Providers: With trusted third-party vendors who provide services on our behalf, such as:
    • Cloud hosting infrastructure (e.g., [AWS, Google Cloud, Azure])
    • Payment processing (e.g., Stripe, PayPal)
    • Customer support and communication tools (e.g., Zendesk, Intercom)
    • Analytics providers (e.g., Google Analytics)
      These partners are bound by strict data processing agreements.
  • Business Transfers: In connection with a merger, acquisition, or sale of all or a portion of our assets.
  • Legal Obligations: To comply with a legal requirement, protect our rights and safety, or defend against legal claims.

5. International Data Transfers

Your Personal Data may be transferred to and processed in countries outside of your home country, including the United States. We ensure all such transfers are protected by appropriate safeguards as required by data protection laws. These include the European Commission’s Standard Contractual Clauses and the UK’s International Data Transfer Agreement. You can request more information about these safeguards by contacting us.

6. Data Security

We implement a robust security framework based on industry best practices. This includes encryption in transit (TLS) and at rest, regular security assessments, strict access controls, and system monitoring. While no electronic transmission or storage is 100% secure, we strive to use commercially acceptable means to protect your data.

7. Data Retention

We will retain your Personal Data only for as long as is necessary for the purposes set out in this policy, or as required to comply with our legal obligations, resolve disputes, and enforce our agreements.

  • Account Data: Retained for as long as your account is active.
  • Customer Data: Retained for the duration of your subscription. Upon termination, data will be deleted after a reasonable grace period, unless otherwise required by law.
  • Marketing Data: Retained until you unsubscribe or withdraw your consent.

8. Your Data Protection Rights

Depending on your location (such as if you are in the EEA, UK, or California), you have rights regarding your Personal Data. These may include:

  • Right of Access & Portability: To request a copy of your data.
  • Right to Rectification: To correct inaccurate or incomplete data.
  • Right to Erasure (‘Right to be Forgotten’): To request deletion of your data.
  • Right to Restriction of Processing: To request we temporarily or permanently stop processing your data.
  • Right to Object: To object to processing based on legitimate interests.
  • Right to Opt-Out: (For California/CPRA) To opt-out of the “sale” or “sharing” of personal information.
  • Non-Discrimination: We will not discriminate against you for exercising your rights.

To exercise any of these rights, please submit a verifiable request to us at [Your Privacy Request Email Address]. We will respond in accordance with applicable law.

9. Roles and Responsibilities (Data Controller vs. Data Processor)

  • For Customer Data that you input into the Service, you act as the Data Controller. We process this data solely as a Data Processor, following your instructions as outlined in our Data Processing Addendum (DPA).
  • For the Service Data we collect about your use of our platform and website, we act as the Data Controller.

10. Children’s Privacy

Our Service is not directed to individuals under the age of 16. We do not knowingly collect Personal Data from children. If you become aware that a child has provided us with Personal Data, please contact us.

11. Changes to This Privacy Policy

We may update this policy periodically to reflect changes in our practices or the law. We will notify you of any material changes by posting the new policy on this page and updating the “Last Updated” date. We may also provide notice via email or within the Service dashboard.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Data Protection Officer at:

Wonesuite