Privacy Policy

Willio.ai Ltd. ("Willio.ai," "we," "our," or "us") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains what information we collect, how we use it, how we share it, and your rights regarding your data.

By creating an account or using our Services, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your information as described herein.

If you do not agree with this Privacy Policy, you must immediately discontinue use of our Services.

Willio.ai Ltd.
Company Registration No.: xxx
Address: 56/3 Beni Dan St. Tel Aviv, Israel
Email: info@willio.ai
Website: www.willio.ai

Willio.ai provides a software-as-a-service (SaaS) platform for managing, testing, collaborating on, and optimizing AI prompts and agents, including integrations with third-party tools and AI services (the "Services").

Data Controller: Willio.ai Ltd. is the data controller responsible for your personal information collected through the Services.

We collect the following categories of information when you use our Services:

3.1 Account and Registration Information

• Full name, email address, phone number

• Company name, title, business domain

• Account credentials (username, password - stored encrypted)

• Profile information and preferences

3.2 Billing and Payment Information

• Billing name and address

• VAT ID or tax identification number

• Payment method details (processed by Stripe and Recurly - we do not store full credit card numbers, only last 4 digits and card type)

• Transaction history and invoices

3.3 Customer Content and Platform Data

• Prompts and agents you create, edit, or test

• Prompt versions, logs, and revision history

• Test results and AI outputs generated through the Services

• User activity: edits, comments, conversations, collaboration data

• Integration data: Zapier logs, n8n logs, webhook activity

• API keys and credentials for third-party services you connect (stored encrypted)

• Uploaded files and content processed through the Services

• Usage patterns and configurations

3.4 Communications and Support Data

• Support tickets, help desk inquiries

• Chat messages with our team (via Intercom or email)

• Email correspondence

• Feedback and survey responses

3.5 Automatically Collected Information

• Device information: IP address, browser type and version, operating system, device identifiers

• Usage data: Pages viewed, features used, time spent, click behavior, session duration

• Referral information: How you arrived at our website (referrer URL, UTM parameters)

• Cookies and tracking technologies: See Section 6 below

We process your information for the following purposes:

• To create and manage your Account

• To provide, operate, and improve our Services

• To process payments and billing

• To monitor usage, test performance, and troubleshoot issues

• To send product updates, onboarding tips, and security notices

• To send marketing communications (opt-out available)

• To run analytics, A/B testing, and remarketing campaigns

• To comply with legal obligations

We process your personal information for the following purposes:

4.1 To Provide and Operate the Services

• Create and manage your account

• Authenticate users and maintain security

• Provide access to features and functionality

• Process payments and manage billing

• Store and retrieve your prompts, agents, and configurations

• Enable integrations with third-party services

• Provide customer support and respond to inquiries

Legal Basis: Contract performance (providing the Services you signed up for)

4.2 To Improve and Develop the Services

• Train, improve, and enhance our AI models and Internal AI Processes (including prompt analyzer, optimizer, comparer, and other AI-driven features)

• Analyze usage patterns and user behavior

• Conduct A/B testing and product experiments

• Develop new features and functionality

• Monitor and improve performance, reliability, and security

• Create aggregated, anonymized, or de-identified analytics and benchmarks

Legal Basis: Legitimate interests (improving our products and services)

Important Note: As described in Section 5 below and in our Terms of Service (Sections 7.5 and 7.6), we use Customer Content, including prompts, test results, usage patterns, and interactions, to train and improve our AI models and Services. Aggregated and anonymized data derived from your use becomes our property and may be used indefinitely.

4.3 To Communicate with You

• Send essential service notifications (account, billing, security alerts)

• Provide product updates, feature announcements, and onboarding guidance

• Send marketing and promotional communications (with your consent or where permitted)

• Request feedback and conduct surveys

• Respond to your inquiries and requests

Legal Basis: Contract performance (essential communications), Consent (marketing), Legitimate interests (product updates)

4.4 For Security and Fraud Prevention

• Detect and prevent security incidents, fraud, and abuse

• Monitor for unauthorized access or suspicious activity

• Enforce our Terms of Service and policies

• Investigate violations and respond to security threats

Legal Basis: Legitimate interests (security and fraud prevention), Legal compliance

4.5 For Analytics and Marketing

• Analyze website traffic and user engagement

• Measure marketing campaign effectiveness

• Conduct remarketing and targeted advertising

• Track conversions and user acquisition

• Optimize user experience and website performance

Legal Basis: Consent (where required for cookies/tracking), Legitimate interests (analytics and marketing)

4.6 For Legal and Compliance Purposes

• Comply with applicable laws, regulations, and legal obligations

• Respond to legal requests, court orders, and government inquiries

• Maintain records for tax, accounting, and audit purposes

• Enforce our legal rights and defend against claims

Legal Basis: Legal compliance, Legitimate interests (protecting our legal rights)

This section is critical to understanding how we use your data to improve our Services.

5.1 Using Your Data to Train Our AI Models

When you use Willio.ai, we collect and use the following data to train, develop, and improve our proprietary AI models and Internal AI Processes:

• Prompts and instructions you create or test

• Agent configurations and workflows

• Test results and AI outputs from both External AI Engines and Internal AI Processes

• User interactions, edits, and feedback

• Usage patterns and behavior (which features you use, how you structure prompts, what works well)

• Error reports and performance data

This Machine Learning Data may be:

• Used to improve prompt effectiveness and agent performance

• Used to develop new features and AI-powered tools (e.g., prompt optimizer, analyzer)

• Used to create benchmarks, best practices, and training datasets

• Aggregated with data from other users

• Used indefinitely, even after you terminate your account

We make commercially reasonable efforts to anonymize or de-identify this data before using it for training purposes, but complete anonymization cannot be guaranteed, particularly for unique or highly specific prompts.

Legal Basis: Legitimate interests (improving our Services), Contract performance (providing AI-powered features)

5.2 Aggregated and Anonymized Data

We create aggregated, anonymized, or de-identified data from Customer Content and usage data. This data is no longer considered personal information and becomes our property. We may use it for:

• Analytics and research

• Marketing and promotional materials (e.g., "90% of users see improved prompt performance")

• Benchmarking and industry reports

• Product development

• Any other business purpose

This data may be used, disclosed, licensed, and retained indefinitely without restriction.

5.3 Opting Out of AI Training

By default, your prompts and usage data are used for service improvement and AI training.

If you do not want your data used for AI training:

• Enterprise customers can request a no-log mode, which prevents storage and use of prompt content beyond the active session

• Contact privacy@willio.ai to discuss no-log options

• Note: No-log mode may limit certain features and functionality

Important: Even with no-log mode, aggregated and anonymized usage statistics may still be collected.

5.4 No Automated Decision-Making

We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects on you (e.g., credit decisions, employment decisions, etc.).

6.1 External AI Engines

Our Services enable you to test and compare prompts using third-party AI providers, including:

• OpenAI (ChatGPT, GPT-4, etc.) - Privacy Policy

• Anthropic (Claude) - Privacy Policy

• Google (Gemini, Bard) - Privacy Policy

• Meta, Cohere, Mistral, and other AI service providers

When you use these testing features:

• Your prompts and inputs are transmitted to these third-party providers

• Each provider processes your data according to their own privacy policies and terms

• Willio.ai acts as a passthrough service and does not control how these providers use your data

• These providers may use your data to train their own models (check their policies)

You are responsible for:

• Reviewing third-party AI provider privacy policies

• Ensuring you have appropriate consent and legal basis to send data to these providers

• Complying with their terms of service and usage policies

6.2 Your Own API Keys

If you connect your own API keys for External AI Engines:

• Data is transmitted directly between your account and the third-party provider

• The third-party provider's terms and privacy policy apply

• Willio.ai may still log metadata (e.g., API call counts, timestamps) for billing and monitoring purposes

6.3 Other Third-Party Integrations

You may choose to integrate Willio.ai with third-party services such as:

• Zapier, n8n, Make (workflow automation)

• GitHub, GitLab (version control)

• Slack, Discord (team communication)

• Other tools via APIs and webhooks

When you enable these integrations:

• You authorize Willio.ai to access, retrieve, modify, and synchronize data with these services

• Data is transmitted between Willio.ai and the third-party service

• The third-party's privacy policy and terms apply

• You are responsible for reviewing and accepting third-party terms

For more details, see Section 5 of our Terms of Service.

We use cookies, pixels, SDKs, and similar tracking technologies to:

7.1 Essential Cookies (Cannot Opt Out)

• Authenticate users and maintain login sessions

• Remember your preferences and settings

• Enable core functionality and security features

7.2 Analytics Cookies (Can Opt Out)

• Google Analytics - Track website usage, traffic sources, and user behavior

• Google Tag Manager - Manage tracking tags and analytics

• Hotjar - Heatmaps, session recordings, and user feedback

• Mixpanel, Amplitude - Product analytics and user journey tracking

7.3 Marketing and Advertising Cookies (Can Opt Out)

• Google Ads, Google Display Network - Remarketing and conversion tracking

• Meta Pixel (Facebook/Instagram) - Retargeting ads and analytics

• LinkedIn Insight Tag - B2B advertising and analytics

• Customer.io, Intercom - In-app messaging and email campaigns

7.4 Managing Cookies

You can control cookies through:

• Our cookie banner (displayed on first visit, varies by region)

• Browser settings (block all cookies, third-party cookies, or specific sites)

• Opt-out tools: NAI Opt-Out, DAA Opt-Out, Your Ad Choices (EU)

Note: Disabling essential cookies may prevent you from using certain features of the Services.

For more information, see our Cookie Policy at www.willio.ai/cookies.

We do not sell your personal information. We may share your information in the following circumstances:

8.1 Service Providers and Subprocessors

We share data with trusted third-party service providers who help us operate the Services: 

Could hosting - Lovable, Supabase, Vercel, AWS, Google Cloud, Azure - Infrastructure, data storage, computing.

Payment processing - Stripe, Recurely - Payment processing, billing, subscription.

AI Services - N8N, OpenAI, google gimini, Meta, Antrophic - External AI engine testing, Internal AI Processes.

Analytics - Google Analytics - Website and product analysis.

Marketing & Communicaiton - Sendgrid, Freshdesk, Linkedin, Meta, Google Ads - Emails, in-app messaging, advertising.

Support - Freshdesk - Customer Support and help desk.

​

A current list of subprocessors is available at: www.willio.ai/subprocessors

All service providers are contractually required to:

• Process data only as instructed by Willio.ai

• Implement appropriate security and privacy measures

• Comply with applicable data protection laws

• Not use your data for their own purposes (except as necessary to provide services)

8.2 Business Transfers

In the event of a merger, acquisition, reorganization, sale of assets, bankruptcy, or other business transaction, your information may be transferred to the acquiring or successor entity. We will notify you via email and/or prominent notice on our website before your information is transferred and becomes subject to a different privacy policy.

8.3 Legal Requirements and Protection

We may disclose your information if required to do so by law or in response to:

• Legal process (subpoena, court order, government request)

• Enforcement of our Terms of Service or policies

• Protection of our rights, property, or safety, or that of our users or the public

• Investigation of fraud, security incidents, or violations

• Compliance with regulatory or law enforcement requests

8.4 With Your Consent

We may share your information with third parties when you explicitly consent or direct us to do so (e.g., when you authorize integrations or publish content publicly).

8.5 Aggregated and Anonymized Data

We may share aggregated, anonymized, or de-identified data (which is no longer personal information) with anyone for any purpose, including analytics, research, marketing, and business development.

9.1 Where Your Data is Processed

Willio.ai is based in Israel, which has been recognized by the European Commission as providing an adequate level of data protection under the GDPR.

Your data may also be transferred to and processed in:

• United States (cloud hosting, AI providers, analytics, payment processing)

• European Union / European Economic Area (hosting, support services)

• Other countries where our service providers operate

9.2 Safeguards for International Transfers

For transfers of personal data outside Israel, the EU/EEA, or other jurisdictions with comprehensive data protection laws, we implement appropriate safeguards, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission

• Data Processing Agreements (DPAs) with all processors

• Encryption in transit and at rest

• Access controls and security measures

9.3 Requesting Transfer Documentation

You can request copies of our data transfer safeguards (such as SCCs) by contacting privacy@willio.ai.

10.1 Security Measures

We implement industry-standard technical, physical, and organizational security measures to protect your information, including:

• Encryption: TLS 1.2+ for data in transit, AES-256 for data at rest

• Access controls: Role-based access, multi-factor authentication, least privilege principle

• Secure storage: Encrypted storage of API keys, credentials, and sensitive data

• Monitoring: Continuous security monitoring, logging, and incident detection

• Backups: Regular encrypted backups with secure storage

• Security assessments: Periodic vulnerability scanning and penetration testing (as resources permit)

• Employee training: Security awareness and data handling training for all personnel

10.2 Beta Security Limitations

Important: The Services are currently in Beta testing phase. This means:

• Security features may be incomplete, untested, or not fully implemented

• Vulnerabilities or security flaws may exist that have not yet been identified

• Security measures may change frequently as the Services evolve

• Security documentation and certifications (e.g., SOC 2, ISO 27001) may not yet be available

You acknowledge and accept these risks when using Beta Services.

10.3 No Absolute Security

While we implement reasonable security measures, no system is 100% secure. We cannot guarantee absolute security of your information. Transmission and storage of data over the Internet and in cloud environments involve inherent risks.

You use the Services at your own risk. See Section 13 for prohibited data types.

10.4 Your Security Responsibilities

You are responsible for:

• Maintaining strong, unique passwords

• Enabling multi-factor authentication (if available)

• Keeping your account credentials confidential

• Promptly notifying us of any suspected unauthorized access (privacy@willio.ai)

• Securing devices and networks used to access the Services

11.2 Account Termination

When you terminate your account:

1. Your account is immediately deactivated

2. Customer Content is retained for 30 days to allow reactivation

3. After 30 days, Customer Content is permanently deleted from active systems

4. Aggregated/anonymized data may be retained indefinitely

5. Some data may remain in backups for up to 90 days before secure deletion

6. Billing records are retained for 3+ years for tax and legal compliance

11.3 Requesting Data Deletion

You may request deletion of your personal information at any time by contacting privacy@willio.ai.

We will process deletion requests within 30 days, except where:

• We are required to retain data by law (e.g., tax records, legal obligations)

• Data is necessary to resolve disputes or enforce our Terms

• Data has been aggregated or anonymized (no longer personal information)

• Data exists in backup systems (will be deleted per backup retention schedule)

Depending on your location, you may have the following rights regarding your personal information:

12.1 Rights Under GDPR (EU/UK/EEA Users)

If you are in the European Union, United Kingdom, or European Economic Area, you have the right to:

• Access: Request a copy of the personal information we hold about you

• Rectification: Correct inaccurate or incomplete personal information

• Erasure: Request deletion of your personal information ("right to be forgotten")

• Restriction: Restrict processing of your personal information in certain circumstances

• Data Portability: Receive your personal information in a structured, machine-readable format and transmit it to another controller

• Object: Object to processing based on legitimate interests or for direct marketing purposes

• Withdraw Consent: Withdraw consent at any time (where processing is based on consent)

• Lodge a Complaint: File a complaint with your local data protection authority (supervisory authority)

EU Data Protection Authorities: https://edpb.europa.eu/about-edpb/board/members_en

12.2 Rights Under CCPA/CPRA (California Residents)

If you are a California resident, you have the right to:

• Right to Know: Request disclosure of what personal information we collect, use, disclose, and sell

• Right to Delete: Request deletion of your personal information

• Right to Correct: Request correction of inaccurate personal information

• Right to Opt-Out of Sale/Sharing: Opt out of "sale" or "sharing" of personal information for cross-context behavioral advertising

  • Note: We do not sell personal information and do not share it for cross-context behavioral advertising

• Right to Limit Use of Sensitive Personal Information: Limit use of sensitive personal information (we do not collect sensitive personal information as defined by CCPA)

• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

Shine the Light Law: California residents may request information about disclosure of personal information to third parties for direct marketing purposes (once per year). We do not share personal information with third parties for their direct marketing purposes.

12.3 Rights Under Other Laws

If you are subject to other data protection laws (e.g., Brazilian LGPD, Canadian PIPEDA, Israeli Privacy Protection Law), you may have similar rights. Contact us at privacy@willio.ai to exercise your rights.

12.4 How to Exercise Your Rights

To exercise any of the above rights, contact us at:

• Email: privacy@willio.ai

• Subject line: "Privacy Rights Request"

• Include: Your name, email address, account details, and specific request

We will respond to your request within 30 days (or as required by applicable law). We may need to verify your identity before processing your request.

Note: Some rights may not apply in all circumstances (e.g., we may be required to retain certain data by law).

13.1 Prohibited Data Types

The Services are NOT designed or intended for processing:

• Protected Health Information (PHI) subject to HIPAA

• Payment Card Information (PCI) subject to PCI-DSS standards

• Personal data of children under 13 (or applicable age of digital consent in your jurisdiction)

• GDPR Special Category Data (racial/ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, biometric data for identification, health data, sex life, or sexual orientation) - unless pursuant to a separate Data Processing Addendum

• Government classified or controlled information

• National security or law enforcement sensitive information

• Any other highly sensitive, confidential, or regulated data requiring specialized security controls

13.2 Your Responsibility

DO NOT upload such data to the Services.

If you upload prohibited or sensitive data:

• You do so at your own risk

• You are solely liable for any consequences, violations, regulatory fines, or damages

• We may immediately delete such data upon discovery

• We may terminate your account without refund or liability

See Section 7.4 of our Terms of Service for more details.

The Services are not directed to children under 16 years of age (or the applicable age of digital consent in your jurisdiction, e.g., 13 in the US, 16 in the EU).

We do not knowingly collect personal information from children.

If we learn that we have collected personal information from a child without appropriate consent, we will delete it immediately. If you believe we have collected information from a child, contact us at privacy@willio.ai.

15.1 Types of Communications

We may send you:

Essential Communications (Cannot Opt Out):

• Account creation and verification

• Billing and payment notifications

• Security alerts and notices

• Service updates affecting your account

• Legal notices and policy changes

Optional Communications (Can Opt Out):

• Product updates and feature announcements

• Onboarding tips and best practices

• Marketing and promotional emails

• Surveys and feedback requests

• Newsletters and blog updates

15.2 Opting Out of Marketing

You can opt out of marketing communications by:

• Clicking the "Unsubscribe" link at the bottom of any marketing email

• Updating your preferences in your account settings

• Contacting us at privacy@willio.ai

Note: Opting out of marketing does not opt you out of essential service communications.

15.3 Remarketing and Targeted Advertising

We may show you targeted ads on third-party platforms based on your use of our Services:

Platforms:

• Google Display Network and Search

• LinkedIn

• Meta (Facebook, Instagram)

• Other advertising networks

How to Opt Out:

• Adjust your cookie preferences in our cookie banner

• Use your browser's Do Not Track settings

• Opt out via industry tools: NAI, DAA, Your Ad Choices (EU)

Adjust ad settings on the platform: Google, Facebook, LinkedIn

16.1 When a DPA is Required

If you are subject to the EU GDPR, UK GDPR, or other data protection regulations requiring a data processing agreement, Willio.ai's standard Data Processing Addendum (DPA) is available upon request.

16.2 Requesting a DPA

To request a DPA:

• Email: privacy@willio.ai

• Subject: "DPA Request"

• Include: Your company name, contact details, and applicable regulation

The DPA, when executed by both parties, will supplement and form part of our Terms of Service.

16.3 Standard Contractual Clauses

Our DPA includes Standard Contractual Clauses (SCCs) approved by the European Commission for international data transfers (where applicable).

17.1 Our Response

In the event of a security incident or data breach affecting your personal information, we will:

1. Investigate the incident promptly

2. Contain the breach and take remedial action

3. Notify affected users without undue delay (typically within 72 hours of discovery, as required by law)

4. Notify applicable data protection authorities as required by law

5. Cooperate with authorities and affected users to mitigate harm

17.2 What We Will Tell You

Our notification will include (to the extent known):

• Nature of the breach (what data was affected)

• Likely consequences

• Measures taken to address the breach

• Recommendations for affected users

• Contact information for further inquiries

17.3 Your Responsibility

If you suspect unauthorized access to your account:

• Immediately change your password

• Enable multi-factor authentication (if available)

• Review recent account activity

• Contact us at privacy@willio.ai

18.1 Updates

We may update this Privacy Policy from time to time to reflect:

• Changes to our Services or business practices

• New legal or regulatory requirements

• User feedback

• Security or privacy improvements

18.2 Notice of Changes

When we make material changes, we will:

• Update the "Last Updated" date at the top of this Policy

• Post the updated Policy on our website at www.willio.ai/privacy

• Notify you via email (if you have an account) or through a notice on our Services

Continued use of the Services after changes take effect constitutes acceptance of the updated Privacy Policy.

18.3 Previous Versions

Previous versions of this Privacy Policy are available upon request by contacting privacy@willio.ai.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Willio.ai Ltd.
Email: privacy@willio.ai
Address: [INSERT ADDRESS], Tel Aviv, Israel

For specific inquiries:

• General privacy questions: privacy@willio.ai

• Data rights requests (access, deletion, etc.): privacy@willio.ai

• DPA requests: privacy@willio.ai

• Security incidents: privacy@willio.ai (or info@willio.ai)

• GDPR representative (if applicable): [To be determined if EU presence required]

We aim to respond to all inquiries within 30 days.

This Privacy Policy is governed by the laws of the State of Israel, without regard to conflict of law principles.

Any disputes arising from this Privacy Policy shall be resolved in accordance with the dispute resolution provisions in our Terms of Service (Section 17), including binding arbitration in Tel Aviv, Israel.

For EU/UK users, this does not affect your rights under the GDPR or UK GDPR, or your right to lodge a complaint with your local supervisory authority.