• icon
  • Home
  • Privacy Policy

Privacy Policy

At Wilo ("we," "our," or "us"), we are committed to protecting your privacy and personal data. This Privacy Policy explains, in a clear and transparent way, what data we collect, for which purposes, which third-party providers are involved and what your rights are when you use our AI-powered educational platform and services (the "Service"). This policy is designed to comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

1. Information We Collect

We collect information that you provide directly to us, as well as information that is generated or collected automatically when you use the Service. This data may include:

Information You Provide Directly:

  • • Account information (name, email address, password)
  • • Profile data for each learner (first name, year of birth, school grade or level, subject focus, learning preferences, preferred language, country, chosen avatar, etc.)
  • • Educational content you import or create (photos, PDFs, text files, audio recordings, notes, questions, courses, flashcards, quizzes, answers and corrections)
  • • Information related to your subscription and status (type of plan, usage of quotas, subscription-related preferences)
  • • Where applicable, limited payment-related information (e.g. transaction identifier, payment status), processed primarily by a third-party payment provider
  • • Communications with us (emails, support requests, feedback, survey responses)

Automatically Collected Information:

  • • Technical information about your device and browser (device type, operating system, browser type and version, language settings, screen resolution)
  • • Usage data (pages visited, features used, time spent in the application, clicked buttons, navigation events, technical logs from Supabase and Edge Functions)
  • • System-generated identifiers (profile ID, course ID, session ID)
  • • IP address and rough location information derived from it (e.g. country or region) for security, fraud prevention and aggregate statistics
  • • Identifiers and product analytics events collected by our analytics tool (for example, events relating to profile creation and feature usage, via PostHog)
  • • Cookies and similar technologies used to remember your language, preferences, session and for audience measurement

2. How We Use Your Information

We use the information we collect to operate, secure and improve the Service. In particular, your data may be used to:

  • • Provide, maintain, and improve our Service
  • • Create and manage your user account and learner profiles, authenticate your identity via Supabase Auth and any third-party authentication providers (Google, Apple, etc.)
  • • Process your educational content (notes, documents, audio, etc.) in order to generate AI-powered courses, summaries, flashcards, quizzes, corrections and explanations
  • • Back up, synchronize and display your courses, flashcards, quizzes, exercises and revision progress across your devices
  • • Manage plans and subscriptions, handle your subscription status (free/paid), and, where applicable, process payments and billing via a third-party payment provider
  • • Analyze how the Service is used (for example, which features are used most) in order to improve user experience, fix bugs and prioritize new developments
  • • Maintain the security of the Service, prevent fraud and abuse (for example, enforce usage quotas, prevent spam, protect system integrity)
  • • Send you service-related communications (confirmations, important alerts, information on changes to the Terms, onboarding or reactivation messages) and, with your consent where required, marketing or educational communications
  • • Respond to your support requests and data protection rights requests
  • • Comply with our accounting, tax, compliance and data retention obligations

3. Legal Basis for Processing (GDPR)

Under GDPR, we rely on the following legal bases to process your personal data:

  • • Contract Performance: to create and manage your account, provide the core features of Wilo (AI-powered content generation, storage of your courses, management of profiles and quotas, user support).
  • • Legitimate Interests: to improve the Service, understand how it is used (product analytics), ensure security and fraud prevention, compile aggregate statistics, and develop new features, while respecting your rights and interests.
  • • Consent: for certain optional features (for example, sending marketing communications, some non-essential cookies or optional integrations), where required by law. You may withdraw your consent at any time.
  • • Legal Obligation: to comply with accounting and tax obligations, respond to legal or regulatory requests, and exercise or defend legal claims.

4. Data Sharing and Disclosure

We do not sell your personal data. We only share your information with carefully selected third parties and only when this is necessary to provide the Service, ensure security, comply with the law or where you have given your consent. The main categories of recipients are:

  • • Hosting, Database and Storage: we use Supabase (PostgreSQL, Auth, Storage) for authentication, encrypted data storage and the execution of server-side functions, as well as Vercel or an equivalent provider for hosting the frontend.
  • • AI Providers: for content generation features (courses, flashcards, quizzes, corrections, translations, etc.), we use an AI gateway (for example, OpenRouter) that forwards your prompts and content to AI models from third-party providers (such as OpenAI, Anthropic or equivalent vendors), depending on our technical configuration at any given time.
  • • Product Analytics Tools: we may use a product analytics tool (for example, PostHog) to collect pseudonymized information about how the application is used (product events, activation, feature usage) in order to improve the Service.
  • • Payment Providers: when you subscribe to a paid plan, some limited data (amount, transaction identifier, payment status) may be processed by our payment provider or the distribution platform (for example, a mobile app store).
  • • Communication and Support Tools: we may use email or support providers to send transactional emails or respond to your requests.
  • • Legal Requirements and Authorities: we may be required to disclose certain information if the law requires us to do so or if a competent authority requests it (for example, in the context of an investigation or legal proceeding).
  • • Business Transfers: in connection with a merger, acquisition, restructuring or sale of assets, your data may be transferred to the new operator, subject to appropriate safeguards and prior information to users.

All third parties acting as "processors" under GDPR are bound by contract (data processing agreements) to act only on our instructions, implement appropriate security measures and not use your data for purposes other than those set out in this Policy.

5. International Data Transfers

As a company based in Europe, we seek to rely on providers hosting data within the European Economic Area (EEA) whenever possible. However, some of our providers (in particular AI and analytics vendors) may be located outside the EEA (for example, in the United States) or transfer data outside the EEA. In such cases, we ensure that appropriate safeguards are in place, such as:

  • • Standard Contractual Clauses approved by the European Commission
  • • Adequacy decisions by the European Commission
  • • Other legally recognized transfer mechanisms

6. Data Retention

We retain your personal data only for as long as necessary to achieve the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. In general:

  • • Account and profile data: retained while your account is active and for a limited period after deletion (for example, a few months) to allow restoration upon request and handle potential disputes.
  • • Educational content (courses, flashcards, quizzes, files, etc.): retained until you delete it from within the application or delete the related profile or account, subject to temporary technical backups.
  • • Billing and transaction data: retained for the period required by applicable accounting and tax laws (typically up to 10 years).
  • • Technical logs and detailed usage data: retained for a limited period for security, diagnostics and improvement, then aggregated or anonymized.
  • • Aggregated analytics and statistics: retained in anonymized form, without a specific time limit, to monitor the overall evolution of the Service.

7. Your Rights Under GDPR

As a data subject under GDPR, you have the following rights with respect to your personal data:

  • • Right of Access: Request a copy of your personal data we hold
  • • Right to Rectification: Correct inaccurate or incomplete data
  • • Right to Erasure ("Right to be Forgotten"): Request deletion of your data
  • • Right to Restrict Processing: Limit how we process your data
  • • Right to Data Portability: Receive your data in a structured, machine-readable format
  • • Right to Object: Object to processing based on legitimate interests
  • • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
  • • Right to Lodge a Complaint: File a complaint with your local data protection authority

To exercise these rights, please contact us at privacy@wilo.com. We will respond to your request within one month.

8. Data Security

We implement reasonable technical and organizational measures to protect your personal data against loss, misuse, unauthorized access, disclosure or destruction. These measures include in particular:

  • • Encryption of data in transit and at rest
  • • Regular security assessments and updates
  • • Access controls and authentication mechanisms
  • • Employee training on data protection
  • • Incident response procedures

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

9. Children's Privacy

Wilo is designed for educational use and can be used by children, in particular as part of a multi-profile family account. The account holder (parent, legal guardian or responsible adult) remains responsible for how minors associated with the account use the Service and for the accuracy of the information provided about them.

For users under 16 years of age in the EEA, we generally require the consent of a holder of parental responsibility before processing the child's personal data. If you are a parent or guardian and believe that we have collected data about your child without your consent, please contact us to request deletion or restriction of processing.

10. Cookies and Tracking Technologies

We use cookies and similar technologies (localStorage, analytics scripts, etc.) to (i) ensure the technical operation of the site (for example, remembering language and session), (ii) measure audience and usage of the Service, and (iii) improve user experience. You can configure your browser to refuse certain cookies or to alert you when a cookie is set. However, refusing some technical cookies may affect the functioning of the Service. Where required by law, we collect your prior consent for non-essential cookies.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in the Service, in the technologies used (in particular AI and analytics providers) or in legal requirements.

  • • Posting the updated policy on our website
  • • Updating the "Last updated" date
  • • Sending you an email notification or in-app message (for significant changes affecting your rights or data)

Your continued use of the Service after such changes constitutes your acceptance of the updated Privacy Policy.

12. Data Controller Information

For the purposes of GDPR, Wilo acts as data controller for data collected through the Service. The controller's contact details are:

Trade name: WILO APP
Contact email (data protection): contact@trywilo.com
Data protection contact: contact@trywilo.com
Postal address (registered office): 900145327 – Montpellier, France
Legal entity name: YFOUNDERS

13. Contact Us

If you have any questions, concerns or requests regarding this Privacy Policy or our data practices (including to exercise your rights), please contact us at:

You also have the right to lodge a complaint with the data protection authority competent for your place of residence or work (for example, in France the CNIL – www.cnil.fr, or the authority of your country of residence within the EEA) if you believe that your rights have not been respected.

Contact email: contact@trywilo.com
Data protection contact: contact@trywilo.com

Last updated: November 26, 2024