Privacy Policy

1. Introduction

Welcome to Willo ("we," "us," or "our"). Willo is an all-in-one booking and business management platform designed for independent beauty professionals including hair stylists, barbers, estheticians, and nail technicians. We are committed to protecting your privacy and personal information.

This Privacy Policy explains:

• What information we collect
• How we use that information
• Who we share it with
• Your rights and choices
• How we protect your data

By using Willo, you consent to the practices described in this Privacy Policy.

2. Information We Collect

2.1 Information from Service Providers (Stylists)

When you create a Willo account as a service provider, we collect:

Account Information:

• Business name
• Your name
• Email address
• Phone number
• Password (encrypted)
• Business address (optional)

Business Information:

• Business hours and schedule
• Services offered and pricing
• Break times and buffer settings
• Branding preferences (colors, logos)

Client Information You Enter:

• Client names, phone numbers, emails
• Appointment history and notes
• Client preferences and special instructions
• Revenue data

Payment Information:

• Credit card or bank account details (processed securely by Stripe - we do not store full card numbers)
• Billing address
• Transaction history

Usage Information:

• Pages viewed and features used
• Time spent in the application
• Device type and browser
• IP address
• Cookies and similar technologies

2.2 Information from Clients (Booking Users)

When clients book appointments through Willo, we collect:

Booking Information:

• Full name
• Phone number
• Email address
• Service selected
• Preferred appointment time
• Any special requests or notes

Communication Records:

• SMS message history (confirmations, reminders)
• Email communications

Technical Information:

• IP address
• Device type and browser
• Booking page interactions

2.3 Information from Third Parties

We may receive information from:

• Stripe (payment confirmation, transaction details)
• Twilio (SMS delivery status, opt-out requests)
• AI providers (Anthropic, Google, OpenAI) for AI-powered feature processing

3. How We Use Your Information

3.1 To Provide the Service

We use your information to:

• Create and manage your account
• Process bookings and appointments
• Send SMS confirmations and reminders
• Display your calendar and schedule
• Store client information securely
• Process payments and subscriptions
• Provide customer support

3.2 SMS Communications

For Clients:

We send SMS messages to clients for:

• Appointment confirmations (sent immediately after booking)
• Appointment reminders (sent 24 hours before appointment)
• Appointment updates (cancellations, rescheduling, if initiated by service provider)

Message Frequency: Approximately 2-3 messages per appointment.

Opt-Out: Reply STOP to any message to opt out. After opting out, you will not receive further SMS messages but may still receive appointment information via email.

For Service Providers:

We send SMS notifications to service providers for:

• New appointment bookings
• Appointment cancellations or changes
• Critical account alerts

SMS Service Provider: SMS messages are delivered through Twilio Inc. Your phone number and message content are processed by Twilio in accordance with their privacy policy available at https://www.twilio.com/legal/privacy.

3.3 To Improve Our Service

We use aggregated, anonymized data to:

• Analyze usage patterns and trends
• Improve features and functionality
• Develop new features
• Fix bugs and technical issues

3.4 For Marketing (Service Providers Only)

We may send service providers:

• Product updates and new feature announcements
• Tips and best practices
• Promotional offers (you can opt out anytime)

We do NOT send marketing messages to clients who book appointments. Clients only receive appointment-related SMS communications.

3.5 For AI-Powered Features

We use your information to power AI features including:

• Automated client communication and message responses
• Churn prediction and client insights analysis
• Smart rebooking recommendations
• Schedule gap detection and optimization
• Personalized message suggestions

AI features may process client names, appointment history, and communication patterns to provide recommendations. Data sent to AI providers (Anthropic, Google, OpenAI) is used solely for processing your requests and is not used to train their models. You can disable AI features at any time in your settings.

3.6 Legal and Safety Purposes

We may use or disclose information when required to:

• Comply with legal obligations (subpoenas, court orders)
• Protect our rights, property, or safety
• Prevent fraud or abuse
• Enforce our Terms of Service

4. How We Share Your Information

We do not sell your personal information. We share information only as described below:

4.1 Service Providers (Third-Party Vendors)

We share information with trusted third parties who help us operate Willo:

4.2 Between Service Providers and Clients

Client data you enter is accessible to you (the service provider). Willo acts as a tool for you to manage your client relationships. You are responsible for:

• Obtaining client consent to collect their information
• Using client data appropriately and lawfully
• Complying with privacy regulations (GDPR, CCPA, etc.)

4.3 Business Transfers

If Willo is acquired, merged, or sold, your information may be transferred to the new owner. We will notify you before this happens and provide choices about your data.

4.4 Legal Requirements

We may disclose information when required by law, legal process, or to protect rights and safety.

4.5 With Your Consent

We will share information with other parties only with your explicit consent.

5. Data Security

We take security seriously and implement measures to protect your information:

Technical Safeguards:

• Encryption in transit (HTTPS/TLS)
• Encryption at rest for sensitive data
• Secure password hashing
• Regular security audits

Organizational Safeguards:

• Limited employee access to personal data
• Background checks for employees with data access
• Security training for team members

Third-Party Security:

• We partner only with vendors that meet high security standards
• Regular vendor security assessments

However, no system is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your password.

6. Data Retention

6.1 Service Provider Data

We retain your account data for as long as your account is active. After cancellation:

• Data is retained for 30 days (to allow reactivation)
• After 30 days, data is permanently deleted
• You may request earlier deletion by contacting support

6.2 Client Data

Client booking information is retained as long as the service provider's account is active. Service providers may delete client records at any time.

6.3 Financial Records

We retain payment and transaction records for 7 years to comply with tax and financial regulations.

6.4 SMS Records

SMS message logs are retained for 90 days for troubleshooting and compliance purposes, then automatically deleted.

7. Your Privacy Rights

7.1 Access and Portability

You have the right to:

• Access all personal information we store about you
• Export your data in CSV format
• Request a copy of your data in machine-readable format

7.2 Correction and Update

You can:

• Update your account information anytime through settings
• Correct inaccurate information
• Request we update information on your behalf

7.3 Deletion

You have the right to:

• Delete your account and all associated data
• Request deletion of specific information
• Request we delete client data you've entered

To delete your account: Go to Settings → Account → Delete Account, or contact hello@gowillo.com

7.4 Opt-Out of Marketing

Service providers can opt out of marketing emails by:

• Clicking "Unsubscribe" in any marketing email
• Updating preferences in account settings
• Contacting hello@gowillo.com

7.5 SMS Opt-Out

Clients can opt out of SMS messages by:

• Replying STOP to any message
• Contacting the service provider directly

Service providers can opt out of SMS notifications in account settings.

7.6 Do Not Sell My Personal Information (CCPA)

We do not sell personal information. California residents have additional rights under CCPA, including the right to know what information we collect and how we use it.

7.7 GDPR Rights (EU Residents)

If you are in the European Union, you have additional rights under GDPR:

• Right to object to processing
• Right to restrict processing
• Right to data portability
• Right to withdraw consent
• Right to lodge a complaint with a supervisory authority

8. Cookies and Tracking Technologies

8.1 What We Use

Essential Cookies:

• Authentication (keep you logged in)
• Security (prevent fraud)
• Session management

Analytics Cookies:

• Usage tracking (which features are used)
• Performance monitoring (page load times)
• Error tracking (fix bugs)

8.2 Third-Party Cookies

We may use:

• Google Analytics (usage statistics - can be disabled)
• Stripe (payment processing)

8.3 Your Choices

You can:

• Disable cookies in your browser settings
• Use browser extensions to block tracking
• Opt out of Google Analytics: https://tools.google.com/dlpage/gaoptout

Note: Disabling essential cookies may affect Service functionality.

9. Children's Privacy

Willo is not intended for children under 13. We do not knowingly collect information from children under 13. If we discover we have collected such information, we will delete it immediately.

If you believe a child under 13 has provided information to us, contact hello@gowillo.com.

10. International Data Transfers

Willo is based in the United States. If you access Willo from outside the U.S., your information will be transferred to and stored in the U.S.

By using Willo, you consent to the transfer of your information to the U.S., which may have different data protection laws than your country.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be communicated via:

• Email notification to registered users
• Notice on our website
• In-app notification

Effective date of changes will be posted at the top of this policy. Material changes will take effect 30 days after notification. Continued use after changes become effective constitutes acceptance.

12. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or your personal information:

13. California Privacy Rights

California residents have specific rights under the California Consumer Privacy Act (CCPA):

• Right to Know: What personal information we collect, use, and share
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt out of the sale of personal information (we don't sell)
• Right to Non-Discrimination: Equal service regardless of privacy choices

To exercise these rights, contact hello@gowillo.com.

14. European Privacy Rights

EU residents have specific rights under GDPR:

Legal Basis for Processing:

• Consent (for marketing communications)
• Contract performance (to provide the Service)
• Legitimate interests (to improve the Service)
• Legal obligation (to comply with laws)

Data Controller: Willo is the data controller for service provider data. Service providers are data controllers for client data they collect.

Data Protection Authority: You have the right to lodge a complaint with your local data protection authority.