Privacy policy.

Last updated: August 11, 2025

1) Who we are

Wazi ("Wazi," "we," "us," or "our") provides business reviews, goal roadmaps, calendarized action plans, and KPI dashboards for small and growing businesses. This Privacy Policy applies to our public website, client portal, communications, and services we provide to customers (collectively, the Services).

Controller / contact:
Wazi Consulting, LLC
Email: wazi@wazibp.com

For some processing of Client Content (defined below), we act as a processor on behalf of our customers. For our website, marketing, billing, and account management, we act as a controller.

Not legal advice. This policy is for general information. Please consult counsel for legal guidance. We offer a Data Processing Addendum (DPA) upon request.

2) Scope & applicability

This policy covers personal and business information we collect when you visit our website, contact us, subscribe to our newsletter, create an account, use our client portal, or otherwise interact with us. It does not apply to third-party sites or services that are not under our control.

3) Key definitions

  • Client Content: Data you or your team provide to us to perform the Services (e.g., operational data, financials, KPIs, project/task details, files, notes, and related metadata). You remain the owner of Client Content.

  • Customer Information: Account and billing details, business contact information, communications with us, usage logs, device and cookie data collected from our website/portal.

  • Sensitive information: Information that may include confidential business data (e.g., financial statements, forecasts, payroll aggregates), and limited personal data of your team (e.g., names, work emails, roles). We do not seek consumer data unrelated to your business.

4) Information we collect

A) Information you provide

  • Account & profile: Name, business name, role/title, work email, phone, password or SSO identifier.

  • Client Content: Business reports and files (e.g., revenue, costs, cash flow summaries), KPIs, goals, tasks, calendars, and comments; information shared during onboarding or support.

  • Billing: If applicable, payer name, billing address, tax ID; card/payment details processed by our payment processor (we do not store full card numbers).

  • Communications: Emails, messages, survey responses, and feedback.

B) Information from integrations (you control)

When you connect third-party tools to your workspace (e.g., spreadsheets, drives, calendars), we process data from those tools per your instructions. We store only what’s necessary to provide the requested functionality. You can revoke integrations at any time.

C) Automatically collected data

  • Usage & device: IP address, device/OS, browser type, pages viewed, referral URLs, timestamps.

  • Cookies & similar: Essential cookies to secure and operate the site; with consent, analytics, and conversion tags (see §13).

5) How we use information

We use information to:

  1. Provide and improve the Services (set up workspaces, perform business reviews, build roadmaps, schedule tasks, surface KPIs, maintain the client portal, troubleshoot issues).

  2. Operate securely (fraud prevention, abuse detection, incident response, backups, logging, auditing).

  3. Communicate (service updates, onboarding, support, with consent or as allowed by law, newsletters, and product announcements; you can opt out anytime).

  4. Comply with law (tax, accounting, lawful requests).

  5. Develop insights using aggregated or de-identified data (never to re-identify a specific customer).

6) Our role: processor vs. controller

  • For Client Content, Wazi acts as a processor and processes data only to deliver the Services or as otherwise instructed by the customer, and to maintain security and reliability.

  • For Customer Information (website, account, billing, and marketing), Wazi acts as a controller and determines the purposes and means of processing as described in this policy.

We will not access or use Client Content except to provide, maintain, secure, and improve the Services; with your explicit approval (e.g., support); to comply with law; or to protect rights, safety, and property.

7) Where your data lives & key vendors (infrastructure)

We partner with trusted vendors to deliver the Services. These vendors process information only under contract and our instructions.

  • Airtable (Formagrid, Inc.) – We use Airtable to structure and store certain Client Content and workflow data. Airtable’s policy states it limits access to customer Content to provide/maintain the service, handle support with customer approval, comply with lawful requests, ensure security/stability, and protect rights; it may analyze metadata (e.g., record counts, file sizes, access logs).

  • Softr Platforms GmbH – Our website and client portal are built on Softr. Softr operates under GDPR legal bases (consent, contract, legal obligation, legitimate interests) and uses safeguards for international transfers (e.g., adequacy decisions or Standard Contractual Clauses). Softr hosts via AWS infrastructure and may use CloudFront as a content delivery network.

  • Payment processing (e.g., Square) – If we accept online payments, a third-party processor handles card details; we do not store full payment card numbers.

  • Optional analytics/ads tags – If enabled with your consent, we may use tools such as Google Analytics, LinkedIn Insight, Microsoft Clarity, Google Tag Manager/conversion tags, etc. You can manage these preferences (see §13).

We can provide an up-to-date vendor list, including sub‑processors used by our infrastructure partners, upon request. We require each vendor to implement appropriate technical and organizational measures and to honor data transfer safeguards.

8) International data transfers

We may transfer and store information in countries outside your own (including the United States and EU/UK). Where required, we rely on recognized safeguards such as adequacy decisions or Standard Contractual Clauses (SCCs). Our vendors (including Airtable and Softr) also implement transfer mechanisms consistent with GDPR.

9) Security

We apply layered security controls appropriate to the sensitivity of your data:

  • Encryption in transit (TLS) and at rest within our core platforms.

  • Access controls & least privilege: role‑based permissions; MFA on admin accounts; logging and periodic access reviews.

  • Secure development & testing for portal changes.

  • Continuous monitoring and safeguards against malware, intrusion, and abuse.

  • Confidentiality: personnel are bound by confidentiality obligations; NDAs available on request.

  • Incident response: if we become aware of a security incident affecting your data, we will notify you consistent with applicable law and our DPA.

10) Retention & deletion

  • We retain Client Content for the duration of your engagement and as instructed in our DPA/SOW. After termination, we will delete or return Client Content within 30–90 days unless we are legally required to keep it (e.g., for tax or accounting). Backup copies may persist for a limited period pursuant to standard retention cycles.

  • Customer Information (billing, account, communications) is retained as needed for legitimate business purposes and legal obligations, then securely deleted or de‑identified.

You may request deletion at any time (see §14). Some records (e.g., invoices) may be retained where required by law.

11) Use of automation and generated outputs

We may use software to assist with summarizing data, generating business reviews, and organizing tasks. When we do:

  • We process Client Content only to deliver the Services you requested.

  • We do not permit vendors to train foundation models on your Client Content without your direction.

  • Outputs are for your internal use; you decide how to act on them. We do not make solely automated decisions that produce legal or similarly significant effects without human involvement.

12) How we share information

We share information only as follows:

  • With service providers (see §7) who process data under contract for hosting, storage, support, communications, analytics (if enabled), and payments.

  • Within your organization, as you configure (owners, collaborators, and invited users can see data you authorize).

  • With your consent or direction (e.g., connecting integrations).

  • For legal reasons (to comply with lawful requests; to protect rights, safety, and property; to enforce agreements; or in connection with a merger, acquisition, financing, or sale subject to appropriate safeguards).

  • No selling: We do not sell personal information. We do not share personal information for cross‑context behavioral advertising without your consent.

13) Cookies, tracking, and preferences

  • Essential cookies operate the site and keep your session secure.

  • Optional analytics/ads cookies (if enabled) help us understand usage and measure campaigns (e.g., Google Analytics, LinkedIn Insight, Microsoft Clarity). These load only with your consent where required.

  • You can manage cookie preferences in our banner or your browser settings. Where supported, we honor Global Privacy Control (GPC) signals for opt‑out of targeted advertising/cookie "sharing" regimes. We also respect do‑not‑track preferences where required by law.

14) Your rights

A) EEA/UK/Switzerland (GDPR)

Depending on your location, you may have the right to access, rectify, erase, restrict, object, port, and withdraw consent. Our primary legal bases include: contract, legitimate interests (e.g., securing and improving the Services), consent (e.g., optional analytics and newsletters), and legal obligations.
Contact: wazi@wazibp.com. We may request verification and will respond within applicable timelines. You may also lodge a complaint with your local supervisory authority.

B) United States (state laws incl. CA/VA/CO/CT/UT/TX, etc.)

Residents of applicable states may have rights to access, correct, delete, port, and opt out of targeted advertising, sales, or profiling producing legal or similarly significant effects. We do not sell personal information. We use sensitive personal information only as necessary to provide the Services. You will not be discriminated against for exercising rights.
How to exercise: Email wazi@wazibp.com with your request and state of residence. You may designate an authorized agent. Certain requests may require identity verification. Some states provide a right to appeal a request decision—you can appeal by replying to our response.

C) Canada

You may request access and correction of your personal information. Contact wazi@wazibp.com.

15) California notice at collection

We collect the following categories for business purposes: identifiers (e.g., name, email), commercial information (subscriptions), internet/network activity (usage logs), professional information (role), geolocation (coarse IP-derived), audio/visual (if you join recorded calls), and inferences (engagement preferences). We do not sell personal information. We keep data for as long as needed for Services, security, or legal obligations. See §§4–10 for details.

16) Children’s privacy

Our Services are for business users and are not directed to children under 16. If you believe a child provided personal information, contact us and we will delete it.

17) Managing your information

  • Access & updates: You can update account details in the portal or by contacting us.

  • Deletion: For Client Content, ask your workspace owner or contact us; we will follow your instructions and our DPA.

  • Marketing: You can unsubscribe via the link in any marketing email or by contacting us.

18) Third‑party links

Our site or portal may link to third‑party sites or services. We are not responsible for their privacy practices. Review their policies before providing information.

19) Changes to this policy

We may update this policy from time to time. We will post the updated version with a new "Last updated" date and, where required, notify you of material changes.

20) Contact us

Questions, requests, or complaints: wazi@wazibp.com