Legal

Privacy Policy

1. Who we are

woose.io (“woose”, “we”, “us”) provides AI governance and risk-management software and advisory services, including this website and the Governance Workbench at woose.io/app. The data controller is woose.io Governance Systems Inc. [ ● registered address ]. For any privacy question, contact governance@woose.io.

2. Information we collect

We collect only what we need to run the service and respond to you:

Information you give us

Information collected automatically

3. Data you analyse in the Workbench

Several Workbench tools (for example the Fairness Scanner, Drift & Data-Quality analysis, the Document Gap Scanner, and the on-page Governance & Risk assessors) run entirely in your browser. The datasets, documents and system details you analyse with those tools are processed locally and are not transmitted to or stored on our servers unless you (a) explicitly save an assessment, (b) ask us to fetch a remote URL through our proxy, or (c) submit text to an AI-assisted feature. Keeping raw data on your device by default is a deliberate design choice.

When you run a Workbench analysis we do record a small, non-sensitive summary of the run — which tool was used, its pass/fail band and headline score, and the system’s risk tier — to understand product usage and improve the tools. This summary never includes your uploaded datasets, documents, or prompts. It is linked only to the anonymous browser identifiers described above, not to your identity.

Our downloadable scanner, Aegis, runs fully offline and sends nothing to us by default. If you explicitly choose to upload a report (the opt-in -submit option), the scan results are stored under an anonymous, randomly-generated install identifier that contains no host or personal information.

4. How we use information

We do not sell your personal data, and we do not use it for third-party advertising.

Where GDPR applies, we rely on: consent (e.g. when you submit a form or save an assessment); contract (to deliver a service you requested); legitimate interests (to secure and improve the platform, balanced against your rights); and legal obligation where required.

6. Sharing & subprocessors

We share personal data only with service providers that help us run woose.io, under appropriate agreements:

We may also disclose information where required by law, or as part of a corporate transaction, subject to this policy.

7. Cookies & local storage

woose.io does not use third-party advertising or cross-site tracking cookies. We use strictly-necessary browser storage (such as localStorage for your theme preference) to make the site work. Your browser settings let you clear this at any time.

8. Retention

We keep personal data only as long as needed for the purposes above: enquiry and lead data for our ongoing business relationship; saved assessments until you ask us to delete them; security logs for a limited period. We delete or anonymise data when it is no longer needed.

9. International transfers

Our providers may process data outside your country, including outside the UK/EEA. Where they do, we rely on appropriate safeguards such as Standard Contractual Clauses or an adequacy decision.

10. Your rights

Subject to applicable law (including UK/EU GDPR and, for California residents, the CCPA/CPRA), you may request to access, correct, delete, port, or restrict processing of your personal data, and to object to certain processing. To exercise any right, email governance@woose.io. You also have the right to complain to your local data-protection authority.

11. Security

We protect data in transit with HTTPS/TLS, apply security headers and rate-limiting, restrict access to stored data, and use tamper-evident, hash-chained logging for the Agent Control Plane ledger. No method of transmission or storage is perfectly secure, but we work to protect your information.

12. Children

woose.io is a business tool and is not directed to children under 16. We do not knowingly collect their data.

13. Changes

We may update this policy from time to time. We will revise the “last updated” date above and, where appropriate, notify you of material changes.

14. Contact

Questions or requests: governance@woose.io.