Last updated: June 3, 2026
1. Introduction
WOMi Technologies Inc. ("WOMi," "we," "us," or "our") operates the WOMi platform, which includes the website at womiapp.com (the "Web Platform") and the WOMi mobile applications for iOS and Android (the "Mobile Apps," and collectively with the Web Platform, the "Service"). WOMi is a word-of-mouth marketing platform that connects consumers with local service businesses through measurable referral programs.
This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use any part of the Service. By accessing or using the Service, you agree to the practices described in this policy. If you do not agree, please discontinue use of the Service.
Our principal place of business is in Sacramento, California. If you have questions about this policy, contact us at info@womiapp.com.
2. Information We Collect
2.1 Information You Provide Directly
When you create an account, claim a deal, or interact with the Service, we may collect:
- Name, email address, and profile information you choose to provide (including, where applicable, a phone number for SMS-based features or business onboarding)
- Business information (for business accounts): business name, address, category, and operating details
- For businesses that import customer lists: contact information (such as names, emails, or phone numbers) you provide about your own customers, which we process on your behalf to send the invitations or messages you request
- Payment information processed through Stripe (we do not store full card numbers on our servers)
- Communications you send to us, including support requests and feedback
- Content you create or share through the Service, such as deal details (for businesses), share / referral messages, and imagery uploaded for redemptions or proof of purchase
2.2 Information Collected Automatically
When you access the Service, we automatically collect certain information:
- Device and browser information: device type, operating system, browser type, screen resolution, and unique device identifiers
- Usage data: pages viewed, features used, time spent, click patterns, and navigation paths
- Log data: IP address, access times, referring URLs, and error logs
- Location data: approximate location based on IP address; precise location only with your explicit consent (used for finding nearby deals). Precise geolocation is treated as sensitive personal information (see Section 7)
- Web Platform specific: cookies, localStorage tokens, and session data (see Section 5 for details)
- Mobile App specific: push notification tokens, app version, and mobile operating system version
2.3 Information from Third Parties
- Stripe: payment confirmation and transaction status for consumer payouts (Stripe Connect) and business subscriptions (Stripe Billing)
- Authentication providers: if you sign in with a supported provider (such as Google), we receive basic profile information needed to create or access your account
- Referral data: information about who referred you, derived from referral links and QR codes
3. How We Use Your Information
We use the information we collect to:
- Provide, operate, and improve the Service, including matching consumers with local business deals
- Process transactions, including consumer cashback rewards via Stripe Connect and business subscription payments via Stripe Billing
- Track and attribute referrals through our QR code and referral-link system
- Generate analytics and insights for business dashboard users, including referral graphs and redemption metrics
- Power AI-based features such as deal suggestions for Growth-tier businesses, using your business's own data (deals, redemptions, customer activity). AI prompts are processed by our third-party AI provider (currently Google's Gemini) via its API, which under its terms does not use that data to train its models
- Send transactional communications (receipts, reward notifications, account alerts) by email and, where you or a business has provided consent, by SMS
- Send marketing communications with your consent, which you may opt out of at any time
- Detect and prevent fraud, abuse, and security incidents
- Comply with legal obligations and enforce our Terms of Service
4. How We Share Your Information
We do not sell your personal information, and we do not share it for cross-context behavioral advertising. We may share information in the following circumstances:
- With businesses you interact with: when you claim or redeem a deal, the business receives your name and redemption details necessary to fulfill the deal
- Service providers (processors): we share data with vendors that help us operate the Service, each contractually obligated to protect it and use it only for our purposes — including Stripe (payments and payouts), Supabase (authentication, database, storage), Vercel (hosting), Twilio SendGrid (transactional email), Twilio (SMS messaging), PostHog (product analytics), Sentry (error monitoring and diagnostics), Cloudflare (bot protection), and Google (place/business lookup and AI features)
- Referral attribution: when you refer someone, limited information (such as first name) may be shown to the referred party to identify the referral source
- Legal requirements: we may disclose information when required by law, subpoena, or government request, or to protect the rights, safety, or property of WOMi, our users, or the public
- Business transfers: in the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity
- With your consent: we may share information for other purposes when you give us explicit permission
5. Cookies & Tracking Technologies
5.1 Web Platform Cookies & Storage
The Web Platform at womiapp.com uses the following categories of cookies and local storage:
- Essential (always on): authentication tokens to keep you signed in and secure your session, theme preferences, your cookie-consent choice, and session state. These are necessary to operate the Service
- Analytics (optional): our product-analytics provider (PostHog) sets first-party cookies and local storage to measure how the Service is used. These load only if you have not opted out, and they do not load when your browser sends a Global Privacy Control signal (see 5.3)
5.2 What We Do Not Use
We do not use third-party advertising cookies, cross-site tracking pixels, ad networks, or behavioral advertising, and we do not sell your data to advertisers. Our analytics are first-party and used only to operate and improve the Service.
5.3 Analytics, Consent & Global Privacy Control
We use PostHog, a product-analytics tool, to understand how the Service is used — pages viewed, features used, and aggregate conversion. It is configured to build identified profiles only for signed-in users and to mask captured text, and we do not sell or share analytics data with third-party advertisers. You can decline analytics at any time via the cookie banner or the “Your Privacy Choices” link in our footer, and we automatically honor your browser's Global Privacy Control (GPC) signal — when GPC is on, analytics does not load.
5.4 Mobile Apps
The Mobile Apps may use device-level identifiers and mobile analytics SDKs. The apps do not use browser cookies. Push notification permissions are requested separately and can be managed through your device settings.
6. Data Security
We implement appropriate technical and organizational measures to protect your personal information, including:
- Encryption of data in transit (TLS/SSL) and at rest
- Secure authentication through Supabase with support for email-based verification
- Payment data handled exclusively by Stripe, a PCI DSS-compliant processor
- Row-level access controls and regular security reviews
- Infrastructure hosted on Vercel and Supabase with enterprise-grade security
While we strive to protect your information, no method of electronic storage or transmission is completely secure. We cannot guarantee absolute security. If we become aware of a breach affecting your personal information, we will notify you and regulators where required by law.
7. Your Rights & Choices (CCPA/CPRA)
If you are a California resident, the California Consumer Privacy Act, as amended by the CPRA, provides you with the following rights regarding your personal information. We extend these choices to all users where practical.
- Right to know / access: request the categories and specific pieces of personal information we have collected about you
- Right to delete: request deletion of your personal information, subject to certain legal exceptions
- Right to correct: request that we correct inaccurate personal information
- Right to opt out of sale or sharing: we do not sell your personal information or share it for cross-context behavioral advertising, and we honor the Global Privacy Control signal (see 5.3)
- Right to limit sensitive information: the only sensitive personal information we collect is precise geolocation (with your consent) and payment information (handled by Stripe); we use it solely to provide the Service and do not use or disclose it for other purposes
- Right to non-discrimination: we will not discriminate against you for exercising your privacy rights
To exercise your rights:
- Email us at info@womiapp.com with a clear description of your request (e.g., "Data access request," "Deletion request," "Correction request," "Data export"). You may use an authorized agent to submit a request on your behalf
- Use the "Delete account" or "Download my data" option under Settings › Privacy & Data (Web Platform or Mobile Apps), which submits the request on your behalf
- Use the "Your Privacy Choices" link in our website footer, or enable Global Privacy Control in your browser, to opt out of analytics
We will verify and respond to your request within 45 days as required by law (extendable once where permitted). All users may also update their name and profile photo in account settings (to change your email, contact us so we can verify it), opt out of marketing emails via the unsubscribe link, manage notification categories under Settings › Notifications, and disable location permissions through their browser or device.
8. Children's Privacy
The Service is intended for adults 18 and older and is not directed to children. We do not knowingly collect personal information from anyone under 18, and in particular from children under 13 (consistent with COPPA). If we learn that we have collected information from a child under 13, we will take steps to delete it promptly. If you believe a child has provided us with personal information, please contact us at info@womiapp.com.
9. International Data Transfers
The Service is operated from the United States. If you access the Service from outside the United States, your information may be transferred to, stored in, and processed in the United States, where data protection laws may differ from those of your jurisdiction. By using the Service, you consent to the transfer of your information to the United States.
Our service providers (such as Stripe, Supabase, Vercel, Twilio, PostHog, Sentry, Cloudflare, and Google) may process data in various locations. We rely on appropriate safeguards for any international transfers.
10. Data Retention
We retain your personal information for as long as your account is active or as needed to provide the Service. Specific retention periods include:
- Account data: retained while your account is active and for up to 30 days after a deletion request to allow for recovery
- Transaction records: retained for up to 7 years for tax and legal compliance
- Usage logs: retained for up to 12 months for analytics and security purposes
- Referral attribution data: retained for the duration of active deal campaigns and up to 12 months after campaign conclusion
After the retention period, data is securely deleted or anonymized. You may request earlier deletion by contacting us (see Section 7).
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable law. When we make material changes, we will notify you by updating the "Last updated" date at the top of this page and, where appropriate, by sending you an email or in-app notification.
Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated policy.
12. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
- Email: info@womiapp.com
- Company: WOMi Technologies Inc.
- Location: Sacramento, California, USA