Privacy Policy

1. Introduction

Whali Ltd is the data controller for your personal data. Our registered address is 167-169 Great Portland Street, 5th Floor, London, W1W 5PF. We are registered in England & Wales. If you have any questions about this policy or how we handle your data, please contact us at admin@whali.co.uk.

2. Data We Collect

We collect the following categories of personal data:

• •Account information: your name, email address, and password (encrypted)
• •CV/Resume data: the content of your uploaded CV, including education, work experience, skills, and contact details
• •Email data: email addresses you send to, email content you create and send through the platform, delivery status, and response tracking
• •Lead and contact data: professional information about individuals and companies sourced from third-party data providers
• •Payment information: billing details and transaction history (payment card details are handled directly by our payment processor and are never stored on our servers)
• •Usage data: how you interact with the platform, features used, pages visited, and actions taken
• •Cookie data: language preferences and authentication session data
• •Google user data: when you sign in with Google or connect your Gmail account, we receive your name, email address, and profile information from your Google Account. If you connect your Gmail account for email sending, we use the gmail.send permission solely to send emails that you compose and approve within the platform. We do not read, scan, or store your Gmail inbox content.

3. Legal Basis for Processing

We process your personal data on the following legal bases:

• •Contract performance: processing necessary to provide you with the Service (account management, email sending, CV parsing)
• •Legitimate interests: improving our Service, preventing fraud, ensuring security
• •Consent: where you have given explicit consent, such as for optional data processing or marketing communications
• •Legal obligation: where processing is required to comply with applicable laws

4. How We Use Your Data

We use your personal data to:

• •Provide and operate the Service, including sending emails on your behalf
• •Personalise AI-generated email content using your CV data and preferences
• •Process payments and manage your subscription
• •Communicate with you about your account, service updates, and support requests
• •Improve and develop the Service based on usage patterns
• •Ensure the security and integrity of the platform
• •Comply with legal obligations

5. Third-Party Services

We use the following categories of third-party service providers to operate the platform. Data shared with each is limited to what is necessary for their function:

• •Payment processor — processes subscription payments and billing. Receives your billing details and transaction information.
• •Email integration provider — facilitates sending emails through your connected email account. Receives email content and recipient addresses for emails you choose to send.
• •AI service provider — generates personalised email drafts. Receives your CV data, lead information, and preferences to generate content.
• •Lead data provider — supplies professional contact and company information used for lead generation and enrichment.
• •Database and authentication provider — stores your account data, application data, and manages user authentication.
• •Translation service provider — translates interface text between supported languages.
• •Hosting provider — hosts the application and serves web content.
• •Caching provider — improves performance by temporarily storing frequently accessed data.

6. International Data Transfers

Some of our third-party service providers are based outside the UK and European Economic Area (EEA). Where personal data is transferred internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office (ICO), or transfers to countries recognised as providing adequate data protection.

7. Data Retention

We retain your personal data for as long as necessary to provide the Service and fulfil the purposes described in this policy:

• •Account data: retained for the duration of your account, plus up to 30 days after deletion
• •CV data: retained while your account is active. You may delete your CV data at any time.
• •Email data: retained for the duration of your account to enable conversation tracking and follow-ups
• •Payment records: retained for 7 years as required by UK tax and accounting regulations
• •Usage logs: retained for up to 12 months for service improvement and security purposes

8. Your Rights

Under the UK GDPR, you have the following rights regarding your personal data:

• •Right of access — request a copy of your personal data
• •Right to rectification — request correction of inaccurate data
• •Right to erasure — request deletion of your data (subject to legal obligations)
• •Right to restriction — request that we limit processing of your data
• •Right to data portability — receive your data in a structured, machine-readable format
• •Right to object — object to processing based on legitimate interests
• •Right to withdraw consent — withdraw consent at any time where processing is based on consent

To exercise any of these rights, please contact us at admin@whali.co.uk. We will respond to your request within one month.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data protection rights have been violated.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including encryption of data in transit and at rest, secure authentication, access controls, and regular security reviews. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

10. Cookies

We use a minimal number of cookies, strictly for functional purposes:

• •Language preference cookie — stores your chosen language (English or French) so the interface displays in your preferred language across sessions
• •Authentication session cookies — maintains your login session so you do not need to re-authenticate on each page

We do not use tracking cookies, advertising cookies, or any third-party analytics cookies. We do not track your activity across other websites.

11. Children's Privacy

The Service is intended for users aged 18 and over. We do not knowingly collect personal data from anyone under 18. If we become aware that we have collected data from a person under 18, we will take steps to delete it promptly.

12. Google User Data

When you use Google to sign in or connect your Gmail account, we access limited data from your Google Account. This section describes how we handle that data in compliance with Google's API Services User Data Policy.

• •Data collected: your name, email address, and basic profile information from your Google Account. If you connect Gmail for email sending, we use the gmail.send permission to send emails you compose and approve within the platform.
• •We do not read, scan, index, or store your Gmail inbox content. We only access Gmail to send emails on your behalf when you explicitly initiate a send action.
• •We do not sell, transfer, or disclose your Google user data to third parties for advertising, data brokering, or any purpose other than providing and improving the functionality of our Service.
• •Your Google user data is not used for serving advertisements or for any purpose unrelated to the core email sending functionality of the Service.
• •Whali's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or through the Service. The "Last updated" date at the top of this policy indicates the most recent revision.

14. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:

Whali Ltd

167-169 Great Portland Street, 5th Floor, London, W1W 5PF

Registered in England & Wales

admin@whali.co.uk

You may also contact the Information Commissioner's Office (ICO):

ico.org.uk

0303 123 1113