Privacy Policy

1. Information We Collect

1.1 Information You Provide

• Account registration information: name, email address, phone number, and employer name
• Employee concern submissions: workplace concern details, employment information (employer name, job title, department, dates of employment, supervisor name), descriptions of incidents, documentation references, and disclosure preferences
• Employer account information: company name, contact person name, email address, phone number, billing information, and company size
• Communications: messages sent through the platform, correspondence with our support team, and mediation-related communications
• Survey responses and feedback

1.2 Information Collected Automatically

• Device and browser information: browser type, operating system, device identifiers
• IP address and approximate location data
• Usage data: pages visited, features used, time spent on pages, referring URLs
• Cookies and similar tracking technologies (see Section 5 below)

1.3 Sensitive Personal Information

Due to the nature of workplace concern reporting, the information you provide may include sensitive personal information such as information about race, ethnicity, gender, age, disability, medical conditions, sexual orientation, religious beliefs, or other protected characteristics. We collect this information only when you choose to provide it as part of describing your workplace concern. We process sensitive personal information solely for the purpose of operating the Services and do not use it for purposes beyond what is necessary to provide the Services.

1.4 Educational Content Usage Data

When you use our educational tools and resources, we collect data including search queries, guide pages viewed, and time spent using resources. This data is collected solely for service improvement and to enhance the relevance of our educational content.

2. How We Use Your Information

• To operate and provide the Services, including processing workplace concern submissions, facilitating communication between employees and employers, and coordinating mediation
• To create and manage your account
• To communicate with you about your account, submissions, and the Services
• To process payments for subscription services
• To maintain and improve the Services
• To send service-related notifications and updates
• To ensure platform security and prevent fraud, abuse, and misuse of the platform
• To comply with legal obligations
• To generate de-identified, aggregated data for research and analytics purposes. Such data does not identify any individual
• To improve the accuracy and relevance of our educational content and legal guides
• To operate proprietary algorithmic features including mediator matching, administrative case routing, resolution timeline estimates, and mediation brief generation - all for operational and informational purposes only, not for legal advice

Important Limitations on Use:

• We do NOT use personal information to provide legal advice. Our Services provide educational information and facilitate mediation, but do not constitute legal advice.
• We do NOT make automated decisions about the legal merit or value of any workplace concern.
• We do NOT use algorithmic features to provide legal advice, evaluate case strength, or make legal determinations of any kind.

Automated Processing and Algorithmic Features:

The Services include proprietary algorithmic features (mediator matching, case routing, timeline estimates, and brief generation) that process your information for operational and informational purposes only. None provide legal advice or make legal determinations. See our Terms of Service Section 10 for complete details on these features.

Key data practices: Algorithmic outputs are retained only for the duration of the active case plus 90 days. We do not use your personally identifiable data to train machine learning models. You may request a human review of any automated decision by contacting support@wiserworkplace.com.

3. How We Share Your Information

We do not sell your personal information to third parties. We may share your information as follows:

3.1 With Employers (for Employee Submissions)

When an employee submits a workplace concern, we share information about that concern with the identified employer, subject to the employee's disclosure preferences. All such communications constitute mediation communications subject to contractual confidentiality and the mediation privilege under California Evidence Code §§ 1115-1128 as set forth in our Terms of Service.

3.2 With Service Providers

Trusted third-party service providers (“Sub-Processors”) who assist us in operating the Services are bound by confidentiality obligations. The following is a complete list of our current Sub-Processors, the data each processes, and their role:

• Airtable - database infrastructure. Stores case records, account data, employer information, mediator records, and platform content. Airtable processes and stores mediation communications as part of the platform’s core functionality. SOC 2 Type II certified. Airtable’s infrastructure provides encryption at rest. Airtable Privacy Policy
• Brevo - transactional email delivery. Sends case status notifications, account communications, and platform alerts. Notification emails direct users to log into the platform to view substantive details; emails do not contain the content of mediation communications. Brevo Privacy Policy
• Stripe - payment processing for employer subscriptions. PCI DSS Level 1 certified. Stripe processes payment card data directly; we do not store credit card numbers. Stripe does not have access to mediation communications. Stripe Privacy Policy
• Netlify - website hosting and serverless infrastructure. Hosts the platform’s web application and executes server-side functions. Mediation data passes through Netlify’s infrastructure in transit but is not stored by Netlify. Netlify Privacy Policy
• Cloudflare Turnstile - bot detection and form security. Verifies that form submissions are made by real users, not automated bots. Does not collect personal information or mediation communications. Cloudflare Privacy Policy
• Google Analytics (GA4) - website analytics on public pages only (page views, traffic sources, general demographics). Google Analytics is not loaded on mediation portals or any page where confidential communications occur. Google processes this data as a processor on our behalf. Google Privacy Policy
• Microsoft Clarity - user experience analytics on public informational pages only (homepage, pricing, guides, blog). Clarity captures anonymized session interactions including mouse movements, clicks, scrolls, and page navigation to help us improve usability. Clarity is NEVER loaded on any mediation portal, employee portal, employer portal, case detail page, admin dashboard, or any page where confidential mediation communications occur. All form inputs on pages where Clarity does operate (such as the contact form) are automatically masked so that keystrokes and personal data are not captured in session recordings. Clarity does not collect names, email addresses, or any information you type into forms. Microsoft Privacy Statement

We will update this list if we add or change Sub-Processors. If a Sub-Processor receives a subpoena or legal process requesting platform data, we will assert mediation privilege and all applicable protections on your behalf to the extent permitted by law.

3.3 With Mediators

Qualified neutral mediators engaged through the platform to facilitate resolution receive case information necessary to conduct mediation. This may include automated mediation briefs generated from intake form submissions to assist mediators in case preparation. Such briefs are derived solely from information you submitted and are treated as confidential mediation documents protected under California Evidence Code §§ 1115 - 1128.

3.4 Law Enforcement and Legal Compliance

We may disclose information in response to valid legal process (subpoena, court order, or government request). We will attempt to notify you unless prohibited by law. We will assert mediation privilege and any other applicable privileges where available.

3.5 Business Transfers

In the event of a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will provide notice of any such change and any choices you may have.

3.6 Aggregated Data

We may share de-identified, aggregated data for analytics, research, and service improvement purposes.

Information We Will NEVER Share:

• Your employee identity with your employer without your explicit consent
• Mediation communications outside the resolution process without consent from all parties

4. Data Retention & Deletion

4.1 Retention Schedule

We retain your personal information only as long as necessary for the purposes described in this Privacy Policy or as required by law:

• Active case data: Retained for the duration of the case plus 90 days after resolution or closure
• Resolved case data: Retained in archived form for 12 months following case closure, then automatically deleted
• Account data: Retained for 12 months after account closure, then deleted
• Billing records: Retained for 7 years as required by applicable tax law
• Algorithmic outputs: Matching scores, routing decisions, timeline predictions, and generated briefs are retained for the duration of the active case plus 90 days, then deleted
• De-identified usage analytics: May be retained indefinitely (contains no personally identifiable information)

4.2 Your Right to Request Deletion

You may request deletion of your personal data at any time by contacting support@wiserworkplace.com. Upon receiving a verified request, we will delete the requested data within 30 calendar days, subject to the following:

• If both parties to a case consent, all case data is deleted within 30 days
• If only one party requests deletion, that party's personal identifying information is anonymized, but anonymized case records may be retained per the schedule above
• Settlement agreements are retained per their terms unless both parties agree to deletion
• Billing records are retained for 7 years regardless of deletion requests (tax law requirement)
• Mediation privilege protections survive deletion

4.3 Destruction Confirmation

Upon request, we will provide written confirmation that your data has been deleted in accordance with this policy.

4.4 Confidentiality Survives Deletion

Deletion of data does not release any party from confidentiality obligations. See our Terms of Service (Section 7: Confidentiality) for details.

5. Cookies and Tracking Technologies

5.1 Types of Cookies and Tracking Technologies We Use

• Essential cookies - required for platform functionality and security (e.g., authentication tokens, session identifiers). These do not require consent.
• Analytics cookies (Google Analytics / GA4) - placed by Google to help us understand how visitors use our public pages, including page views, traffic sources, and general usage patterns. GA4 collects data such as anonymized IP addresses, browser type, referring URLs, and pages visited. GA4 data is retained for 14 months.
• Session replay (Microsoft Clarity) - Clarity records anonymized session interactions (mouse movements, clicks, and scrolls) on public, non-sensitive pages to help us improve usability. Clarity is completely blocked from loading on mediation portals (employee portal, employer portal, admin dashboard) and any page where confidential communications occur. On pages where Clarity does operate, all form inputs are automatically masked so that no personal data, keystrokes, or form entries are captured in session recordings.
• Consent preference cookie - stores your cookie consent choice (accept or decline) so we do not ask you again. This cookie expires after 365 days.

5.2 Cookies We Do NOT Use

• No third-party advertising cookies - We do not use cookies for targeted advertising purposes
• No retargeting or behavioral advertising - We do not track you across websites for marketing purposes
• No sale to data brokers or advertisers - We do not sell cookie data or tracking data to third parties

5.3 Your Cookie Choices

We honor Global Privacy Control (GPC) and Do Not Track (DNT) signals. If your browser sends a GPC or DNT signal, we automatically treat it as a request to decline analytics cookies, and no Google Analytics or Microsoft Clarity scripts will load during your visit. You can also manage cookies through your browser settings. Most browsers allow you to refuse cookies or alert you when cookies are being sent. Note that refusing essential cookies may impair platform functionality.

5.4 Cookie Consent and Opt-In Requirement

No analytics or session replay tracking occurs until you affirmatively consent. When you first visit our website, a consent banner will appear giving you the choice to accept or decline analytics cookies. If you decline, no Google Analytics or Microsoft Clarity scripts will load during your visit. You may change your consent at any time by clearing your browser's local storage for this site, which will cause the consent banner to appear again on your next visit.

You may also opt out of Google Analytics across all websites by installing the Google Analytics Opt-out Browser Add-on.

6. Data Security

We implement industry-standard security measures to protect your data:

• Encryption: All data in transit is encrypted using TLS 1.2 or higher. Sensitive data at rest is encrypted using AES-256.
• Access Controls: Role-based access, principle of least privilege, and multi-factor authentication for administrative access.
• Third-Party Standards: Service providers maintain SOC 2 Type II certification (data processors) and PCI DSS Level 1 compliance (payment processors).
• Monitoring: Regular security assessments, employee training, and an incident response plan (see Section 11 for breach notification procedures).

No system is 100% secure. We cannot guarantee absolute security of your information. We are not liable for unauthorized access resulting from circumstances beyond our reasonable control.

7. Your Rights and Choices

7.1 All Users

• Access, update, and correct account information
• Request deletion of your data
• Opt out of non-essential communications
• Manage cookies and tracking preferences
• Request a human review of any automated processing decisions
• Request data portability in a structured, commonly used format

7.2 California Residents (CCPA/CPRA)

California residents have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: You have the right to request what personal information we collect, use, share, and sell
• Right to Delete: You have the right to request deletion of personal information collected from you, subject to certain exceptions
• Right to Correct: You have the right to request correction of inaccurate personal information
• Right to Limit Use of Sensitive Personal Information: You have the right to request that we limit use of sensitive personal information to necessary purposes
• Right to Opt-Out of Sale/Sharing: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights

How to Exercise California Rights: You may submit a privacy request by visiting our Do Not Sell or Share My Personal Information page, emailing support@wiserworkplace.com, or writing to Wiser Workplace LLC, 100 Wilshire Blvd., Suite 700, Santa Monica, CA 90401. We will verify your identity and respond within 45 calendar days (which may be extended by an additional 45 days for complex requests, with notice). You may designate an authorized agent to submit requests on your behalf by providing written authorization.

Right to Limit Use - How It Works: If you request that we limit the use of your sensitive personal information (which may include employment dispute details, health-related workplace claims, or other information you provide through our intake forms), we will restrict its use to what is strictly necessary to provide the mediation services you requested, to comply with legal obligations, and to maintain platform security. We will not use your sensitive personal information for profiling, marketing, or any purpose beyond providing the mediation services. To exercise this right, email support@wiserworkplace.com with the subject line "Limit Use of Sensitive Personal Information."

Right to Opt Out of Automated Decision-Making Technology: Under CPRA, you have the right to opt out of the use of automated decision-making technology, including profiling. Our platform uses algorithmic features for administrative purposes only (mediator matching, case routing, timeline estimates, and brief generation). These features do not evaluate legal merit, determine fault, or produce legal effects. You may request that a human review any automated decision by emailing support@wiserworkplace.com with the subject line "Opt Out of Automated Decision-Making." We will respond within 15 business days.

7.3 California "Shine the Light" Law

California Civil Code Section 1798.83 provides California residents with the right to request information about the categories of personal information we share with third parties for their direct marketing purposes. We do not share personal information with third parties for their direct marketing purposes.

7.4 Virginia CDPA and Colorado CPA

Residents of Virginia and Colorado have similar privacy rights under the Virginia Consumer Data Protection Act (CDPA) and Colorado Privacy Act (CPA). These rights include rights to know, delete, correct, and opt-out of processing. Contact us at support@wiserworkplace.com to exercise these rights.

Right to Appeal: If we deny your privacy request under the Virginia CDPA or Colorado CPA, you have the right to appeal that decision. To appeal, email support@wiserworkplace.com with the subject line "Privacy Request Appeal" within 45 days of our response. We will review and respond to your appeal within 60 days. If we deny your appeal, we will provide information on how to contact your state attorney general to submit a complaint.

7.5 Financial Incentive Disclosure

We do not offer financial incentives in exchange for your personal information. We do not have any financial incentive programs under CCPA.

7.6 Verification of Requests

We will verify requests to exercise privacy rights by confirming your identity and account information. Failure to verify may result in denial of the request.

7.7 CCPA Categories of Personal Information Collected

8. Children's Privacy

The Services are intended for users 18 years of age and older. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will delete such information and terminate the child's account. We comply with the Children's Online Privacy Protection Act (COPPA).

9. Third-Party Links and Services

The Services may contain links to third-party websites and services. We are not responsible for the privacy practices or content of third-party sites. Please review the privacy policies of any third-party websites or services before providing your personal information. Payment processors like Stripe have their own privacy policies governing their collection and use of payment information.

10. International Users

We do not currently offer Services outside the United States. If you access the Services from outside the United States, your personal information will be transferred to, processed, and stored in the United States. By using the Services, you consent to this transfer and processing of your information in the United States according to this Privacy Policy and applicable US laws.

11. Data Breach Notification

In the event of a data breach involving personal information, we will:

• Notify all affected individuals without unreasonable delay, but in no case later than 72 hours after discovering the breach (subject to law enforcement requests for delays)
• Notify the California Attorney General if the breach affects more than 500 California residents
• Provide a description of the breach, the types of information affected, and steps you can take to protect yourself
• Describe the remediation steps we have taken and will take to prevent future breaches

Notification will be provided by email to the address on file, or by mail if we do not have a valid email address.

12. No Legal Advice

Wiser Workplace is not a law firm and does not provide legal advice. All content is for informational purposes only. See our Terms of Service Section 8 for complete disclaimers.

13. Mediation Confidentiality and Privacy

Data collected during mediation is protected by both this Privacy Policy and the statutory mediation privilege under California Evidence Code §§ 1115-1128. If compelled to produce data through legal process, we will assert all available privileges. See our Terms of Service Section 7: Confidentiality for complete confidentiality protections.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by updating the effective date and posting the revised policy on the Services. Your continued use of the Services following the posting of changes constitutes your acceptance of such changes. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.