WAND PRIVACY POLICY
[Last Modified: August XX, 2024]
This privacy policy (“Privacy Policy” or “Policy”) describes how Wand Synthesis AI, Inc. (“Wand”, “we”, “us”,
or “our”) collect, use and disclose certain information, including your personal information and the choices
you can make about that information.
This Privacy Policy which is incorporated by reference in our Terms and Condition, the Master Service
Agreement and any other beta/alpha terms of documentation (together “Terms”) governs the processing and
transfer of data collected in connection with our website, available at: https://wand.ai/ ("website"), or while
accessing or using the Wand cloud-based SaaS platform (“Platform”), or the services provided therein
(collectively, the "Services").
Terms not define herein shall have the same meaning ascribe to them in the Terms.
We collect and process certain information when you browse our website (“Visitors”), or when you access and
use the Services, including the Alpha/Beta Service (“Customer”) (collectively shall be referred to as “you”).
In the event you are a resident of the United States, please also review the ”US Jurisdiction-Specific Notices”
section below, to learn more about our privacy practices and the rights that may be applicable to you under
the privacy and data protection legislation which applies in certain US states.
In the event you are a California resident please review our CCPA Privacy Notice detailing our practices and
rights per the California Consumer Privacy Act, to the extent applicable to you.
POLICY AMENDMENTS:
We reserve the right to amend this Policy from time to time, at our sole discretion. The most recent version of
the Policy will always be posted on the website. The updated date of the Policy will be reflected in the “Last
Modified” heading. We will provide notice to you if these changes are material, and, where required by
applicable law, we will obtain your consent. Any amendments to the Policy will become effective within 30-
days upon the display of the modified Policy. We recommend you review this Policy periodically to ensure that
you understand our most updated privacy practices.
CONTACT INFORMATION AND DATA CONTROLLER INFORMATION:
Wand is the Controller of the Personal Data detailed below, as such term is defined under the EU
General Data Protection Regulation (GDPR) to the extent applicable. Wand is incorporated under the
laws of the state of Delaware and its address is 838 Walker Rd., Dover, DE 19904, USA.
You may contact our privacy team as follows:
By Email: privacy-dpo@wand.ai
Please note that while we are the Controller of Personal Data collected from our Visitors and
Customers, we are not the Controller of any personal data processed through the Platform. Where
the Customers use the Platform for the processing of their own data, including any personal data,
we merely act as a Processor on their behalf. Therefore, if you have any inquiry regarding the data
processed by any Customer (e.g., if you are a customer of any Customer) you should approach the
specific Customer as the Controller of such data and its legal owner.
DATA SETS WE COLLECT AND FOR WHAT PURPOSE:
You can find here information regarding the purposes for which we process your personal data as well as our
lawful basis for processing (where the GDPR applies), the definition of “personal” and “non-personal” data,
and how it is technically processed.
Non-Personal Data
During your interaction with our Services, we may collect aggregated, non-personal non-identifiable
information, which may be made available or gathered via your access to and use of the Services (“Non-
Personal Data “). We are not aware of the identity of the user from which the Non-Personal Data is collected.
The Non-Personal Data being collected may include your aggregated usage information and technical
information transmitted by your device, such as: the type of browser or device you use, language preference,
time and date stamp, country location, etc.
Personal Data
We may also collect from you, during your access or interaction with the Services, individually identifiable
information, namely information that identifies an individual or may, with reasonable effort, be used to
identify an individual (“Personal Data” or “Persona Information”). The types of Personal Data that we collect
as well as the purpose for processing such data are specified in the table below. For the avoidance of doubt,
any Non-Personal Data connected or linked to any Personal Data shall be deemed as Personal Data as long as
such connection or linkage exists.
The table below details the processing of Personal Data, the purpose, lawful basis, and processing operations:
DATA SET PURPOSE AND OPERATIONS LAWFUL BASIS
Per the GDPR to the extent
applicable
VISITORS
Online Identifiers:
Agent, unique ID, Cookie ID, IP, and
other online unique identifier.
We process such data when you
visit our website through third
party cookies for analytic and
remarketing purposes.
Consent which we will obtain
through our cookie notice and
consent management platform
we use (“CMP”). You may
withdraw consent at any time by
using the cookie preference
settings: https://wand.ai/cookie-
list/
Contact Information:
If you voluntarily contact us for
your interest in our products,
support or other inquiries, through
any form available on the website
or by email, you may be required
to provide us with certain
We will use this data to provide to
the support you requested or
respond to your inquiry.
We process such Contact
Information subject to our
legitimate interest in order to
respond to your inquiry.
information such as your name, job
title, company name, email
address, and any additional
information you decide to share
with us.
If you are contacting us on behalf
of another person, we value your
assistance and care for others,
please note that it is your
responsibility to make sure that
any person whose Personal Data
you provide is aware of the
principles of this statement and
agrees that you will provide
Personal Data to us on this basis.
Newsletter Registration:
In the event you sign up to receive
our newsletter or other marketing
materials, you will be requested to
provide your contact details, such
as your email address.
We will use your email in order to
send you our newsletter and other
marketing materials.
We process such contact
information subject to your
consent. You may withdraw
consent at any time through the
“unsubscribe” link within the
email or by contacting us
directly.
Job Application:
In the event you apply for a job via
our website, we will process your
CV (and the information included
therein), your cover letter as well
as additional information you
decide to provide such as your
contact information (name, email
address and phone number).
We will use this information to
process your job application and
for recruitment purposes.
We process such information
subject to our legitimate
interest.
CUSTOMER
Customer Account:
In order to use our Services, or
otherwise register to a training or
request a demo, you will need to
create an account. The information
provided during the registration
process or log-in will include your
full name, email address,
information about your company,
your job title, and any other
information you decide to provide.
Any such information you provide
us in connection with the
registration for our Services is
We use the Account Information to
create an account, provide account
management, support and to
provide the Services as well as
perform/execute the Master
Service Agreement and to grant
you the license to use the
Platform, account and Services.
Processing is necessary for the
performance of a contract to
which the data subject is party.
deemed “Account Information”.
Payment Information:
Following the registration process,
you will need to choose a plan to
use our Platform, and provide us
certain payment information.
We use Stripe (“Stripe”) as a third
party payment processors to
process this information.
Consequently, any transactions
that are processed by Strip will be
governed by its privacy policy and
terms which we recommend that
you review.
Performance of a contract with
you.
Usage Data:
When you use our Platform, we
may directly or through third party
measurement and recording tools,
generate data on how you use the
Platform and Services, crashes and
errors, time spent, click stream,
etc. (“Usage Data”). Most Usage
Data does not contain Personal
Data. To the extent Usage Data
contains Personal Data, it will be
treated as personal data and is
covered under this Privacy Policy.
We use Usage Data improve our
Services.
We process such information
subject to our legitimate
interest.
Direct Marketing:
As a Customer, we will send you
invoices, materials and content
through the email information you
provided during your registration.
We will use this information to
keep you updated with offers and
content such as software updates,
new capabilities and features,
surveys and send you invoices and
supporting documentation.
We process such information
subject to our legitimate
interest. You can opt-out at any
time through the “unsubscribe”
link within the email or by
contacting us directly.
Survey and Feedback:
We reserve the right to ask you to
provide feedback on our Services,
including any alpha/beta services
or features. We will collect your
feedback through email
correspondence or through a third-
party service provider: Pendo.io,
Please see Pendo's privacy policy
("Pendo");
We use this information to
improve, revise and enhance our
Service, as well as optimize and
customize the Services.
We process such information
subject to your consent. You
may withdraw your consent at
any time.
Please note that the actual processing operation per each purpose of use and lawful basis detailed in the table
above may differ. Such processing operation usually includes a set of operations made by automated means,
such as collection, storage, use, disclosure by transmission, erasure, or destruction. The transfer of personal
data to third-party countries, as further detailed in the Data Transfer Section, is based on the same lawful
basis as stipulated in the table above.
In addition, we may use certain Personal Data to prevent potentially prohibited or illegal activities, fraud,
misappropriation, infringements, identity thefts, and any other misuse of the Services and to enforce the
Terms, as well as to protect the security or integrity of our databases and the Services, and to take precautions
against legal liability. Such processing is based on our legitimate interests.
We may collect different categories of Personal Data and Non-Personal Data from you, depending on the
nature of your interaction with the Services provided through the website and Platform, as detailed above. If
we combine Personal Data with Non-Personal Data, the combined information will be treated as Personal
Data or for as long as it remains combined.
HOW WE COLLECT YOUR INFORMATION:
Depending on the nature of your interaction with us, we may collect the above detailed information from you,
as follows:
● Automatically, when you visit our website or interact with our Platform, including through the use of
Cookies (as detailed below) and similar tracking technologies.
● When you voluntarily choose to provide us with information, such as when you contact us, all as
detailed in this Policy.
COOKIES AND SIMILAR TECHNOLOGIES:
We use “cookies” (or similar tracking technologies) when you access our website. The use of cookies is a
standard industry-wide practice. A “cookie” is a small piece of information that a website assigns and stores
on your computer while you are viewing a website. Cookies can be used for various purposes, including
allowing you to navigate between pages efficiently, as well as for statistical purposes, analytic purposes and
marketing. You can find more information about our use of cookies here: https://wand.ai/cookie-list/ .
DATA SHARING – CATEGORIES OF RECIPIENTS WE SHARE PERSONAL DATA WITH:
We share your data with third parties, including our partners or service providers that help us provide our
Services. You can find here information about the categories of such third-party recipients.
CATEGORY OF
RECIPIENT
DATA THAT WILL BE
SHARED
PURPOSE OF SHARING
Service Providers All data We may disclose Personal Data to our trusted agents and
service providers (including, but not limited to, our Cloud
Service Provider, Analytics Service Provider, payment
processors, CRM provider, recording tool provider etc.) so
that they can perform the requested services on our behalf.
Thus, we share your data with third party entities, for the
purpose of storing such information on our behalf, or for
other processing needs. These entities are prohibited from
using your personal information for any purposes other
than providing us with requested services.
Marketing Online Identifiers and We may share Personal Data to our services providers and
Contact Information third parties in order to provide you with marketing
materials by using cookies and other similar technologies.
Any acquirer of
our business
All data We may share Personal Data, in the event of a corporate
transaction (e.g., sale of a substantial part of our business,
merger, consolidation or asset sale). In the event of the
above, our affiliated companies or acquiring company will
assume the rights and obligations as described in this
Policy.
Legal and law
enforcement
Subject to law
enforcement authority
request.
We may disclose certain data to law enforcement,
governmental agencies, or authorized third parties, in
response to a verified request relating to terror acts,
criminal investigations or alleged illegal activity or any other
activity that may expose us, you, or any other user to legal
liability, and solely to the extent necessary to comply with
such purpose.
When we share information with services providers and partners, we ensure they only have access to such
information that is strictly necessary for us to provide the Services. These parties are required to secure the
data they receive and to use the data for pre-agreed purposes only while ensuring compliance with all
applicable data protection regulations (such service providers may use other non-personal data for their own
benefit).
USER RIGHTS:
We acknowledge that different people have different privacy concerns and preferences. Our goal is to be clear
about what information we collect so that you can make meaningful choices about how it is used. We allow
you to exercise certain choices, rights, and controls in connection with your information. Depending on your
relationship with us, your jurisdiction and the applicable data protection laws that apply to you, you have the
right to control and request certain limitations or rights to be executed. You can learn more about those rights
through reading the Data Subject Request (“DSR”) form available here.
US residents, please refer to the “US JURISDICTION-SPECIFIC NOTICES” section below, containing details
about the rights that may apply to you under US state law. California residents please review our CCPA Privacy
Notice to learn more about the specific rights that may apply to you under the CCPA.
You may exercise any or all of your above rights in relation to your Personal Data by filling out the Data Subject
Request (“DSR”) form available here, and send it to: privacy-dpo@wand.ai
DATA RETENTION:
In general, we retain the Personal Data we collect for as long as it remains necessary for the purposes set forth
above, all under the applicable regulation, or until you express your preference to optout, where applicable.
Other circumstances in which we will retain your Personal Information for longer periods of time include: (i)
where we are required to do so in accordance with legal, regulatory, tax, or accounting requirements, or (ii)
for us to have an accurate record of your dealings with us in the event of any complaints or challenges, or (iii)
if we reasonably believe there is a prospect of litigation relating to your Personal Data. Please note that except
as required by applicable law, we will not be obligated to retain your data for any particular period, and we
may delete it for any reason and at any time, without providing you with prior notice if our intention to do so.
SECURITY MEASURES:
We work hard to protect the Personal Data we process from unauthorized access, alteration, disclosure, or
destruction. We have implemented physical, technical, and administrative security measures for the Services
that comply with applicable laws and industry, such as encryption using SSL, we minimize the amount of data
that we store on our servers, restricting access to Personal Data to Wand employees, contractors, and agents,
etc. Note that we cannot be held responsible for unauthorized or unintended access beyond our control, and
we make no warranty, express, implied, or otherwise, that we will always be able to prevent such access.
Please contact us at: privacy-dpo@wand.ai if you feel that your privacy was not dealt with properly, in a way
that was in breach of our Privacy Policy, or if you become aware of a third party's attempt to gain
unauthorized access to any of your Personal Data. We will make a reasonable effort to notify you and the
appropriate authorities (if required by applicable law) in the event that we discover a security incident related
to your Personal Data.
INTERNATIONAL DATA TRANSFER:
Our data servers in which we host and store the information are located in the EU. The Company’s HQ is based
in Israel in which we may access the information stored on such servers or other systems such as the
Company’s ERP, CRM, Salesforce, Strip, Pendo and other systems. In the event that we need to transfer your
Personal Data out of your jurisdiction, we will take appropriate measures to ensure that your Personal Data
receives an adequate level of protection as required under applicable law. Furthermore, when Personal Data
that is collected within the European Economic Area ("EEA") is transferred outside of the EEA to a country that
has not received an adequacy decision from the European Commission, we will take necessary steps in order
to ensure that sufficient safeguards are provided during the transferring of such Personal Data, in accordance
with the provision of the standard contractual clauses approved by the European Union. Thus, we will obtain
contractual commitments or assurances from the data importer to protect your Personal Information, using
contractual protections that EEA and UK regulators have pre-approved to ensure your data is protected
(known as standard contract clauses), or rely on adequacy decisions issued by the European Commission.
Some of these assurances are well-recognized certification schemes.
ELIGIBILITY AND CHILDREN PRIVACY:
The Services are not intended for use by children (the phrase "child" shall mean an individual that is under the
age defined by applicable law, which concerning the EEA is under the age of 16, and with respect to the US,
under the age of 13), and we do not knowingly process children's information. We will discard any information
we receive from a user that is considered a "child" immediately upon discovering that such a user shared
information with us. Please contact us at: privacy-dpo@wand.ai if you have reason to believe that a child has
shared any information with us.
US JURISDICTION-SPECIFIC NOTICES
General Applicability and Jurisdictions
This section applies to residents of specific US States under applicable specific state laws, including
residents of Virginia, Connecticut, Colorado, Utah, Texas, Oregon, Montana (effective of October 1,
2024), and effective of January 1, 2025 – Nebraska, New Hampshire, New Jersey, Delaware, and
Iowa, as amended or superseded from time to time and including any implementing regulations and
amendments thereto (collectively, “US Privacy Laws”). Any term not defined herein under this
section shall have the meaning ascribed to such term in the Privacy Policy above or applicable US
Privacy Laws.
California residents, please refer to our CCPA Notice, which discloses the categories of personal
information collected, purpose of processing, source, categories of recipients with whom the
personal information is shared for a business purpose, whether the personal information is sole or
shared, the retention period, and how to exercise your rights as a California resident.
The specific disclosure in this section supplements our general Privacy Policy as detailed above and
provides additional details to the extent we are deemed as a “Business” or “Controller” under
applicable US Privacy Laws – for example where we process Visitor’s information regarding their use
of the Website or as Customers purchasing our products through the Website.
The Personal Information We Process
Under the “DATA SETS WE COLLECT AND FOR WHAT PURPOSE” section above you can find details
regarding the categories of Personal Data that are collected and processed, and the purposes for
which such Personal Data is processed, stored or used. We will not collect additional categories of
Personal Data or use the Personal Data we collected for a materially different, unrelated, or
incompatible purpose without obtaining your consent. As further set forth above, collected Personal
Data may include, depending on your interaction with us as a Visitor or Customer:
Contact Communications Information – including your identifiers and contact information
(name, email, phone, etc.), the content of your inquiry, and additional information as
provided voluntarily by you, such as your workplace and position, country of residence, etc. –
collected and processed to respond to your inquiry and to keep a record of our interaction
with you.
Online Identifiers and Advertising and Targeting data – your IP address, location and time
zone setting, operating system and platform, browser plug-in types, domain name and your
choice of browser, approximate location (derives from IP address), etc. – processed as part of
our technical website management and operation, analytics and online marketing activity.
Analytics Data – we may process certain information on an aggregated, statistical and de-
identified manner for measuring the usage of our Services. We do so to allow ourself improve
and further develop our Services.
Newsletter Registration Information – such as your email, phone number, and your
interaction with the messages and content we will send you – collected and processed for
sending you news, promotional material and updates regarding our services per your consent
and subject to applicable law.
Job Applicants Information – In the event you apply for a job via our website, we will process
you as well as additional information you decide to provide, for the recruitment process.
Customer Account Information – When registering to the Platform, we may collect and
process certain information as part of your Customer Account, including your identifiers,
account creation data, free trial, etc., including username and password, company name,
your position and other required data. We will use such customer data to provide you with
access to the Services per your engagement, and per applicable law to send you service
communications, promotions, such as new features, additional offerings, special
opportunities etc.
Payment Information – As a Customer you may need to provide us with your payment details
including credit card and bank account information. We use this information for billing
purposes, for the purpose of enabling you to use the Platform and Services.
Usage Data – We perform such automatic collection through use of cookies, web beacons,
unique identifiers, and similar technologies which allow us to collect information about the
pages and screens you view when you use the Platform, the links you click, your usage
preferences, and other actions you take when using the Platform. We use such data to retain
and adjust the Services in accordance with your preferences, as well as for analytics, better
understanding of our Services, maintenance, monitoring and further development and
improvement.
Review and Feedback Data – Where you submit a review or survey regarding your
satisfaction with the Platform and Services, you may share information such as rating, free
text and an image you actively share when submitting such review.
Emails and Promotional Messages – As a Customer, and subject to applicable law, we will
send you invoices, materials and content through the email information you provided during
your registration. We will use this information to keep you updated with offers and operation
and promotional content such as software updates, new capabilities and features, surveys,
marketing material, etc. Such messages, per applicable law, may be sent through email, SMS,
or any other lawful channel. You can always opt-out from any marketing content through the
designated features embedded in such content. However, note that as Customer you may
still receive operation messages from time to time as required for using the Services.
Under US Privacy Laws, Personal Data does not include publicly available information and
information that cannot be reasonably linked to you, directly or indirectly, such as de-identified or
aggregated data, and information governed by other state or federal laws, such as: Health or medical
information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPPA),
Personal Data covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act
(FCRA), the Gramm-Leach-Bliley Act (GLBA) and the Driver’s Privacy Protection Act of 1994, Children’s
Online Policy Protection Act of 1998 (COPPA), Family Educational Rights and Privacy Act of 1974,
National Security Exchange Act of 1934, higher education data and employment data, etc.
“Sensitive Data” under US Privacy Laws is generally defined as data revealing racial or ethnic origin,
religious beliefs, mental or physical health history, condition or diagnosis, sex life or sexual
orientation, citizenship or immigration status, genetic or biometric data that can be processed/is
processed to uniquely identify an individual, precise geolocation or personal data from a known child.
As a “Business” or “Controller” (i.e. the legal owner of personal data), we do not collect or process or
use any of your Sensitive Data. If any Customer is using the Platform for the processing of such data,
it is upon its exclusive knowledge and responsibility.
Disclosures of your Personal Data to Third Parties, and Sale or Share of Personal Data
Under the “DATA SHARING” section above, you will find details regarding the categories of third
parties we share Personal Data with for business purposes.
We do not sell your personal information for profit. However, we do engage in targeted advertising
on the website. Some of those marketing activities, when conducted through the use of third parties,
may be considered a “Sale” or “Share” under certain US Privacy Laws. In this context, as is common
practice among companies that operate online, we permit third party advertising networks, social
media companies and other third-party businesses to collect information directly from your browser
or device through cookies or similar tracking technology when you visit or interact with the website,
for example, for collection of Online Identifiers and Advertising and Targeting data as detailed above.
These third parties use this personal information to deliver targeted advertising (also known as
“cross-context behavioral advertising”) and personalized content to you on our website, on other
sites and services you may use, and across other devices you may use, as well as to provide
advertising-related services such as reporting, attribution, analytics, and market research. To learn
more about this please read the Cookies section above. Depending on your state of residency and
subject to certain legal limitations and exceptions, you may be able to limit or opt-out of the sale of
personal information or the processing of personal information for purposes of targeted advertising
through the use of the Cookie Toolbar on the website’s footer or as detailed under the “Exercising
Your Rights Section” below.
Please note that even if you opt-out you may still see personalized ads based on information other
companies and ad networks have collected about you, if you have not opted out of sharing with
them.
For IBA opt out options on desktop and mobile websites, please visit:
Digital Advertising Alliance (US) https://www.aboutads.info/choices/
Digital Advertising Alliance (Canada) https://youradchoices.ca/en/tools
Digital Advertising Alliance (EU) https://www.youronlinechoices.com/
Network Advertising Initiative https://optout.networkadvertising.org/?c=1
We do not knowingly sell or share personal information of individuals younger than 16 years of age.
Similarly, as a “Business” or “Controller”, we do not collect or process, therefore not Sell or Share,
any Sensitive Data.
Exercising Your Privacy Rights
Under US Privacy Laws, the following rights may apply to you:
The Right Details and Limitations
Right to Access/
Right to Know
You have the right to confirm whether and know the Personal Data we
collected on you
Right to
Correction
You have the right to correct inaccuracies in your Personal Data, taking
into account the nature and purposes of processing of such Personal
Data.
Right to Deletion You have the right to delete Personal Data, this right is not absolute and
in certain circumstances we may deny such request. We may deny your
deletion request, in full or in part, if retaining the information is
necessary for us or our service provider(s) for any of the following
reasons: (1) Complete the transaction for which we collected the
Personal Data, provide a good or service that you requested, take
actions reasonably anticipated within the context of our ongoing
business relationship with you, fulfill the terms of a written warranty or
product recall conducted in accordance with federal law, or otherwise
perform our contract with you; (2) Detect security incidents, protect
against malicious, deceptive, fraudulent, or illegal activity, or prosecute
those responsible for such activities; (3) Debug products to identify and
repair errors that impair existing intended functionality; (4) Exercise free
speech, ensure the right of another consumer to exercise their free
speech rights, or exercise another right provided for by law; (5) Comply
with the law or legal obligation; (6) Engage in public or peer-reviewed
scientific, historical, or statistical research in the public interest that
adheres to all other applicable ethics and privacy laws, when the
information’s deletion may likely render impossible or seriously impair
the research’s achievement, if you previously provided informed
consent; (7) Enable solely internal uses that are reasonably aligned with
consumer expectations based on your relationship with us; (8) Make
other internal and lawful uses of that information that are compatible
with the context in which you provided it.
We will delete or de-identify personal information not subject to one of
these exceptions from our records and will direct our processors to take
similar action.
Right to
Portability
You have the right to obtain the Personal Data in a portable, and to the
extent technically feasible, readily usable format that allows you to
transmit the data to another entity without hindrance.
Right to opt out
from selling
Personal Data
You have the right to opt out of the sale of your Personal Data for the
purposes of targeted advertising, sale to a third party for monetary gain,
or for profiling in furtherance of decisions that produce legal or similarly
significant effects concerning you or any other consumer.
You may authorize another person acting on your behalf to opt out,
including by broad technical tools, such as DAA, NAI, etc. as detailed
above.
Right to opt out
from Targeted
Advertising
Right to opt out
from Profiling
Duty not to violet
the existing laws
against
discrimination or
non-
discrimination
Such discrimination may include denying a good or service, providing a
different level or quality of service, or charging different prices. However
note that we do not discriminate against any of our Visitors or
Customers.
Subject to certain legal limitations and exceptions, you may be able to exercise some or all of the
rights detailed above by filling out the Data Subject Request (“DSR”) form available here, and send it
to: privacy-dpo@wand.ai.. We will always maintain the privacy and security of such evidence.
We will respond to a verifiable request within the timeframes set by applicable US Privacy Laws
(usually up to 45 days). We reserve the right to ask for reasonable evidence to verify your identity
before providing you with any such information per applicable law, including requesting a photo ID
or other similar documentation and records. If we determine that the request warrants a fee, we will
tell you why we made such a decision and provide you with a cost estimate before completing your
request.
Further, certain rights can be easily executed independently by you without the need to contact us,
for example: (i) You can opt-out from receiving our marketing emails by clicking the “unsubscribe”
link; (ii) You can use the cookie settings tool on our Website to change your preferences; (iii) you
can use certain third party technologies and interfaces, including through your browser settings or
mechanisms such as the DAA or NAI.
Authorized Agents
In certain circumstances, and subject to applicable US Privacy Laws, you may permit an authorized
agent to submit requests on your behalf. The authorized agent must provide a letter signed by you
confirming the agent has permission to submit a request on your behalf or provide sufficient
evidence to show that the authorized agent has been lawfully vested with power of attorney. For
security purposes, we may need to verify your identity and confirm directly with you that you have
provided the authorized agent with permission to submit the request, and it may take additional time
to fulfil agent-submitted requests. We may deny a request in the event we are not able to verify the
authorized agent’s authority to act on your behalf. Please note that for privacy and security reasons,
we will direct future communications to the individual on whose behalf the request was made.
Appeal Rights
Depending on your state of residency, you may be able to appeal a decision we have made in
connection with your privacy rights request, by contacting us as instructed in our response. Please
send your appeal request with a summary of the request and decision you want to appeal to privacy-
dpo@wand.ai.
Not more than 60 days after receipt of an appeal, and always in accordance with the timelines set by
the applicable US Privacy Laws, we will inform you in writing of any action taken or not taken in
response to the appeal, including a written explanation of the reason for the decision.
If you are not happy with our response, depending on your jurisdiction, you may have the right to
lodge a complaint against us with the relevant State’s Attorney General:
Colorado Attorney General as follows: Colorado AG at https://coag.gov/file-complaint .
Connecticut Attorney General at link: https://www.dir.ct.gov/ag/complaint / or by
phone (860) 808-5318.
Virginia Attorney General at https://www.oag.state.va.us/consumercomplaintform .
Utah Attorney General at https://www.attorneygeneral.utah.gov/contact/complaint-
form/.
Texas Attorney General at https://www.texasattorneygeneral.gov/consumer-
protection/file-consumer-complaint.
Oregon Attorney General at https://www.doj.state.or.us/consumer-protection/contact-
us/.
Montana Attorney General at https://dojmt.gov/consumer/consumer-complaints/.
Nebraska Attorney General https://ago.nebraska.gov/constituent-complaint-form.
New Jersey Attorney General at https://www.njoag.gov/contact/file-a-complaint/.
New Hampshire Attorney General at
https://onlineforms.nh.gov/app/#/formversion/e0c5d644-c9d8-4056-a7cc-
24d29c446fcb.
Delaware Attorney General at
https://attorneygeneral.delaware.gov/fraud/cmu/complaint/.
Iowa Attorney General at https://www.iowaattorneygeneral.gov/for-consumers/file-a-
consumer-complaint.