Legal

Privacy Policy

Effective Date: May 19, 2025 · Last Updated: May 19, 2025

WISPWolf ("WISPWolf," "we," "us," or "our") is operated by WISPWolf LLC, a Florida limited liability company. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our website at wispwolf.com and our compliance software platform (collectively, the "Service").

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please discontinue use of the Service.

1. Information We Collect

We collect the following categories of personal information:

a) Information You Provide Directly

Account registration: name, email address, company name, job title, phone number
Payment information: processed by Stripe, Inc. — WISPWolf does not store raw card data
Compliance intake answers: business profile, IT security controls, data handling practices, employee count, revenue range, software and service providers in use
Quiz and lead magnet submissions: email address, quiz answers, compliance score results
Support communications: messages, support tickets, and call records

b) Information Collected Automatically

IP address, browser type, device type, operating system
Pages visited, time on page, referral source
Cookies and similar tracking technologies (see Section 8)

c) Information from Third-Party Integrations (Optional)

If you choose to connect your Microsoft 365 account, we collect read-only data from Microsoft Graph API including: user count, per-user MFA enrollment status, conditional access policy names, and Microsoft Secure Score. We do NOT access, read, or store email content, calendar data, or files. This integration is entirely optional and can be disconnected at any time.

If you choose to run a domain scan, we collect your business domain name and perform public DNS record lookups (SPF, DKIM, DMARC, MX records). No credentials are required or stored.

2. How We Use Your Information

We use the information we collect to:

Provide, operate, and improve the WISPWolf compliance platform
Generate your Written Information Security Plan (WISP) using AI
Calculate and display your compliance score and gap report
Send renewal reminders and compliance-related notifications
Process payments and manage your subscription
Respond to your support requests
Send marketing communications (you may opt out at any time)
Comply with legal obligations

3. How We Share Your Information — Including Lead Referrals

IMPORTANT DISCLOSURE: WISPWolf operates a voluntary lead referral program. If you choose to participate, your information will be shared with third parties as described below. Participation is always optional and requires your explicit consent at the time of referral.

a) MSP Partner Referrals (Low Compliance Score)

If your compliance score falls below 70 or you have three or more critical gaps, WISPWolf may display an offer to connect you with local Managed Service Providers ("MSP Partners") who can help remediate your security gaps.

If you click "Get Matched with MSPs" and submit the referral request form, WISPWolf will share the following information with up to three MSP Partners matched to your geographic location and industry:

Your name, company name, email address, and phone number
Your compliance score at the time of referral
A summary of your top security gaps (no passwords or sensitive credentials are included)
Your industry and approximate employee count

MSP Partners who receive your information are independent companies. Their use of your information is governed by their own privacy policies. WISPWolf is not responsible for how MSP Partners use, store, or further disclose the information we share with them. WISPWolf receives compensation from MSP Partners for qualified referrals.

b) Insurance Partner Referrals (High Compliance Score)

If your compliance score is 85 or above, WISPWolf may display an offer to share your compliance evidence with cyber insurance specialists who may be able to offer you favorable cyber insurance terms.

If you click "Get Matched with Insurance Specialists" and submit the referral request form, WISPWolf will share the following information with up to three insurance partners:

Your name, company name, email address, and phone number
Your compliance score and a summary of verified controls
A Compliance Evidence Package PDF (score, control summary, WISP metadata — no client PII from your WISP is included)
Your industry and approximate revenue range

Insurance partners who receive your information are independent companies. Their use of your information is governed by their own privacy policies. WISPWolf is not responsible for how insurance partners use, store, or further disclose the information we share with them. WISPWolf may receive compensation from insurance partners for qualified referrals.

c) No Automatic Sharing — Explicit Consent Required

WISPWolf will NEVER share your personal information with MSP or insurance partners without your explicit affirmative action (clicking the referral CTA and submitting the referral form). Creating a WISPWolf account, completing the intake questionnaire, or generating a WISP does NOT automatically enroll you in the referral program.

d) Service Providers

We share information with trusted service providers who help us operate the Service, including:

Stripe, Inc. (payment processing)
Anthropic, PBC (AI WISP generation — only de-identified intake answers are sent)
Supabase (authentication and database hosting)
SendGrid / Twilio (email delivery)
Railway / Vercel (cloud infrastructure)

These providers are contractually required to protect your information and may not use it for their own purposes.

e) Legal Requirements

We may disclose your information if required by law, court order, or government request, or to protect the rights, property, or safety of WISPWolf, our users, or the public.

f) Business Transfer

If WISPWolf is acquired, merged, or sold, your information may be transferred as part of that transaction. You will be notified via email if this occurs.

4. Florida Residents — Florida Digital Bill of Rights

WISPWolf is headquartered in Florida. Under the Florida Digital Bill of Rights (effective July 1, 2024), Florida residents have the right to:

Know what personal data we collect and how it is used
Access a copy of their personal data
Correct inaccurate personal data
Delete personal data (subject to certain exceptions)
Opt out of the sale or sharing of personal data for targeted advertising
Non-discrimination for exercising these rights

WISPWolf does NOT sell your personal data to data brokers or third-party advertisers. The lead referral disclosures in Section 3 describe the limited sharing we do with your explicit consent.

To exercise your Florida privacy rights, email privacy@wispwolf.com with "Florida Privacy Request" in the subject line. We will respond within 45 days.

5. California Residents — CCPA/CPRA

California residents have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Right to Know: categories and specific pieces of personal information collected
Right to Delete: request deletion of personal information
Right to Correct: request correction of inaccurate information
Right to Opt-Out of Sale/Sharing: WISPWolf does not sell personal information. Lead referral sharing under Section 3 occurs only with your explicit consent.
Right to Limit Use of Sensitive Personal Information
Right to Non-Discrimination

To submit a CCPA/CPRA request, email privacy@wispwolf.com with "California Privacy Request" in the subject line.

6. Data Security

WISPWolf uses the following security measures to protect your information:

AES-256 encryption for data at rest
TLS 1.3 for data in transit
Row-level security in our database (each tenant's data is isolated)
Microsoft 365 integration uses read-only OAuth scopes only
OAuth tokens are stored encrypted using industry-standard key management

Despite these measures, no internet transmission is 100% secure. You use the Service at your own risk. If you believe your account has been compromised, contact us immediately at privacy@wispwolf.com.

7. Data Retention

We retain your personal information for as long as your account is active. If you cancel your subscription, we retain your data for 90 days to allow for reactivation, then delete it upon request. Compliance documents (your generated WISPs) are retained for the duration of your subscription plus 90 days. You may request earlier deletion at any time.

Referral data (name, email, score, gaps shared with partners) is retained in our systems for 12 months for record-keeping, then deleted. We cannot recall or delete information already shared with MSP or insurance partners — contact them directly.

8. Cookies

We use essential cookies (required for login and session management) and analytics cookies (to understand how users use the platform). We do not use third-party advertising cookies.

You may disable cookies in your browser settings. Disabling essential cookies will prevent login. To opt out of analytics tracking, email privacy@wispwolf.com.

9. Children's Privacy

WISPWolf is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected such information, contact privacy@wispwolf.com and we will delete it promptly.

10. Third-Party Links

The Service may link to third-party websites. This Privacy Policy does not apply to those sites. We are not responsible for the privacy practices of third-party websites.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice in the platform at least 30 days before the change takes effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

12. Contact Us

For privacy questions, data requests, or to report a concern:

WISPWolf LLC
Email: privacy@wispwolf.com
Florida, United States