Privacy Policy
Applicable Legal Framework
GoWeBa is committed to complying with applicable privacy and electronic communications laws. Our platform is designed to comply with the following regulatory frameworks:
Canada's Anti-Spam Legislation — Explicit consent required for commercial electronic messages. Unsubscribe mechanism in every communication.
Personal Information Protection and Electronic Documents Act — Principles of consent, limitation, accuracy and protection of personal data in Canada.
General Data Protection Regulation — Rights of data subjects in the EU/EEA: access, rectification, erasure, portability and right to object.
1. Introduction
GoWeBa (operated by GOWEBA INC.) is a comprehensive business management and CRM platform that helps organizations manage contacts, communications, tasks, calendars, files, billing, and more. GoWeBa is also a full email & messaging platform with departmental routing, alias management, and AI-powered assistance through our proprietary virtual assistant, WEBA.
This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform at goweba.com and any related services (collectively, the "Service"). By using the Service, you consent to the practices described in this policy.
2. Information We Collect
2.1 Information You Provide Directly
- Account Information: Full name, email address, phone number, business name, and billing details when you register.
- Communication Data: Emails, SMS messages, and other communications you send or receive through the Service.
- Contact Data: Information about your business contacts stored in the platform (names, addresses, phones, notes, tags, custom fields).
- Payment Information: Credit card details and billing information processed through our payment provider (Stripe). GoWeBa does not store credit card numbers on its servers.
- Files & Documents: Files you upload to WebaDrive, including documents, images, PDFs, and other media.
- Calendar & Tasks: Events, appointments, tasks, and pipeline data you create within the platform.
2.2 Information Collected Automatically
- Usage Data: Pages visited, features used, actions performed, and timestamps.
- Device Information: Browser type, operating system, IP address, and device identifiers.
- Cookies: Session cookies for authentication and preferences.
- Analytics Data: We use Google Analytics (GA4) to collect aggregate usage statistics to improve the Service.
2.3 Information Collected via Third-Party Integrations
When you connect third-party services to GoWeBa (e.g., Google Workspace, Microsoft 365), we may access and import data from those services with your explicit consent. This includes:
- Google Workspace Migration: Contacts (via People API), emails (via Gmail API), calendar events (via Calendar API), and files (via Drive API). This data is accessed read-only and only during the migration process. See Section 6 for details.
- Microsoft 365 / Outlook: Contacts, emails, and calendar events for migration purposes.
- SSO Authentication: When you sign in with Google or Microsoft, we receive your name, email, and profile picture.
3. How We Use Your Information
- To provide, maintain, and improve the Service.
- To process migrations from third-party platforms into GoWeBa.
- To power WEBA, our AI assistant, which uses your organizational data to provide contextual help, automate tasks, and generate documents.
- To route incoming emails to the appropriate department and alias.
- To send transactional communications (account verification, security alerts, billing notifications).
- To send SMS notifications and reminders you have opted into.
- To process payments and manage subscriptions via Stripe.
- To provide customer support and respond to inquiries.
- To ensure security, detect fraud, and enforce our Terms of Service.
- To comply with legal obligations.
4. Official Departments & Email Aliases
GoWeBa uses a departmental email routing system. Each department has one or more email aliases used for specific business purposes. Below are the official departments and their associated aliases for the goweba.com domain:
| Department | Email Alias(es) | Purpose |
|---|---|---|
| Admin | [email protected] | Administration, domain management, server configuration |
| Billing | [email protected] | Invoices, payments, refunds, account billing |
| Booking | [email protected] | Appointments, reservations, scheduling |
| Feedback | [email protected][email protected] | Reviews, testimonials, surveys, suggestions |
| General | [email protected][email protected] | General inquiries, contact requests, information |
| HR | [email protected] | Recruitment, hiring, job applications, human resources |
| Marketing | [email protected][email protected] | Marketing campaigns, promotions, brand communications |
| Migration | [email protected] | Data migration assistance, Google Workspace import, WEBA AI migration support |
| Notifications | [email protected][email protected] | System notifications, alerts, automated messages (do not reply) |
| Orders | [email protected] | Order management, shipping, delivery, returns |
| Sales | [email protected] | Sales inquiries, quotes, proposals, offers |
| Support | [email protected][email protected] | Customer support, help desk, technical assistance |
Additional aliases include: [email protected], [email protected], and [email protected]. This list is updated each time a new department or alias is created within the platform.
5. SMS & Communication Consent
By registering for GoWeBa and opting in to SMS communications, you consent to receive text messages from GOWEBA INC at the phone number you provide. These messages may include:
- Verification codes and two-factor authentication (2FA).
- Login and security alerts.
- Billing notifications.
- Support-ticket replies and occasional feature updates.
Message frequency varies. Message and data rates may apply. You can opt out at any time by replying STOP to any message. Reply HELP for assistance. For support, email [email protected].
SMS/Text Messaging Data
GOWEBA INC does not share, sell, or rent your mobile phone number or SMS opt-in consent to third parties or affiliates for marketing purposes. Numbers are shared only with our messaging provider (Twilio) to deliver requested messages.
Message frequency varies. Message and data rates may apply. Reply STOP to unsubscribe, HELP for help.
6. Google Workspace Migration & API Data
GoWeBa offers a migration service powered by WEBA (our AI assistant) to help users transfer their data from Google Workspace to GoWeBa. When you initiate a migration via [email protected] or through the WEBA chat interface, the following applies:
6.1 Data Accessed
- Google Contacts (via People API) — names, emails, phone numbers, addresses, and notes.
- Gmail (via Gmail API) — email threads, subjects, bodies, attachments, and labels.
- Google Calendar (via Calendar API) — events, dates, locations, attendees, and descriptions.
- Google Drive (via Drive API) — file names, contents, folder structure, and metadata.
6.2 How Migration Data Is Used
- Data is accessed read-only from your Google account.
- Data is imported into your GoWeBa organization and becomes part of your GoWeBa account data.
- We do not retain copies of your Google data outside of what is imported into your GoWeBa account.
- We do not share, sell, or transfer your Google data to third parties.
- OAuth tokens (access & refresh) are stored securely and encrypted. They are used only for the migration and can be revoked at any time.
6.3 Revoking Access
You can revoke GoWeBa's access to your Google account at any time by visiting Google Account Permissions and removing "GoWeBa" from the list of connected apps. You may also request data deletion by contacting [email protected].
7. WEBA AI Assistant & Data Processing
WEBA is GoWeBa's proprietary AI virtual assistant. WEBA processes your organizational data (contacts, emails, calendar, tasks, documents) to provide contextual assistance, automate workflows, and generate documents. Key privacy considerations:
- WEBA processes data within your organization's scope only — it cannot access other organizations' data.
- Conversations with WEBA are stored in your account for continuity and audit purposes.
- WEBA uses large language models (LLMs) to generate responses. Your data is not used to train these models.
- AI-generated content (documents, emails, summaries) is stored in your account and subject to this policy.
8. Data Sharing & Disclosure
We do not sell your personal information. We may share data with:
- Service Providers: Third-party vendors who assist in operating our Service (e.g., Stripe for payments, Twilio for SMS, Amazon Web Services for hosting and file storage).
- Google APIs: Only when you explicitly authorize a migration or SSO connection.
- Legal Requirements: When required by law, regulation, or legal process.
- Business Transfers: In connection with a merger, acquisition, or sale of assets.
- With Your Consent: When you explicitly authorize us to share your data.
9. Data Security
We implement industry-standard security measures including:
- Encryption in transit (TLS/SSL) for all data transmissions.
- Encryption at rest for sensitive data and OAuth tokens.
- Role-based access controls within the platform.
- Audit logging of all security-sensitive actions (login, impersonation, password changes).
- Two-factor authentication (2FA) support.
- Regular security audits and monitoring.
However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.
10. Cookies & Tracking
GoWeBa uses the following cookies:
- Session Cookies: Required for authentication and maintaining your login session.
- Preference Cookies: Store your language preference, theme (light/dark), and sidebar configuration.
- Analytics Cookies: Google Analytics (GA4) to understand aggregate usage patterns. You may opt out via the cookie consent banner.
11. Data Retention
We retain your information for as long as your account is active or as needed to provide you with our Service. Upon account deletion, we will remove your personal data within 90 days, except where retention is required by law. Audit logs and security events are retained for 12 months for compliance purposes.
In accordance with data minimization principles (PIPEDA, GDPR), we apply specific retention periods per data category:
- Deleted emails (trash): 4 days after deletion.
- Audit logs: 365 days (12 months) — required by compliance obligations.
- Security events: 180 days (6 months).
- Expired sessions: 30 days after expiration.
- Notification logs: 90 days.
For more details, see our full Data Retention Policy in the Knowledge Center
12. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access, correct, or delete your personal information.
- Opt out of marketing communications.
- Request a copy of your data in a portable format (export).
- Withdraw consent for data processing.
- Revoke third-party integrations (Google, Microsoft) at any time.
- Request deletion of migrated data.
To exercise these rights, contact us at [email protected].
🇨🇦 Your Rights Under CASL
As a user in Canada, you benefit from the following protections under Canada's Anti-Spam Legislation (S.C. 2010, c. 23):
- Express consent: No commercial electronic message (CEM) will be sent to you without your prior express consent, obtained through a clear, non-pre-checked checkbox.
- Withdrawal of consent: You can withdraw your marketing consent at any time from your account settings or by clicking "Unsubscribe" in any promotional email.
- Unsubscribe mechanism: Every CEM contains a functional unsubscribe link. Unsubscription is processed within a maximum of 10 business days, as required by CASL.
- Sender identification: All our CEMs clearly identify GoWeBa (GOWEBA INC.) as the sender, with our postal address and an unsubscribe link.
- Complaint: You may file a complaint with the CRTC (Canadian Radio-television and Telecommunications Commission) if you believe your CASL rights have been violated.
🇨🇦 Your Rights Under PIPEDA
The Personal Information Protection and Electronic Documents Act applies to the collection and processing of your personal data:
- Right of access: You may request access to all personal information we hold about you, and we will respond within 30 days.
- Right to challenge: You may challenge the accuracy and completeness of your personal information and request its correction.
- Withdrawal of consent: You may withdraw your consent to the processing of your data subject to legal or contractual restrictions, with reasonable notice.
- Complaint to OPC: You may file a complaint with the Office of the Privacy Commissioner of Canada (OPC) at www.priv.gc.ca.
- Retention limitation: We only retain your personal information for as long as necessary for the purposes for which it was collected, then securely delete it.
🇪🇺 Your Rights Under the GDPR
If you reside in the European Union or the European Economic Area, you benefit from the following rights under Regulation (EU) 2016/679:
- Right of access (Art. 15): Obtain confirmation of the processing of your data and receive a copy.
- Right to rectification (Art. 16): Have your inaccurate or incomplete personal data corrected.
- Right to erasure (Art. 17): Request the deletion of your personal data ("right to be forgotten"), subject to legal obligations.
- Right to data portability (Art. 20): Receive your data in a structured, commonly used and machine-readable format.
- Right to restriction of processing (Art. 18): Request the restriction of processing of your data in certain circumstances.
- Right to object (Art. 21): Object to the processing of your data for direct marketing purposes or based on legitimate interest.
- Right related to automated decision-making (Art. 22): Not be subject to a decision based solely on automated processing producing legal effects.
- Supervisory authority: You have the right to lodge a complaint with the data protection authority of your country of residence.
Opt-out Mechanisms
GoWeBa gives you full control over your communication preferences and data processing. Here are the available opt-out mechanisms:
Marketing Communications (CASL)
Disable marketing consent from your communication preferences. Opt-out takes effect immediately.
Manage my preferences →SMS Notifications
Reply STOP to any received message to unsubscribe. Reply HELP for help. Transactional SMS (2FA, security) remain active.
SMS settings →Analytics Cookies
Decline analytics cookies via the consent banner displayed on your first visit.
Session cookies (authentication) are essential and cannot be disabled.
Account & Data Deletion
Request complete deletion of your account and all personal data. Processed within 90 days.
[email protected]13. Children's Privacy
GoWeBa is not intended for individuals under the age of 18. We do not knowingly collect personal information from children.
14. International Data Transfers
GoWeBa is operated from the United States. If you are accessing the Service from outside the US (including Canada, the European Union, or other jurisdictions), your data may be transferred to and processed in the United States. By using the Service, you consent to this transfer. We implement appropriate safeguards to protect your data in accordance with applicable laws.
Safeguards for EU/EEA Transfers (GDPR)
- Legal basis: Data transfers to the United States rely on the EU-US Data Privacy Framework and the European Commission's Standard Contractual Clauses (SCCs).
- Standard Contractual Clauses (SCCs): Our contracts with processors (Stripe, Twilio, AWS) include SCCs approved by the European Commission (Implementing Decision 2021/914).
- Supplementary measures: Encryption in transit and at rest, pseudonymization of sensitive data, strict access controls and regular Data Protection Impact Assessments (DPIAs).
15. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we will send an email notification to the address associated with your account.
16. Contact Us
If you have questions about this Privacy Policy, please contact the appropriate department:
GOWEBA INC.
30 N Gould St, Ste R
Sheridan, WY 82801, United States
Privacy inquiries: [email protected]
Legal inquiries: [email protected]
Migration support (WEBA): [email protected]
General support: [email protected]
General inquiries: [email protected]
17. Zoom Integration Privacy Addendum
When you connect your Zoom account to GoWeBa, the following data practices apply specifically to the Zoom integration:
- Scope meeting:write:meeting — GoWeBa creates Zoom meetings on your behalf only when you schedule an event requiring a video call.
- Scope user:read:email — GoWeBa reads your Zoom email address solely to display account connection status.
- OAuth tokens are encrypted at rest using AES-256-GCM and automatically refreshed before expiry.
- GoWeBa does not access, store, or process Zoom meeting recordings, chat messages, participant lists, or any other meeting content.
- When you disconnect your Zoom account, all stored tokens are permanently and irreversibly deleted.
- GoWeBa does not sell, share, or transfer your Zoom data to any third party.
For complete details, see our Zoom Integration Documentation.
18. Google Meet Integration Privacy Addendum
When you connect your Google account for Google Meet, the following data practices apply:
- Scope calendar.events — GoWeBa creates Google Calendar events with attached Google Meet conference links.
- Scope userinfo.email — GoWeBa reads your Google email address to display account connection status.
- OAuth tokens are encrypted at rest using AES-256-GCM and automatically refreshed before expiry.
- GoWeBa does not access, read, or modify your existing Google Calendar events. It only creates new events when you explicitly request a Meet link.
- When you disconnect your Google account, all stored tokens are permanently and irreversibly deleted.
- GoWeBa does not sell, share, or transfer your Google data to any third party.
For complete details, see our Google Meet Integration Documentation.
19. Microsoft Teams Integration Privacy Addendum
When you connect your Microsoft account for Teams meetings, the following data practices apply:
- Scope OnlineMeetings.ReadWrite — GoWeBa creates Microsoft Teams meetings on your behalf.
- Scope User.Read — GoWeBa reads your Microsoft profile to display account connection status.
- OAuth tokens are encrypted at rest using AES-256-GCM and automatically refreshed before expiry.
- GoWeBa does not access your Teams messages, channels, files, or any other Microsoft 365 data beyond meeting creation.
- When you disconnect your Microsoft account, all stored tokens are permanently and irreversibly deleted.
- GoWeBa does not sell, share, or transfer your Microsoft data to any third party.
For complete details, see our Microsoft Teams Integration Documentation.
20. GoWeBa iOS App Privacy Addendum
The GoWeBa iOS app extends the web platform to mobile devices. The following privacy considerations apply:
- All data in transit between the app and GoWeBa servers is encrypted with TLS 1.3.
- Biometric data (Face ID / Touch ID) is processed entirely on-device by Apple's Secure Enclave and is never transmitted to GoWeBa servers.
- Push notification tokens are stored securely and used only to deliver notifications you have opted into.
- The app does not access contacts, photos, or other device data unless you explicitly grant permission for specific features.
- The iOS app uses the same secure API and data handling practices as the GoWeBa web platform.
For complete details, see our GoWeBa for iOS page.