Privacy Policy

1. Introduction

Default World LLC (“we,” “us,” or “our”) operates the wya application and website (wya.cx). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service. Please read this policy carefully. By using wya, you acknowledge that you have read and understood the practices described herein.

2. Information We Collect

We collect information you provide directly and information collected automatically:

Information You Provide

• Account information (name, email address, phone number, profile photo)
• Calendar data from Google Workspace, including OOO and working location events
• Communications with us (support requests, feedback)

Information Collected Automatically

• Device information (device type, operating system, unique identifiers)
• Usage data (features used, interactions, timestamps)
• Log data (IP address, browser type, pages visited)
• Cookies and similar tracking technologies on our website (see Section 11)

4. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our services
• Display team availability and working location from calendar events
• Send SMS notifications about team availability (if you opt in), service announcements, and security alerts
• Respond to your inquiries and provide customer support
• Detect, prevent, and address fraud and security issues
• Comply with legal obligations

We do not use your data for targeted advertising or profiling.

5. Information Sharing

We share your information only in the following circumstances:

• With your team: Calendar information visible to members of your Google Workspace organization
• Service providers: Third parties who perform services on our behalf, including Supabase (authentication and database), Cloudflare (hosting), Google (calendar integration), and Twilio (SMS delivery)
• Legal requirements: When required by law, subpoena, or court order, or to protect our rights and safety (see Section 13)
• Business transfers: In connection with a merger, acquisition, or sale of assets, with notice to you

We do not sell your personal information to third parties.

6. Data Retention

• Account data: Retained while your account is active and for 30 days after deletion request
• Usage logs: Retained for 12 months for security and analytics purposes
• Communications: Retained for 2 years or as required by law
• Inactive accounts: Accounts with no activity for 24 months may be flagged for deletion with 30 days notice via email

7. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including encryption in transit and at rest, access controls, and regular security assessments. However, no method of transmission over the Internet or electronic storage is completely secure.

If you suspect a security issue: Contact us immediately at world@default.llc and review your Google account security settings.

8. Your Rights and Choices

All users have the right to:

• Access the personal information we hold about you
• Correct inaccurate or incomplete information
• Delete your account and personal information
• Request that your organization's administrator revoke calendar access
• Not be discriminated against for exercising any of these rights

We do not sell your personal information or use it for targeted advertising.

To exercise these rights, visit your account settings or contact us at world@default.llc.

9. Third-Party Services

Our service integrates with and uses the following third-party services:

• Google Calendar: For calendar integration (Privacy Policy)
• Supabase: Authentication and database (Privacy Policy)
• Cloudflare: Hosting and CDN (Privacy Policy)
• Twilio: SMS messaging delivery (Privacy Policy)

10. Cookies and Tracking

Our website uses cookies and similar technologies for:

• Essential cookies: Required for authentication, security, and remembering your preferences

We do not use third-party tracking or advertising cookies. You can control cookies through your browser settings, but disabling essential cookies may affect functionality.

Do Not Track: We currently do not respond to “Do Not Track” browser signals, as there is no industry standard for compliance.

11. International Data Transfers

Your data may be processed on servers located in the United States. Our service providers (Supabase, Cloudflare) may process data in various locations globally. By using wya, you consent to the transfer of your information to the United States and other countries which may have different data protection laws than your country of residence.

12. Law Enforcement and Legal Requests

We may disclose your information in response to valid legal process, including subpoenas, court orders, or government requests. Our policy is to:

• Carefully review all requests for legal validity
• Narrow the scope of disclosure where possible
• Notify affected users unless legally prohibited from doing so
• Challenge overly broad or unlawful requests

We do not provide law enforcement with direct access to user data or “backdoors” to our systems.

13. Data Breach Notification

In the event of a data breach affecting your personal information, we will notify you via email within 72 hours of becoming aware of the breach, as required by applicable law. Notification will include the nature of the breach, types of data affected, and steps you can take to protect yourself.

14. Children's Privacy

wya is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information promptly.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email and by posting the new policy on this page with an updated effective date. Your continued use of wya after such modifications constitutes your acknowledgment of the updated policy.