Privacy Policy

This Privacy Policy explains how WOW Enterprises LLC ("WOW", "we", "us") collects, uses, discloses, and safeguards information when you use our products and services, including Wow ERP, Wow Food, Wow Games, Wow Wholesale, and the websites at wowenterprisesllc.com and any subdomains (the "Services").

By using the Services you agree to the practices described here. If you do not agree, do not use the Services.

1. Who we are

Data controller: WOW Enterprises LLC. Contact for privacy matters: [email protected].

2. Information we collect

2.1 Account & identity

• Name, email address, phone number, billing address
• Username, password (stored hashed; never in plaintext)
• Company name, role, store assignments (for ERP users)

2.2 Operational & transactional data

• Sales records, invoices, customer interactions
• Inventory and product catalog data you upload or generate
• Employee records (where you use HR features)
• Communications draftings (emails, SMS, chat) created through the platform

2.3 Connected third-party accounts

When you connect an integration (Slack, Google Workspace, Notion, Meta Business, Twilio, Telegram, Discord, etc.) we receive and store the OAuth credentials needed to call those services on your behalf. Tokens are AES-256 encrypted at rest and never shared between tenants.

2.4 Technical & usage data

• IP address, browser type, device type, operating system
• Pages visited, features used, timestamps, referrer URL
• Server logs, error reports, performance traces

2.5 Cookies & similar technologies

We use first-party session cookies for authentication and product preferences. We do not use third-party advertising cookies. You can disable cookies in your browser, but core functionality may break.

3. How we use information

• Service delivery — to operate, maintain, and improve the Services
• Authentication — to identify you and protect your account
• Communication — to respond to your requests, send transactional notices, and (with your consent) marketing
• Integrations — to call third-party APIs you have authorized on your behalf (e.g., posting to your Slack workspace, sending email through your Gmail account)
• Analytics — internal product analytics to understand feature usage; aggregated, never individualized externally
• Security — to detect and prevent fraud, abuse, and security incidents
• Legal compliance — where required by law (tax, accounting, audit, lawful requests)

4. Legal bases (GDPR)

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, the legal bases on which we process your data are:

• Contract — to deliver the Services you have signed up for
• Legitimate interests — product analytics, security, and fraud prevention, balanced against your rights
• Consent — for marketing emails and optional integrations (you can withdraw at any time)
• Legal obligation — to comply with tax, accounting, and other laws

5. Sharing & disclosure

We do not sell personal data. We share information only with:

• Service providers who host or support the Services (cloud hosting, database, email delivery, error tracking) — under contract and bound to confidentiality
• Third-party platforms you connect — we send only the minimum data needed for the requested operation (e.g., a customer phone number when you ask the system to send that customer an SMS)
• Legal authorities when required by valid legal process or to protect rights, safety, or property
• Successors in the event of a merger, acquisition, or sale of assets — your data continues under this Policy or its updated equivalent

6. Data retention

We keep your data for as long as your account is active and as long as needed to provide the Services. After account closure:

• Account credentials and authentication data are deleted within 30 days
• Operational data (invoices, customer records) is retained for the period required by applicable tax / accounting laws (typically 7 years), then deleted
• Backups are rotated on a 90-day cycle; data on already-rotated backups cannot be recovered
• You can request earlier deletion — see User data deletion

7. International transfers

Our infrastructure may process data in regions outside your country of residence (typically the United States and Western Europe). Where data crosses borders, we rely on Standard Contractual Clauses (SCCs) or equivalent safeguards.

8. Your rights

Depending on your jurisdiction, you may have the right to:

• Access — receive a copy of the personal data we hold about you
• Rectification — correct inaccurate data
• Erasure — request deletion (see data-deletion page)
• Restriction / objection — limit or object to certain processing
• Portability — receive your data in a structured, machine-readable format
• Withdraw consent — for any processing based on consent
• Lodge a complaint with your supervisory authority

To exercise any of these rights, email [email protected]. We respond within 30 days.

9. Security

• Transport encryption (TLS) for all traffic between you and the Services
• AES-256 encryption at rest for sensitive credentials (OAuth tokens, API keys)
• Role-based access controls and audit logging on production systems
• Tenant isolation — every record is scoped to your company's companyid and queries enforce that filter
• Regular security reviews and dependency updates

No system is impenetrable. If a breach affects your data we will notify you and the relevant supervisory authority within the timeframes required by law.

10. Government & legal-authority data requests

From time to time, public authorities may request access to personal data we hold. WOW Enterprises LLC follows a structured process for any such request:

• Legality review. Every request is reviewed for legal validity before any disclosure. We do not respond to requests that lack a proper legal basis (court order, search warrant, statutory subpoena, or equivalent under applicable law).
• Right to challenge. Where we believe a request is unlawful, overbroad, or inconsistent with users' fundamental rights, we will challenge it through the appropriate legal channel before disclosing any data.
• Data minimization. We disclose only the minimum personal data strictly necessary to comply with a valid request. We do not provide bulk exports, broader categories, or unrelated records.
• Documentation. Every received request, our legal review, our response (or refusal), and the actors involved are documented in our internal records and retained for audit.
• User notification. We notify affected users when legally permitted to do so.

11. Children

The Services are intended for business use by persons aged 16 or older. We do not knowingly collect data from children. If you believe a child has used the Services, contact us so we can delete the data.

12. Changes to this Policy

We may update this Policy from time to time. Material changes will be announced through the Services or by email at least 30 days before they take effect. The "Last updated" date at the top reflects the latest revision.

13. SMS / Text Messaging

Where you have given consent, we collect and process the following information specifically to deliver SMS / text messages:

• Mobile phone number
• Opt-in event (timestamp, source page, IP address)
• Message delivery status returned by our messaging provider
• Inbound replies you send to our short-code or long-code number, including STOP / HELP keywords

13.1 How we use SMS data

• To deliver the messages you have requested (account notifications, two-factor authentication codes, order and invoice updates, appointment / shift reminders, and — only with your explicit consent — service announcements)
• To honour STOP / opt-out requests and HELP responses
• To maintain a regulatory audit trail of consent and delivery

13.2 No sharing of SMS / mobile data for marketing

We do not sell, rent, or share your mobile phone number, SMS opt-in status, or text-messaging consent information with any third parties or affiliates for marketing or promotional purposes. This restriction is absolute and applies to all categories of mobile information collected through SMS opt-in, regardless of the channel through which you provided it (web form, point-of-sale, in-app, or otherwise).

The only parties who handle this data on our behalf are the messaging carriers and infrastructure providers strictly necessary to deliver the messages you have requested, and only for that purpose.

13.3 Frequency, message & data rates

Message frequency varies by activity (typically a small number per week). Message and data rates may apply per your mobile carrier's plan; we do not charge you separately for SMS.

13.4 Opt-out and help

• Reply STOP to any message to unsubscribe from non-essential SMS at any time. We will send a single confirmation and stop further non-essential messages.
• Reply HELP to receive contact information.
• You may also remove your phone number or revoke SMS consent at any time from your account settings.
• Transactional, security, and 2FA messages necessary to operate your account may continue while your account remains active; if you also wish to stop those, close the account.

14. Contact

Questions about this Policy or your data?

• Email: [email protected]
• Mail: WOW Enterprises LLC — privacy enquiries