Privacy Policy

Scope and Service Model

Haiku is designed to be accessible to both individuals and organizations. This policy applies to anyone who visits the Site, signs up for, or uses the Service.

Personal Data We Collect

A. Information You Provide Directly

• Account Data: When you sign up for the Service through the Site, you will need to provide information for the purpose of creating your account. Such information includes: first and last name, email address, password, and optional professional details (employer, job title, department).
• User-Generated Content: When you use the Service to create "haikus" using our capture tool, we collect your clicks, keystrokes and the content on your screen that may include personal data. We offer blurring and editing capabilities that you may use to hide any sensitive information.
• Support & Feedback: When you communicate with our support team or respond to a survey we collect your communications and responses submitted via the Site or Service.

B. Information Collected Automatically

• Usage Data: When you visit the Site or use the Service, we automatically collect information about how you interact with them. Such information may include pages visited, features used, and navigation paths.
• Technical Data: IP address, browser type, device type, and operating system collected during your visit to the Site or use of the Service.

C. Information from Third Parties

• Authentication Services: If you sign up for the Service through an SSO provider (e.g. Google, Microsoft) we collect your profile information from the SSO provider.

Data Uses & Legal Bases

We use personal data as necessary for the provision of our Service (Performance of Contract); to comply with our legal and contractual obligations (Legal Obligations); and for our legitimate interests in operating and improving our Service (Legitimate Interests).

If you reside or are using the Service in a territory governed by privacy laws under which "consent" is the only or most appropriate legal basis for processing personal data, your acceptance of our Terms of Service and of this Privacy Policy will be deemed as your consent to the processing of your personal data for all purposes detailed in this Privacy Policy.

Specifically, we use personal data for the following purposes:

• To facilitate, operate, enhance, secure and provide our Service (Performance of Contract; Legitimate Interests)
• To invoice and process payments (Performance of Contract; Legitimate Interests)
• To personalize our Service, including by recognizing an individual and remembering their information when they return to our Service, and to provide further localization and personalization capabilities (Performance of Contract; Legitimate Interests)
• To provide support in relation to the Service (Performance of Contract)
• To facilitate and optimize our marketing, data enrichment and targeted advertising operations for our Service (Legitimate Interests)
• To communicate with you. We may send you Service related emails and marketing emails. If you do not want to receive marketing emails, you will be given the option to opt out or change your preferences (Legitimate Interests)
• To ensure the safety and security of the Service and defend our rights, the rights of our users and others (Performance of Contract; Legitimate Interests)
• To comply with our contractual and legal obligations and requirements, and maintain our compliance with applicable laws, regulations and standards (Performance of Contract; Legitimate Interests; Legal Obligation)

Sharing Data with 3rd Parties

We do not share your personal data with others except as described in this Privacy Policy. We will never sell your personal information. Specifically, WalkMe shares personal information with the following categories of recipients:

• Service Providers: We may share your personal data with trusted third-party service providers as needed to operate our business and provide the Service. Such service providers include (i) data analytics providers; (ii) security vendors; (iii) hosting vendors; (iv) third-party marketing, analytics and technology partners (including advertising partners such as Google Analytics); and (iv) third parties such as Intercom, Inc. that assist us in communicating with you.
• Organization Administrators: If you create an account using an email address belonging to your employer or another organization, we may share the existence of your Haiku account and certain account information with that organization.
• Protection of WalkMe and Others: We will disclose your information where required to do so by law, regulation, or subpoena, or if we reasonably believe that such action is necessary to comply with the law, enforce our Terms of Service, or protect the rights, property, or personal safety of WalkMe, our users, or others.
• Our Affiliates: We may share personal data with WalkMe group companies as needed to provide the Service.
• Business Transactions: Personal data may be among assets transferred in a business transaction. In the event of a change in controller, we will notify affected data subjects promptly. You will have the opportunity to object by contacting us at privacy@gethaiku.ai.
• Aggregate or De-Identified Information: We may share information that has been aggregated or de-identified so that it can no longer reasonably be used to identify an individual.

Cookies and Other Tracking Technologies

We utilize cookies and other technologies on our Site and in the Service in order for us to provide and monitor our Service, to ensure that it performs properly, to analyze our performance and marketing activities, and to remember your preferences and personalize your experience.

To learn more about our practices concerning cookies and tracking, please see our Cookie Policy. You may also use the "Cookie settings" feature available in our Service depending on your location and activity on our Service, as applicable.

Please note that we do not change our practices in response to a "Do Not Track" signal in the HTTP header from a browser or mobile application, however, most browsers allow you to control cookies, including whether or not to accept them and how to remove them.

Your Rights

WalkMe respects your rights to your own data and provides processes to accommodate these rights, subject to reasonable technical restraints and legal obligations. Depending on your jurisdiction (such as the EU/UK under GDPR/UK GDPR or California under CCPA), you may have the following legal rights:

How Long We Retain the Data

We retain your personal information only as long as your account is active or as required by law. Upon account deletion, data is removed within 60 days, unless a longer retention period is required for legal, tax, or regulatory reasons.

Minors

The Service is intended for use by adults and business professionals. It is not directed to children, and we do not knowingly collect personal information from individuals under the age of 16. If we become aware that a minor has provided us with personal information via the Site or Service, we will take steps to delete such information.

Information Security

Information collected through the Service will be stored and processed in the United States. By using the Service, you acknowledge and agree that your information may be transferred to, used, processed, or held by us in the United States and in other countries, including countries outside of your country of residence.

We are committed to protecting the personal data you share with us. We maintain a formal information security program and use a variety of technical, organizational and physical measures designed to protect the confidentiality, integrity, and availability of your data. To protect your privacy and security, we take steps to verify your identity before granting you access to your account. You are responsible for maintaining the secrecy of your account information at all times. Although we do our best to protect your personal data, we cannot guarantee the security of your information transmitted over the internet and any transmission is at your own risk.

WalkMe's infrastructure and security practices are regularly audited for compliance with global standards, such as ISO 27001 and SOC 2 Type II.

International Transfer

As a global company, for the purpose of providing the Service, we may transfer, store, and process your personal information in countries outside of your country of residence, including the United States and Israel. We ensure that such transfers are conducted in accordance with applicable data protection laws.

For any transfers of information outside the EEA or the UK, the data transfer will be under the European Commission's Standard Contractual Clauses (Module Two) of June 4, 2021, and the UK Information Commissioner's Office International Data Transfer Addendum (Version B1.0, in force March 21, 2022), or any equivalent contracts issued by the relevant competent authority of the UK, as relevant, unless the data transfer is to a country that has been determined to provide an adequate level of protection or the transfer is necessary for the performance of a contract between us.

To request a copy of the Standard Contractual Clauses or equivalent terms in place, please contact us at privacy@gethaiku.ai.

Changes to Our Privacy Policy

We may update this Privacy Policy from time to time. The most current version will always be posted on the Site. We will provide notice of material changes through the Service or via email. Material changes will take effect seven (7) days after notice, while non-material changes take effect immediately upon posting.