Privacy Policy

Effective Date: December 27, 2025

The Wrapper Company ("Company," "we," "us," or "our") is a Delaware corporation headquartered in the United States. We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and process your personal data when you interact with our websites, products, applications, and services (collectively, the "Services"), including our AI-powered products.

This Privacy Policy applies when we act as a data controller—that is, when we determine the purposes and means of processing your personal data. If you use our Services to process personal data in the context of your business activities, you are the data controller for that data, and our processing is governed by our commercial agreements with you.

Important: If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, please also review the Supplemental Terms for EEA/UK/Swiss Users in Section 16, which provide additional information about your rights under GDPR and related laws.

1. Information We Collect

1.1 Information You Provide Directly

  • Account Information: When you create an account, we collect identifiers such as your name, email address, username, and password. We may also collect or generate unique identifiers for your account.
  • Payment and Billing Information: If you purchase our products or services, we collect payment details through our third-party payment processors (such as Stripe). We may also collect your billing address and invoice history.
  • Inputs and Outputs: When you interact with our AI-powered Services, you may provide prompts, queries, text, images, audio, files, or other input data ("Inputs"), which generate responses, content, or results ("Outputs"). If you include personal data in your Inputs, such data will be collected and may be reproduced in Outputs.
  • Feedback and Ratings: If you provide feedback, suggestions, ratings (such as thumbs up/down), or other evaluations of our Services, we collect this information along with the associated Inputs and Outputs to improve our products.
  • Communications: When you contact us via email, support channels, or social media, we collect your contact information, the contents of your messages, and any attachments.
  • User-Generated Content: Content you upload, post, or share through our Services, including files, images, and documents.

1.2 Information Collected Automatically

  • Device and Connection Information: We collect information about your device, including device type, operating system, browser type and version, unique device identifiers, IP address, and general location data derived from your IP address (such as city or country).
  • Usage Information: We collect information about how you interact with our Services, including access times, pages viewed, features used, actions taken, session duration, and referring URLs.
  • Log Information: We collect server logs that record information about how our Services are performing, including error logs, access logs, and diagnostic data.
  • Cookies and Similar Technologies: We use cookies, pixels, local storage, and similar technologies to collect information, remember your preferences, and improve your experience. For more details, see Section 10 (Cookies and Tracking Technologies).

1.3 Information from Third Parties

  • Third-Party Sign-In: If you sign in using a third-party service (such as Google or GitHub), we receive information from that service, such as your name and email address, as permitted by your settings on that service.
  • Security Partners: We may receive information from security vendors and partners to help detect fraud, abuse, and security threats.
  • Public Sources: We may collect publicly available information relevant to our business operations and Services.

2. How We Use Your Information

We use your personal data for the following purposes:

  • Providing Services: To operate, provide, and maintain our Services, including processing your Inputs to generate Outputs, and delivering features you request.
  • Account Management: To create and manage your account, authenticate your identity, process payments, and provide customer support.
  • Service Communications: To send transactional messages, service updates, security alerts, and administrative notifications.
  • Product Improvement: To analyze usage patterns, conduct research, debug issues, and improve our Services and user experience.
  • AI Model Training: To train, improve, and develop our AI models using Inputs and Outputs (subject to your opt-out rights—see Section 3).
  • Safety and Security: To detect, prevent, and address fraud, abuse, security risks, technical issues, and violations of our policies.
  • Marketing: To send promotional communications about our products and services (with your consent where required by applicable law).
  • Legal Compliance: To comply with applicable laws, regulations, legal processes, and government requests.
  • Business Operations: To manage our business, including analytics, audits, and corporate transactions.

3. AI Model Training and Your Choices

3.1 How We Use Data for Training

We may use Inputs and Outputs to train, improve, and develop our AI models. This helps us enhance model performance, accuracy, safety, and capabilities. When we use data for training purposes, we implement safeguards including:

  • De-identification and aggregation where technically feasible
  • Filtering to remove common types of personal information
  • Access controls limiting who can access training data
  • Security measures to protect training datasets

3.2 Opting Out of Training

You may opt out of having your Inputs and Outputs used for AI model training through your account settings (where available) or by contacting us at privacy@wrapper.company. Your opt-out preference will apply to data created after you make that change.

3.3 Exceptions

Even if you opt out, we may still use content for:

  • Safety Improvements: Content flagged for potential policy violations may be used to improve our ability to detect and prevent harmful content.
  • Feedback You Provide: Explicit feedback, ratings, and evaluations you submit about Outputs.
  • Abuse Prevention: Detecting and preventing misuse of our Services.
  • Legal Compliance: As required by applicable law.

3.4 Enterprise and API Customers

For enterprise customers and paid API users, we do not use your Inputs and Outputs to train our general AI models unless you explicitly opt in. Specific data handling terms may be set forth in your commercial agreement with us.

4. How We Share Your Information

We may share your personal data with the following categories of recipients:

4.1 Service Providers

Third-party vendors who perform services on our behalf, including cloud hosting (e.g., Amazon Web Services, Google Cloud), payment processing (e.g., Stripe), analytics, customer support, email delivery, and security services. These providers are contractually obligated to protect your data and use it only for the services they provide to us.

4.2 Affiliates

Our corporate affiliates and related entities for purposes consistent with this Privacy Policy, including shared infrastructure and business operations.

4.3 Legal and Safety Disclosures

We may disclose your information when we believe in good faith that disclosure is necessary to:

  • Comply with applicable laws, regulations, legal processes, or enforceable government requests
  • Enforce our Terms of Service and other agreements
  • Protect the rights, privacy, safety, or property of The Wrapper Company, our users, or others
  • Detect, prevent, or address fraud, security, or technical issues
  • Respond to emergencies involving potential threats to individuals

4.4 Business Transfers

In connection with a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have.

4.5 With Your Consent

When you direct us to share information or provide consent for specific disclosures.

4.6 Aggregated or De-Identified Data

We may share aggregated or de-identified data that cannot reasonably be used to identify you for research, analytics, and other purposes.

We do not sell your personal data. We do not share your personal data with third parties for their direct marketing purposes without your consent.

5. Data Retention

We retain your personal data for as long as reasonably necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. Specific retention periods depend on the type of data and how it is used:

  • Account Data: Retained for the duration of your account and for a reasonable period thereafter (typically up to 3 years) to comply with legal obligations and resolve disputes.
  • Inputs and Outputs: Retained according to our data handling policies, typically deleted within 30 days unless you have opted in to training use or unless required for legal, security, or compliance purposes.
  • Usage and Log Data: Typically retained for up to 12 months for operational and security purposes.
  • Payment Records: Retained as required by tax and financial regulations (typically 7 years under U.S. federal tax law).
  • Communications: Retained as needed to provide support and for our records, typically up to 5 years.

When personal data is no longer required, we will securely delete, anonymize, or aggregate it in accordance with applicable laws and our data retention policies.

6. Data Security

We implement comprehensive technical and organizational security measures designed to protect your personal data from unauthorized access, use, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
  • Access controls and multi-factor authentication mechanisms
  • Regular security assessments and penetration testing
  • Employee security training and confidentiality obligations
  • Incident response procedures
  • Physical security controls for our infrastructure
  • SOC 2 Type II compliance (or equivalent security certifications)

However, no method of transmission over the internet or electronic storage is completely secure. While we strive to protect your personal data, we cannot guarantee absolute security. You are responsible for maintaining the security of your account credentials and for any activity that occurs under your account.

7. Your Rights and Choices

Depending on your state of residence and applicable law, you may have certain rights regarding your personal data:

7.1 Access

You have the right to request access to the personal data we hold about you and to receive information about how we process it.

7.2 Correction

You have the right to request correction of inaccurate or incomplete personal data. Note that due to the technical complexity of AI systems, we cannot modify the factual content of AI-generated Outputs.

7.3 Deletion

You have the right to request deletion of your personal data, subject to certain exceptions (such as when we need to retain data for legal compliance, to complete a transaction, or to exercise or defend legal claims).

7.4 Opt-Out of Sale/Sharing

We do not sell your personal data. However, if we ever engage in activities that constitute a "sale" or "sharing" under applicable state privacy laws, you will have the right to opt out.

7.5 Marketing Communications

You may opt out of receiving promotional emails by following the unsubscribe instructions in those messages. Even if you opt out, we may still send you non-promotional communications related to your account or our Services.

7.6 Data Export

You may export your data through your account settings (where available) or by contacting us.

7.7 Exercising Your Rights

To exercise these rights, please contact us at privacy@wrapper.company. We will respond to your request within the timeframes required by applicable law (typically 45 days, with possible extensions as permitted by law). We may need to verify your identity before processing your request. You will not be discriminated against for exercising your privacy rights.

7.8 Authorized Agents

You may designate an authorized agent to make requests on your behalf. We may require verification that you have authorized the agent to act on your behalf.

8. Children's Privacy

Our Services are not directed to children under 13 years of age (or 16 in certain jurisdictions). We do not knowingly collect personal data from children under these ages. If you are a parent or guardian and believe your child has provided personal data to us, please contact us at privacy@wrapper.company. If we become aware that we have collected personal data from a child without parental consent where required, we will take steps to delete such information promptly.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect information, remember your preferences, and improve your experience. Types of cookies we use include:

  • Essential Cookies: Necessary for the operation of our Services, such as authentication and security. These cannot be disabled.
  • Functional Cookies: Enable enhanced functionality and personalization, such as remembering your preferences.
  • Analytics Cookies: Help us understand how users interact with our Services to improve performance and user experience.

You can manage your cookie preferences through your browser settings. Note that disabling certain cookies may affect the functionality of our Services.

10. Third-Party Links and Services

Our Services may contain links to third-party websites, applications, or services, or may integrate with third-party platforms. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal data. When our Services display third-party content (such as web search results), your interaction with that content may be subject to the third party's terms and privacy policy.

11. Do Not Track

Some browsers offer a "Do Not Track" (DNT) feature. Our Services do not currently respond to DNT signals because there is no consistent industry standard for compliance. We will update this policy if a standard is established. For information about opting out of tracking for advertising purposes, visit the Network Advertising Initiative at optout.networkadvertising.org.

12. California Privacy Rights (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) provides you with specific rights regarding your personal information:

12.1 Right to Know

You have the right to request that we disclose:

  • The categories of personal information we have collected about you
  • The categories of sources from which we collected personal information
  • Our business or commercial purpose for collecting or selling personal information
  • The categories of third parties with whom we share personal information
  • The specific pieces of personal information we have collected about you

12.2 Right to Delete

You have the right to request deletion of personal information we have collected from you, subject to certain exceptions.

12.3 Right to Correct

You have the right to request correction of inaccurate personal information.

12.4 Right to Opt-Out of Sale/Sharing

We do not sell your personal information as defined by the CCPA. We do not share your personal information for cross-context behavioral advertising.

12.5 Right to Limit Use of Sensitive Personal Information

If we collect sensitive personal information, you have the right to limit its use to what is necessary to perform our Services.

12.6 Right to Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights.

12.7 Categories of Personal Information

In the preceding 12 months, we have collected the following categories of personal information as defined by the CCPA:

  • Identifiers: Name, email address, IP address, account ID
  • Commercial Information: Transaction history, purchase records
  • Internet Activity: Browsing history, search history, interactions with our Services
  • Geolocation Data: Approximate location derived from IP address
  • Professional Information: Company name, job title (if provided)
  • Inferences: Preferences and characteristics derived from your activity

12.8 Exercising Your California Rights

To exercise your rights, please contact us at privacy@wrapper.company or submit a request through your account settings. We will verify your identity before processing your request. You may designate an authorized agent to make a request on your behalf.

12.9 Shine the Light

California Civil Code Section 1798.83 permits California residents to request information regarding the disclosure of personal information to third parties for direct marketing purposes. We do not share personal information with third parties for their direct marketing purposes.

13. Other U.S. State Privacy Rights

Residents of Virginia, Colorado, Connecticut, Utah, and other states with comprehensive privacy laws may have additional rights, including:

  • The right to confirm whether we are processing your personal data
  • The right to access your personal data
  • The right to correct inaccuracies in your personal data
  • The right to delete your personal data
  • The right to obtain a copy of your personal data in a portable format
  • The right to opt out of targeted advertising, sale of personal data, or profiling

To exercise these rights, please contact us at privacy@wrapper.company. If your request is denied, you may have the right to appeal by contacting us.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. We will notify you of material changes by posting the updated policy on our website, updating the "Effective Date," and, where required by law or where changes are significant, providing additional notice (such as via email or a prominent notice on our Services). Your continued use of our Services after any changes indicates your acceptance of the updated Privacy Policy.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

The Wrapper Company
Email: privacy@wrapper.company
Address: [Your Company Address]

16. Supplemental Terms for EEA/UK/Swiss Users

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, the following supplemental terms apply to you in addition to the rest of this Privacy Policy:

16.1 Data Controller

The Wrapper Company is the data controller responsible for your personal data. You can contact us using the information in Section 15 above.

16.2 Legal Bases for Processing

We process your personal data based on the following legal bases under the GDPR:

  • Performance of Contract: Processing necessary to provide our Services to you.
  • Legitimate Interests: Processing necessary for our legitimate interests, such as improving our Services, ensuring security, and marketing (where you have not opted out).
  • Consent: Processing based on your consent, which you may withdraw at any time.
  • Legal Obligation: Processing necessary to comply with our legal obligations.

16.3 Your GDPR Rights

In addition to the rights described in Section 7, you have the following rights under GDPR:

  • Right to Portability: The right to receive your personal data in a structured, commonly used, and machine-readable format.
  • Right to Object: The right to object to processing based on legitimate interests, including profiling and direct marketing.
  • Right to Restrict Processing: The right to request that we restrict processing in certain circumstances.
  • Right to Withdraw Consent: Where processing is based on consent, the right to withdraw consent at any time.
  • Rights Related to Automated Decision-Making: The right not to be subject to a decision based solely on automated processing that produces legal effects or similarly significantly affects you.

16.4 International Data Transfers

Your personal data will be transferred to and processed in the United States, where our servers and operations are located. The United States may not have data protection laws equivalent to those in your jurisdiction.

When we transfer personal data outside the EEA, UK, or Switzerland, we implement appropriate safeguards to protect your data, including:

  • Standard Contractual Clauses (SCCs): EU-approved contractual clauses that provide appropriate safeguards for international transfers.
  • UK International Data Transfer Agreement: For transfers from the UK.
  • Additional Security Measures: Technical and organizational measures to supplement the SCCs where necessary.

You may request a copy of the applicable transfer mechanisms by contacting us.

16.5 Data Protection Authority

You have the right to lodge a complaint with your local data protection authority if you believe we have violated applicable data protection laws. However, we encourage you to contact us first so we can try to resolve your concerns.

16.6 Representative

If required by applicable law, we will appoint a representative in the EU and/or UK. Information about our representative (if applicable) will be provided upon request.