Whimsical LogoWhimsical Logo

Brand

Privacy

Updated October 2024

Your privacy is important to us. At Whimsical, we have a few fundamental principles:

  • We are thoughtful about the personal information we ask you to provide and the personal information that we collect about you through the operation of our services.
  • We store personal information for only as long as we have a reason to keep it.
  • We aim to make it as simple as possible for you to control what information is disclosed publicly, kept private, and deleted.
  • We aim for transparency on how we gather, use, and disclose your personal information.

Below is our Privacy Notice, which incorporates and clarifies these principles.

PLEASE READ THIS PRIVACY NOTICE CAREFULLY TO UNDERSTAND HOW WE HANDLE YOUR PERSONAL INFORMATION. IF YOU DO NOT AGREE TO THIS PRIVACY NOTICE, PLEASE DO NOT ACCESS THE WEBSITE OR USE OUR SERVICES.

If you live in or are located in Europe or certain US states, and if you would also like to identify your data controller and processor, please see “Regional Terms for Europe and Certain US States” below and view our Subprocessor List.

This Privacy Notice incorporates our Data Processing Addendum, Cookie Policy, and Supplementary AI Terms.

Who We Are and What This Privacy Notice Covers

Hey there! We are the folks behind Whimsical, a service designed to allow anyone to collaborate on ideas visually.

This Privacy Notice applies to information that we collect about you when you access our website located at Whimsical.com and any related websites and successor websites (the “Website”) and/or to utilize the visual collaboration tools provided on our Website, including any beta or pre-release tools (together with the Website, the “Services”). This Privacy Notice is governed by our Terms of Service. Defined terms used herein and not otherwise defined have the meanings set forth in the Terms of Service.

Below we explain how we collect, use, and disclose personal information about you, along with the choices that you have with respect to that information.

Personal Information We Collect

We collect information in the following ways: if and when you provide information to us (Registration Data), information we collect automatically when you utilize our Services (Usage Data), information we collect from other sources, information we collect through our Services (Customer Data), and information you provide during the job application process (Recruiting Data). Let’s go over the information that we collect.

Information You Provide to Us

It’s probably no surprise that we collect information that you provide to us. The amount and type of information depends on the context and how we use the information. Here are some examples:

  • Basic Account Information: We ask for basic information from you in order to set up your account. For example, we require individuals who sign up for a Whimsical.com account to provide a valid email address–and that’s it. You may choose to provide your name and an image or photo to use as an avatar, and if you choose to do so, we will collect that information as well.
  • Transaction and Billing Information: If you buy a subscription to a Whimsical.com plan from us, you will provide additional personal and payment information that is required to process the transaction and your payment, such as your name and contact information.

Throughout this Privacy Notice, we will refer to this information as “Registration Data”. Registration Data does not include Customer Data (defined below).

Other information we may collect directly from you, which is not part of Registration Data, may include survey responses, feedback about our Services, product or pricing inquiries, or sales discussions details.

Information We Collect Automatically

We also collect some information automatically:

  • Log Information: Like most online service providers, we collect information that web browsers, mobile devices, and servers typically make available, such as the browser type, IP address, unique device identifiers, language preference, referring site, the date and time of access, operating system, and mobile network information. We collect log information when you use our Services.
  • Usage Information: We collect information about your usage of our Services. For example, we collect information about the actions that Administrators and Users perform on a Workspace—in other words, who did what, when and to what thing in a Workspace—as well as the number of Users accessing a Workspace. We also collect information about what happens when you use our Services (e.g., page views) along with information about your device (e.g., screen size, name of cellular network, and mobile device manufacturer). We use this information to, for example, provide our Services to you, as well as get insights on how people use our Services, so we can make our Services better.
  • Geolocation Information: We may determine the approximate location of your device from your IP address. We collect and use this information to, for example, calculate how many people visit our Services from certain geographic regions.
  • Information from Cookies and Similar Technologies: A cookie is a string of information that a website stores on a visitor’s computer, and that the visitor’s browser provides to the website each time the visitor returns. Pixel tags (also called web beacons) are small blocks of code placed on websites and in emails. To collect information automatically as described in this section, Whimsical and its service providers may use cookies and other technologies like pixel tags to help us identify visitors and understand usage and access preferences for our Services, as well as analyze email campaign effectiveness. Our use of cookies is specified in our Cookie Policy, which is updated regularly to reflect current practices. You can turn off your web browser’s ability to accept cookies, but if you do so, certain parts of our Services may not work for you.
  • Public Social Media Posts: We may collect public posts to social media platforms and other social media information such as your name and social media handle that specifically mentions our Company via our handles.

Throughout this Privacy Notice, we will refer to this information as “Usage Data”. Usage Data does not include Customer Data (defined below).

Information We Collect from Other Sources

We may also receive information about you from other sources. For example, if you create or log into your Whimsical.com account through another service (like Google), we will receive information from that service (such as your basic profile information) via the authorization procedures used by that service.

Information We Collect through Our Services

We also receive information from you that you input and include when you use our Services or communicate with us about a support question as a User through an Organization. For example, any information that you type into any visual Workspace that you create in the Services will be collected or any similar information you provide in the course of providing feedback. Throughout this Privacy Notice, we will refer to this information as “Customer Data”). Customer Data does not include Usage Data or Registration Data.

Information You Provide During the Job Application Process

We may also receive information about you if you submit a job application, inquire about opportunities at Whimsical, provide us your information at a recruiting event, or if we receive information about you from third parties in connection with our recruiting activities. Throughout this Privacy Notice, we will refer to this information as “Recruiting Data”. Recruiting Data may include:

  • Name and contact information such as phone number, email address, and postal address;
  • employment history such as prior employers and dates of employment;
  • education history such as degrees earned and institutions attended;
  • resume, CV, educational transcripts, and any information contained in or with such documentation;
  • job qualifications and work eligibility information such as country of residence, visa and immigration status, and citizenship;
  • reference information, such as name and contact details of your references;
  • compensation information that you voluntarily provide, and which may depend on your region and applicable laws and regulations;
  • background check information, subject to applicable law; and
  • sensitive personal information that you provide voluntarily or which we request on a non-mandatory basis in order to comply with applicable law.

You are responsible for the Recruiting Data you provide or make available to us and all Recruiting Data you provide must be truthful, accurate, and not misleading in any way. You may not provide Recruiting Data that is obscene, defamatory, infringing, malicious, or that violates any law. To the extent you voluntarily provide any sensitive or special categories of information, as may be defined in applicable laws, you explicitly consent to our processing of such information as described in this Privacy Notice. Depending on your region or the region where an opportunity is located, we may be required to process certain sensitive personal information to comply with applicable local law. You are responsible for providing any notices and obtaining any consents necessary for us to collect and use personal information of your references as described in this Privacy Notice.

How And Why We Use Your Personal Information

We use information about you as mentioned above and for the purposes listed below:

  • to provide our Services, for example, to set up and maintain your account, host your Workspace, provide support and customer service, or charge you for any of our paid Services;
  • to further develop and improve our Services, for example by adding new features that we think our Users will enjoy;
  • to monitor and analyze trends and better understand how Users interact with our Services, which helps us improve our Services and make them easier to use;
  • to measure, gauge, and improve the effectiveness of our advertising, and better understand User retention and attrition for example, we may analyze how many individuals purchased a plan after receiving a marketing message or the features used by those who continue to use our Services after a certain length of time;
  • to monitor and prevent any problems with our Services, protect the security of our Services, detect and prevent fraudulent transactions and other illegal activities, fight spam, and protect the rights and property of Whimsical and others, including enforcing our Terms of Service and/or other agreements, which may result in us declining a transaction or the use of our Services;
  • to provide webinars and training sessions;
  • to provide optional features of the Services as more fully set forth in the Whimsical AI Supplementary Terms;
  • to communicate with you in response to your inquiries regarding the Services or otherwise, such as in response to sales inquiries;
  • to communicate with you, for example through an email about offers and promotions offered by Whimsical and others we think will be of interest to you, solicit your feedback in writing, on conference calls, or other channels, or keep you up to date on Whimsical and our products;
  • to personalize your experience using our Services and target our marketing messages to groups of our Users for example, those who have a particular plan with us or have been our User for a certain length of time; and/or
  • for Recruiting Data, to review and evaluate an application you submit, communicate with you regarding your application or other interest in Whimsical opportunities; process your onboarding if you are hired; operate, improve, and maintain the security of our recruiting process; and comply with applicable laws and otherwise operate our business.

How and Why We Disclose Personal Information

We disclose information about you in the limited circumstances spelled out below and with appropriate safeguards in place to protect your privacy:

  • Other Users: We may disclose information about you to other Users in your Workspace. For example, if you join a Workspace owned by another User or Organization, or collaborate with other Users on Whimsical, Whimsical may disclose basic information about you such as your name, email address, profile picture, and Workspace name to the other Users or Organizations. Please see “Your Employer or Relevant Organization” in the “How and Why We Disclose Personal Information” section below for more information.
  • Subsidiaries, Employees, and Independent Contractors: We may disclose information about you to our subsidiaries, our employees, and individuals who are our independent contractors that need to know the information in order to help us provide our Services or to process the information on our behalf. We require our subsidiaries, employees, and independent contractors to follow this Privacy Notice for personal information that we disclose to them.
  • Third Party Vendors: We may disclose information about you to third party vendors who need to know information about you in order to provide their services to us, or to provide their services to you. This group includes vendors that help us provide our Services to you (like payment providers that process your credit and debit card information or technology providers that enable certain features in our Services), those that assist us with our marketing efforts (e.g., by providing tools for identifying a specific marketing audience or improving our marketing campaigns), those that help us provide support and obtain your feedback (like support platforms or conference call systems with call recording abilities), those that help us understand and enhance our Services (like analytics providers), and those that help us conduct our recruiting and hiring activities (such as recruiting firms or background check providers). If you connect your account to certain vendors that are third party integrations, certain information will be disclose to such vendor and Whimsical to facilitate the integration. We require vendors to agree to privacy commitments in order to disclose information to them.
  • Your Employer or Relevant Organization: We may disclose your email address to your employer or other relevant organization (“Organization”) in certain circumstances:
    • If you register a Whimsical account or associate a Whimsical account with an email address provisioned by your organization, Whimsical may disclose information about you and any Workspaces owned or managed by you to your Organization. Such information could include your name, email address, and profile picture, as well as the Workspace name, membership size, creation date of your Workspace, and content within your Workspace. If you registered to use Whimsical’s Services with such an email address, but you do not use the Services in connection with your Organization and you do not wish for this information to be disclosed to your Organization, you may transfer your account to a different email address. For information on how to change the email address associated with your Whimsical account please follow the instructions here: https://help.whimsical.com/settings/email. If you would like additional assistance, please contact help@whimsical.com.
    • If (i) you create a Whimsical account or access our Services and the domain of the email address associated with your account is owned by the Organization and (ii) such Organization wants to establish an enterprise account with Whimsical or otherwise has requested that Whimsical inform it of any of its email addresses registered with Whimsical, your email address associated with such Organization may be disclose to the Organization to provide you additional Services, integrate your Whimsical account with the Organization’s, or otherwise as elected by the Organization. If the Organization ultimately creates an enterprise account with Whimsical, the remainder of your personal information associated with accounts registered with the Organization’s email domain may be disclosed to the Organization as described above. We may also disclose your personal information to the Organization (such as their accounting department) or the credit card account holder to validate your payment if you purchase Services using a credit card.
  • Legal Requests: We may disclose information about you in response to a subpoena, court order, or other governmental request, including to meet national security or law enforcement requirements.
  • To Protect Rights, Property, and Others: We may disclose information about you when we believe in good faith that disclosure is reasonably necessary to protect the property or rights of Whimsical, third parties, or the public at large. For example, if we have a good faith belief that there is an imminent danger of death or serious physical injury, we may disclose information related to the emergency without delay, or we may need to disclose your information in connection with enforcing our Terms of Service and/or other agreements.
  • Business Transfers: In connection with any merger, sale of company assets, or acquisition of all or a portion of our business by another company, or in the unlikely event that Whimsical goes out of business or enters bankruptcy, Registration Data, Usage Data, Customer Data, and Recruiting Data would likely be one of the assets that is transferred or acquired by a third party.
  • With Your Consent: We may disclose information with your consent or at your direction. For example, we may disclose your information to third parties with which you authorize us to do so.
  • Aggregated or De-Identified Information: We may disclose information that has been aggregated or reasonably de-identified, so that the information could not reasonably be used to identify you. For instance, we may publish aggregate statistics about the use of our Services.
  • Published Support Requests: And if you send us a request (for example, via a support email or one of our feedback mechanisms), we reserve the right to publish that request in order to help us clarify or respond to your request or to help us support other Users and may remove your personal information from the request.

How Long We Keep Personal Information

We generally delete information about you when we no longer need the information for the purposes for which we collect and use it — which are described in the section above entitled “How and Why We Use Your Personal Information” — and we are not legally required to continue to keep it. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure of your information, the purposes for which we process your information and whether we can achieve those purposes through other means, and the applicable legal requirements.

How to Access and Control Your Personal Information

You can view, access, edit, or delete your personal information for many aspects of the Services. You can request that Whimsical delete your personal information by sending an email to privacy@whimsical.com with “Please delete my personal information” in the subject line. Whimsical will verify your identity and then delete the personal information associated with your email address. You may also delete your account within your Account Settings through the Services. Please note that we may retain certain information as required or permitted by applicable law, and we may deny your deletion request if retaining the personal information is necessary for us or our service providers under any permitted exceptions.

Children’s Privacy

Our Website and the Services are not intended for general audiences and not for children under the age of 16. No one under age 16 may provide any personal information on the Website or through the Services. We do not knowingly collect personal information from children under 16. If you are under 16, do not use or provide any information on this Website or through the Services. If we learn we have collected or received personal information from a child under 16 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 16, please contact us at privacy@whimsical.com.

Security

While no online service is 100% secure, we work very hard to protect information about you against unauthorized access, use, alteration, or destruction, and take reasonable measures to do so, such as monitoring our Services for potential vulnerabilities and attacks. For details about the measures we take to protect information about you, please refer to our Security webpage located at https://whimsical.com/company/security and to our Trust Center located at https://trust.whimsical.com/.

Other Sites, Mobile Applications and Services

The Website may contain links to other websites, mobile applications, and other online services operated by third parties such as social media companies or payment processors (“Third Party Services”). These links are not an endorsement of, or representation that we are affiliated with, any third party. In addition, our content may be included on Third Party Services. We do not control these Third Party Services, we are not responsible for their actions, and they may follow different rules regarding the collection, use and sharing of your personal information. We encourage you to read the privacy policies of Third Party Services you use.

Choices

You have several choices available when it comes to information about you:

  • Limit the Information that You Provide: If you have an account with us, you can choose not to provide the optional account information, profile information, and transaction and billing information. Please keep in mind that if you do not provide this information, certain features of our Services may not be accessible.
  • Choose Not to Use Certain Features: You may choose not to use certain features within our Services where the use of such features results in the processing of information you submit through the feature by a third party. For example, use of our AI feature results in the sharing of information in accordance with the Whimsical AI Supplementary Terms. If you do not wish to disclose information with the third party providing the AI feature, please do not use such feature.
  • Opt-Out of Electronic Communications: You may opt out of receiving promotional messages from us. Just follow the instructions in those messages. If you opt out of promotional messages, we may still send you other messages, like those about your account and legal notices.
  • Set Your Browser to Reject Cookies: At this time, Whimsical does not respond to “do not track” signals across all of our Services. However, you can usually choose to set your browser to remove or reject browser cookies before using our Website, with the drawback that certain features of the Website may not function properly without the aid of cookies.
  • Delete Your Account: While we’d be very sad to see you go, if you no longer want to use our Services, you can delete your Whimsical.com account. Please keep in mind that we may continue to retain your information after closing your account, as described in “How Long We Keep Personal Information” above, for example, when that information is reasonably needed to comply with (or demonstrate our compliance with) legal obligations such as law enforcement requests, or reasonably needed for our legitimate business interests.

Regional Terms for Europe and Certain US States

The Website and our Services are hosted in and provided from the United States, and your use of our Website and Services is governed by United States law. If you are using the Website or Services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States where our systems and facilities, and those of our third party providers and recipients of information, are located. The data protection and other laws of the United States and other countries might be different than those in your country. By using the Website and Services, you consent to your information being transferred to our systems and facilities, and to the systems and facilities of those third parties to whom we disclose information as described in this Privacy Notice.

The Whimsical Data Processing Addendum is available here and the Whimsical Subprocessor List is available here.

The below provides additional information to individuals who are residents of certain US state such as California and Nevada or are located in the European Union, United Kingdom, and Switzerland (“Relevant Regions”) as required under applicable data protection laws in those regions (“Regional Laws”).

Your Consumer Rights

Certain Relevant Laws provide individuals in Relevant Regions certain rights regarding their personal information. If a Relevant Laws apply to you, you may submit a request to exercise your right(s) in relation to your personal information, as follows:

  • Know/Access: You may request access to the specific pieces of personal information we have collected about you, which may, in accordance with Relevant Laws, be limited to the information collected in the prior 12 months. You may also request additional details about our information practices, including the categories of personal information we have collected about you, the sources of such collection, the categories of personal information we share for a business or commercial purpose, and the categories of third parties with whom we share your personal information.
  • Correct/Rectify: You may request that we correct or rectify the personal information we have collected about you. Please note that we may decline to correct certain information as required or permitted by applicable law, and we may deny your correction request if retaining the personal information in its current state is necessary for us or our service providers under any permitted exceptions. We are required by law to verify your identity prior to correcting your information in order to protect your privacy and security. If you request to change your personal information, certain of our Services may no longer be available to you or may no longer operate correctly.
  • Limit Use of Sensitive Personal Information: You may request that we limit the use of sensitive personal information, as defined in Relevant Laws, to certain purposes as set forth in the Relevant Laws.
  • Delete/Erase: You may request that we delete the personal information we have collected about you. Please note that we may retain certain information as required or permitted by applicable law, and we may deny your deletion request if retaining the personal information is necessary for us or our service providers under any permitted exceptions. If you request to delete your personal information, certain of our Services may no longer be available to you.
  • Restrict or Object: You may request that we limit the way we use your personal information or object to certain forms of processing.
  • Data Portability: You may request for your personal information to be transferred directly to another organization.
  • Automated Decision Making and Profiling: You have the right not to be subject to automated decision-making if it produces a legal effect that significantly affects you, with certain exceptions. Please note that we do not generally engage in this activity and do not as a matter of course control or process personal information for this purpose, and if we do, we comply with Relevant Laws in connection with such data processing.
  • Not to Receive Direct Marketing Communications: In some Relevant Regions, you may request to not receive our direct marketing messages, as more fully set forth below.

Certain other details regarding the processing of personal information that individuals located in Relevant Regions may be entitled to receive are contained in other provisions of the Regional Supplement.

Please note that you may designate an authorized agent to exercise these rights on your behalf by providing written materials demonstrating that you have granted the authorized agent power of attorney. Please note that if an authorized agent submits a request on your behalf, we may need to contact you to verify your identity and protect the security of your personal information.

You can usually access, correct, or delete your personal information using your account settings and tools that we offer, but if you aren’t able to do that, or you don’t have an account, or you would like to contact us about one of the other rights, our contact information is set forth in “How to Reach Us” below. Individuals in the European Economic Area, Switzerland, and United Kingdom (collectively, “Europe”) also have the right to make a complaint to a government supervisory authority.

Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. Under some Relevant Laws, you may only make a verifiable consumer request for access twice within a 12-month period. The verifiable consumer request must (i) provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, and (ii) describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. We will respond to a verifiable consumer request within the time periods permitted under Relevant Laws. If we require more time, we will inform you of the reason and extension period in writing, in accordance with Relevant Laws.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Relevant Laws may require us to verify your identity. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request. We may not be able to provide all of the information requested, for example: (i) if the personal information was collected for a single one-time transaction and if, in the ordinary course of business, such information was not retained; (ii) we would be required to reidentify or otherwise link any data that, in the ordinary course of business, was not maintained in a manner that would be considered personal information; or (iii) the consumer used different browsers, devices or identifying information and we have not linked all such information together.

California Privacy Rights Act (“CPRA”) Notice

If you are a California resident or resident of a US state with other Relevant Laws, the CPRA and other Relevant Laws require us to disclose the following information with respect to our collection, use and disclosure of personal information.

  • Categories and Specific Pieces of Personal Information Collected: In the preceding 12 months, we have collected the following categories of personal information: certain identifiers, certain of the personal information categories listed in the California Customer Records statutes, commercial information, internet or other similar network activity, and geolocation data. For more detail regarding the personal information we collect, please see “Personal Information We Collect” above.
  • Business or Commercial Purpose for Collecting and Using Personal Information: We collect personal information for the business purposes described in “How and Why We Use Your Personal Information” above.
  • Categories of Sources of Personal Information: We collect personal information directly from you, automatically, and from other sources, each of which is more particularly described in “Personal Information We Collect” above.
  • Categories of Personal Information Disclosed: In the preceding 12 months, we have disclosed the categories of personal information for business or commercial purposes as set forth in “Personal Information We Collect” above.
  • Categories of Third Parties to whom We Disclose Personal Information: We may disclose your personal information to the third parties as described in “How and Why We Disclose Personal Information” above.
  • “Sale” or “Sharing” of Personal Information: Whimsical does not as a matter of course “sell” or “share” (as those terms are specifically defined in the CPRA and other Relevant Laws) your personal information.
  • Retention of Data. Please see “How Long We Keep Personal Information” above for details regarding the time period for which we retain personal information or the criteria we use to determine how long we retain personal information.

Non-Discrimination and Non-Retaliation

We will not discriminate or retaliate against you for exercising any of your CPRA rights. Unless permitted by the CPRA, we will not deny you goods or services; charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties; provide you a different level or quality of goods or services; and/or suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

California “Shine the Light” Law

California residents may request certain information regarding our disclosure (if any) of personal information to third parties for their direct marketing purposes, pursuant to California Civil Code Section 1798.83 (the California “Shine the Light” law). To make such a request, please contact us, identify yourself as a California resident and provide sufficient information so we can take appropriate action, such as your name, email address or any additional information required.

Individuals Located in Europe

If you are located in Europe (as defined above), the legal bases for using your personal information are as follows:

  • Where use of your information is necessary in order to fulfill our commitments to you under our Terms of Service and/or other agreements with you or as necessary to administer your account (for example, in order to enable access to our Website or Services on your device or charge you for a paid plan);
  • Where use of your information is necessary for compliance with a legal obligation;
  • Where use of your information is necessary in order to protect your vital interests or those of another person;
  • Where use of your information is necessary for our legitimate interests or the legitimate interests of others (for example, to secure, update, and improve our Services; to communicate with you and respond to your requests and inquiries; to measure, gauge, and improve the effectiveness of our advertising; to better understand user retention and attrition; to monitor and prevent any problems with our Services; to personalize your experience; for fraud prevention and know-your-customer obligations; to conduct our recruiting activities; and to establish, exercise, or defend legal claims); or
  • Where we have your consent, in accordance with applicable law (for example before we place certain cookies on your device and access and analyze them later on).

Controller and Processor Designations

With regard to the processing of Customer Data, our customer is the Controller and Whimsical is the Processor. Please see our Data Processing Addendum located at https://whimsical.com/terms/dpa for additional details. With regard to the processing of Registration Data, Usage Data, and Recruiting Data, Whimsical is the Controller and processes such information as set forth herein.

Other Things You Should Know

Data Processors

Please see our Subprocessor List for information on our use of third-party data processors.

International Transfer of Data

We may transfer to, process, and store the data we collect about you in countries other than the country in which the data was originally collected, including the USA, Canada or other destinations outside Europe. Those countries may not have the same data protection laws as the country in which you provided the data. When we transfer your data to other countries, we will protect the data as described in this Privacy Notice and comply with Relevant Laws providing adequate protection for the transfer of data to countries outside Europe.

We transfer your personal information outside Europe with appropriate organizational safeguards in place. Specifically, we transfer your personal information in accordance with the Standard Contractual Clauses (“SCCs”). The SCCs are part of our Data Processing Addendum located at https://whimsical.com/terms/dpa. By utilizing our Service, you agree to the transfer of your personal information in accordance with our Data Processing Addendum.

You may request more information about the safeguards that we have put in place in respect of transfers of personal information by contacting us as described in “How to Reach Us” below.

Privacy Notice Changes

Although most changes are likely to be minor, Whimsical may change its Privacy Notice from time to time, and in Whimsical’s sole discretion. Whimsical encourages visitors to frequently check this page for any changes to its Privacy Notice. Your continued use of this site after any change in this Privacy Notice will constitute your acceptance of such change.

How to Reach Us

If you have a question about this Privacy Notice, or you would like to contact us about any of your rights mentioned herein, please contact us at privacy@whimsical.com. You may reach us by mail at Whimsical, Inc., 1630 Welton Street, 7th Floor, Denver, Colorado 80202, USA.