Flowcharts
Wireframes
Mind Maps
Projects
Docs
Pricing
LOg in

Privacy

Updated November 3, 2022

Your privacy is important to us. At Whimsical, we have a few fundamental principles:

  • We are thoughtful about the personal information we ask you to provide and the personal information that we collect about you through the operation of our services.
  • We store personal information for only as long as we have a reason to keep it.
  • We aim to make it as simple as possible for you to control what information is shared publicly, kept private, and deleted.
  • We aim for transparency on how we gather, use, and share your personal information.

Below is our Privacy Notice, which incorporates and clarifies these principles.

PLEASE READ THIS PRIVACY NOTICE CAREFULLY TO UNDERSTAND HOW WE HANDLE YOUR PERSONAL INFORMATION. IF YOU DO NOT AGREE TO THIS PRIVACY NOTICE, PLEASE DO NOT ACCESS THE WEBSITE OR USE OUR SERVICES.

If you want to identify your data controller and processor, please see "Controller and Processor Designations" below.

Who We Are and What This Privacy Notice Covers

Hey there! We are the folks behind Whimsical, a service designed to allow anyone to collaborate on ideas visually.

This Privacy Notice applies to information that we collect about you when you access our website located at Whimsical.com and any related websites and successor websites (the "Website") and/or to utilize the visual collaboration tools provided on our Website (together with the Website, the “Services”).

Below we explain how we collect, use, and share personal information about you, along with the choices that you have with respect to that information.

Personal Information We Collect

We collect information in the following ways: if and when you provide information to us (Registration Data), information we collect automatically when you utilize our Services (Usage Data), information we collect from other sources, information we collect through our Services (Customer Data), and information you provide during the job application process (Recruiting Data). Let‘s go over the information that we collect.

Information You Provide to Us

It‘s probably no surprise that we collect information that you provide to us. The amount and type of information depends on the context and how we use the information. Here are some examples:

  • Basic Account Information: We ask for basic information from you in order to set up your account. For example, we require individuals who sign up for a Whimsical.com account to provide a valid email address–and that‘s it. You may choose to provide your name and an image or photo to use as an avatar, and if you choose to do so, we will collect that information as well.
  • Transaction and Billing Information: If you buy a subscription to a Whimsical.com plan from us, you will provide additional personal and payment information that is required to process the transaction and your payment, such as your name and contact information.
  • Communications With Us: You may also provide us information when you respond to surveys, communicate with us about a support question, provide feedback about our Services, or engage in sales discussions with us, each of which may include personal information.

Throughout this Privacy Notice, we will refer to this information as “Registration Data”. Registration Data does not include Customer Data (defined below).

Information We Collect Automatically

We also collect some information automatically:

  • Log Information: Like most online service providers, we collect information that web browsers, mobile devices, and servers typically make available, such as the browser type, IP address, unique device identifiers, language preference, referring site, the date and time of access, operating system, and mobile network information. We collect log information when you use our Services.
  • Usage Information: We collect information about your usage of our Services. For example, we collect information about the actions that workspace administrators and users perform on a workspace Whimsical.com service–in other words, who did what, when and to what thing in a workspace. We also collect information about what happens when you use our Services (e.g., page views) along with information about your device (e.g., screen size, name of cellular network, and mobile device manufacturer). We use this information to, for example, provide our Services to you, as well as get insights on how people use our Services, so we can make our Services better.
  • Geolocation Information: We may determine the approximate location of your device from your IP address. We collect and use this information to, for example, calculate how many people visit our Services from certain geographic regions.
  • Information from Cookies and Similar Technologies: A cookie is a string of information that a website stores on a visitor‘s computer, and that the visitor‘s browser provides to the website each time the visitor returns. Pixel tags (also called web beacons) are small blocks of code placed on websites and in emails. To collect information automatically as described in this section, Whimsical and its service providers may use cookies and other technologies like pixel tags to help us identify visitors and understand usage and access preferences for our Services, as well as analyze email campaign effectiveness. Our use of cookies is specified in our Cookie Policy, which is updated regularly to reflect current practices. You can turn off your web browser’s ability to accept cookies, but if you do so, certain parts of our Services may not work for you.
  • Public Social Media Posts: We may collect public posts to social media platforms and other social media information such as your name and social media handle that specifically mentions our Company via our handles.

Throughout this Privacy Notice, we will refer to this information as “Usage Data”. Usage Data does not include Customer Data (defined below).

Information We Collect from Other Sources

We may also receive information about you from other sources. For example, if you create or log into your Whimsical.com account through another service (like Google), we will receive information from that service (such as your basic profile information) via the authorization procedures used by that service.

Information We Collect through Our Services

We also receive information from you that you input and include when you use our Services. For example, any information that you type into any visual workspace that you create in the Services will be collected or any similar information you provide in the course of providing feedback. Throughout this Privacy Notice, we will refer to this information as “Customer Data”). Customer Data does not include Usage Data or Registration Data.

Information You Provide During the Job Application Process

We may also receive information about you if you submit a job application, inquire about opportunities at Whimsical, provide us your information at a recruiting event, or if we receive information about you from third parties in connection with our recruiting activities. Throughout this Privacy Notice, we will refer to this information as "Recruiting Data". Recruiting Data may include:

  • Name and contact information such as phone number, email address, and postal address; 
  • employment history such as prior employers and dates of employment;
  • education history such as degrees earned and institutions attended;
  • resume, CV, educational transcripts, and any information contained in or with such documentation; 
  • job qualifications and work eligibility information such as country of residence, visa and immigration status, and citizenship; 
  • reference information, such as name and contact details of your references; 
  • compensation information that you voluntarily provide, and which may depend on your region and applicable laws and regulations;
  • background check information, subject to applicable law; and 
  • sensitive personal information that you provide voluntarily or which we request on a non-mandatory basis in order to comply with applicable law. 

You are responsible for the Recruiting Data you provide or make available to us and all Recruiting Data you provide must be truthful, accurate, and not misleading in any way. You may not provide Recruiting Data that is obscene, defamatory, infringing, malicious, or that violates any law. To the extent you voluntarily provide any sensitive or special categories of information, as may be defined in applicable laws, you explicitly consent to our processing of such information as described in this Privacy Notice. Depending on your region or the region where an opportunity is located, we may be required to process certain sensitive personal information to comply with applicable local law. You are responsible for providing any notices and obtaining any consents necessary for us to collect and use personal information of your references as described in this Privacy Notice.

How And Why We Use Your Personal Information

We use information about you as mentioned above and for the purposes listed below:

  • To provide our Services, for example, to set up and maintain your account, host your workspace, provide support and customer service, or charge you for any of our paid Services;
  • To further develop and improve our Services, for example by adding new features that we think our users will enjoy;
  • To monitor and analyze trends and better understand how users interact with our Services, which helps us improve our Services and make them easier to use;
  • To measure, gauge, and improve the effectiveness of our advertising, and better understand user retention and attrition for example, we may analyze how many individuals purchased a plan after receiving a marketing message or the features used by those who continue to use our Services after a certain length of time;
  • To monitor and prevent any problems with our Services, protect the security of our Services, detect and prevent fraudulent transactions and other illegal activities, fight spam, and protect the rights and property of Whimsical and others, which may result in us declining a transaction or the use of our Services;
  • To provide webinars and training sessions;
  • To communicate with you in response to your inquiries regarding the Services or otherwise, such as in response to sales inquiries;
  • To communicate with you, for example through an email about offers and promotions offered by Whimsical and others we think will be of interest to you, solicit your feedback in writing, on conference calls, or other channels, or keep you up to date on Whimsical and our products; and
  • To personalize your experience using our Services and target our marketing messages to groups of our users for example, those who have a particular plan with us or have been our user for a certain length of time.
  • For Recruiting Data, to review and evaluate an application you submit, communicate with you regarding your application or other interest in Whimsical opportunities; process your onboarding if you are hired; operate, improve, and maintain the security of our recruiting process; and comply with applicable laws and otherwise operate our business.

How and Why We Share Personal Information

We share information about you in the limited circumstances spelled out below and with appropriate safeguards in place to protect your privacy:

  • Other Users: We may disclose information about you to other users in your workspace.
  • Subsidiaries, Employees, and Independent Contractors: We may disclose information about you to our subsidiaries, our employees, and individuals who are our independent contractors that need to know the information in order to help us provide our Services or to process the information on our behalf. We require our subsidiaries, employees, and independent contractors to follow this Privacy Notice for personal information that we share with them.
  • Third Party Vendors: We may share information about you with third party vendors who need to know information about you in order to provide their services to us, or to provide their services to you. This group includes vendors that help us provide our Services to you (like payment providers that process your credit and debit card information), those that assist us with our marketing efforts (e.g., by providing tools for identifying a specific marketing audience or improving our marketing campaigns), those that help us provide support and obtain your feedback (like support platforms or conference call systems with call recording abilities), those that help us understand and enhance our Services (like analytics providers), and those that help us conduct our recruiting and hiring activities (such as recruiting firms or background check providers). If you connect your account to certain vendors that
    are third party integrations, certain information will be shared between such vendor and Whimsical to facilitate the integration.  We require vendors to agree to privacy commitments in order to share information with them.
  • Your Employer or Relevant Organization: We may share your email address with your employer or other relevant organization (“Organization”) if (i) you create a Whimsical account or access our Services and the domain of the email address associated with your account is owned by the Organization and (ii) such Organization wants to establish an enterprise account with Whimsical or otherwise has requested that Whimsical inform it of any of its email addresses registered with Whimsical, and in such a case, your email address associated with such Organization may be shared with the Organization to provide you additional Services, integrate your Whimsical account with the Organization’s, or otherwise as elected by the Organization. If the Organization creates an enterprise account with Whimsical, the remainder of your personal information associated with accounts registered with the Organization’s email domain may be disclosed to the Organization. We may also share your personal information with the Organization (such as their accounting department) or the credit card account holder to validate your payment if you purchase Services using a credit card.
  • Legal Requests: We may disclose information about you in response to a subpoena, court order, or other governmental request, including to meet national security or law enforcement requirements.
  • To Protect Rights, Property, and Others: We may disclose information about you when we believe in good faith that disclosure is reasonably necessary to protect the property or rights of Whimsical, third parties, or the public at large. For example, if we have a good faith belief that there is an imminent danger of death or serious physical injury, we may disclose information related to the emergency without delay.
  • Business Transfers: In connection with any merger, sale of company assets, or acquisition of all or a portion of our business by another company, or in the unlikely event that Whimsical goes out of business or enters bankruptcy, Registration Data, Usage Data, Customer Data, and Recruiting Data would likely be one of the assets that is transferred or acquired by a third party. 
  • With Your Consent: We may share and disclose information with your consent or at your direction. For example, we may share your information with third parties with which you authorize us to do so.
  • Aggregated or De-Identified Information: We may share information that has been aggregated or reasonably de-identified, so that the information could not reasonably be used to identify you. For instance, we may publish aggregate statistics about the use of our Services.
  • Published Support Requests: And if you send us a request (for example, via a support email or one of our feedback mechanisms), we reserve the right to publish that request in order to help us clarify or respond to your request or to help us support other users and may remove your personal information from the request.

How Long We Keep Personal Information

We generally discard information about you when we no longer need the information for the purposes for which we collect and use it–which are described in the section above entitled "How and Why We Use Personal Information"–and we are not legally required to continue to keep it. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure of your information, the purposes for which we process your information and whether we can achieve those purposes through other means, and the applicable legal requirements. For example, we keep the web server logs that record information about a visitor to our Website, such as the visitor’s IP address, browser type, and operating system, for approximately 90 days. We retain the logs for this period of time in order to, among other things, analyze traffic to the Website and investigate issues if something goes wrong on our Website.

Children’s Privacy

Our Website and the Services are not intended for general audiences and not for children under the age of 16. No one under age 16 may provide any personal information on the Website or through the Services. We do not knowingly collect personal information from children under 16. If you are under 16, do not use or provide any information on this Website or through the Services. If we learn we have collected or received personal information from a child under 16 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 16, please contact us at privacy@whimsical.com.

Security

While no online service is 100% secure, we work very hard to protect information about you against unauthorized access, use, alteration, or destruction, and take reasonable measures to do so, such as monitoring our Services for potential vulnerabilities and attacks. For details about the measures we take to protect information about you, please refer to our Security webpage located at https://whimsical.com/security/.

Other Sites, Mobile Applications and Services

The Website may contain links to other websites, mobile applications, and other online services operated by third parties such as social media companies or payment processors (“Third Party Services”). These links are not an endorsement of, or representation that we are affiliated with, any third party.  In addition, our content may be included on Third Party Services. We do not control these Third Party Services, we are not responsible for their actions, and they may follow different rules regarding the collection, use and sharing of your personal information.  We encourage you to read the privacy policies of Third Party Services you use.

Choices

You have several choices available when it comes to information about you:

  • Limit the Information that You Provide: If you have an account with us, you can choose not to provide the optional account information, profile information, and transaction and billing information. Please keep in mind that if you do not provide this information, certain features of our Services may not be accessible.
  • Opt-Out of Electronic Communications: You may opt out of receiving promotional messages from us. Just follow the instructions in those messages. If you opt out of promotional messages, we may still send you other messages, like those about your account and legal notices.
  • Set Your Browser to Reject Cookies: At this time, Whimsical does not respond to "do not track" signals across all of our Services. However, you can usually choose to set your browser to remove or reject browser cookies before using our Website, with the drawback that certain features of the Website may not function properly without the aid of cookies.
  • Delete Your Account: While we’d be very sad to see you go, if you no longer want to use our Services, you can delete your Whimsical.com account. Please keep in mind that we may continue to retain your information after closing your account, as described in "How Long We Keep Personal Information" above, for example, when that information is reasonably needed to comply with (or demonstrate our compliance with) legal obligations such as law enforcement requests, or reasonably needed for our legitimate business interests.

Privacy Notice for Residents of Certain States in the USA

Some USA state laws (e.g., California and Nevada) provide state residents with additional privacy rights. This section of the Privacy Notice addresses current U.S. state data privacy laws, including the California Consumer Protection Act (2018) (the "CCPA"), and will be updated as these laws evolve. 

California Residents: Additional Disclosures Related to Collection, Use, and Disclosure of Personal Information

If you are a California resident, the CCPA requires us to disclose the following information with respect to our collection, use and disclosure of personal information.

  • Categories of Personal Information Collected: In the preceding 12 months, we have collected the following categories of personal information: certain identifiers, certain of the personal information categories listed in the California Customer Records statutes, internet or other similar network activity, and inferences drawn about your preferences. For examples of the personal information we collect, please see "Personal Information We Collect" above.
  • Business or Commercial Purpose for Collecting and Using Personal Information: We collect personal information for the business purposes described in "How and Why We Use Information" above.
  • Categories of Sources of Personal Information: We collect personal information directly from you, automatically, and from other sources, each of which is more particularly described in "Personal Information We Collect" above.
  • Categories of Personal Information Disclosed: In the preceding 12 months, we have disclosed the categories of personal information for business or commercial purposes as set forth in “Personal Information We Collect” above.
  • Categories of Third Parties with whom We Share Personal Information: We may share your personal information with the third parties as described in "How and Why We Share Personal Information” above.
  • Sale of Personal Information: Whimsical does not as a matter of course sell your personal information.

Your Consumer Rights

California consumers have the right to request access to their personal information, additional details about our information practices and deletion of their personal information (subject to certain exceptions). We describe how California consumers can exercise their rights under the CCPA below. Please note that you may designate an authorized agent to exercise these rights on your behalf by providing written materials demonstrating that you have granted the authorized agent power of attorney. Please note that if an authorized agent submits a request on your behalf, we may need to contact you to verify your identity and protect the security of your personal information.

  • Right to Know: You may request access to the specific pieces of personal information we have collected about you in the prior 12 months. You may also request additional details about our information practices, including the categories of personal information we have collected about you, the sources of such collection, the categories of personal information we share for a business or commercial purpose, the categories of third parties with whom we share your personal information, and the specific pieces of personal information we collected about you. We are required by law to verify your identity prior to granting access to your data in order to protect your privacy and security.
  • Deletion: You may request that we delete the personal information we have collected about you. Please note that we may retain certain information as required or permitted by applicable law, and we may deny your deletion request if retaining the personal information is necessary for us or our service providers under one of the nine statutory exceptions listed in Cal. Civ. Code § 1798.105, as amended by AB 1146. We are required by law to verify your identity prior to deleting your information in order to protect your privacy and security. If you request to delete your personal information, certain of our Services may no longer be available to you.

To exercise the rights described above, please submit a verifiable consumer request to us in writing at Whimsical, Inc., 1630 Welton Street, 7th Floor, Denver, Colorado 80202, United States of America (“USA”) or send an email to privacy@whimsical.com. Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. You may only make a verifiable consumer request for access twice within a 12-month period. The verifiable consumer request must (i) provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, and (ii) describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. We endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time, we will inform you of the reason and extension period in writing.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request. We may not be able to provide all of the information requested, for example: (i) if the personal information was collected for a single one-time transaction and if, in the ordinary course of business, such information was not retained; (ii) we would be required to reidentify or otherwise link any data that, in the ordinary course of business, was not maintained in a manner that would be considered personal information; (iii) the consumer used different browsers, devices or identifying information and we have not linked all such information together; or (iv) if the information was collected, sold or disclosed prior to January 1, 2019 or 12 months prior to the receipt of such verifiable consumer request, whichever is later.

Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not deny you goods or services; charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties; provide you a different level or quality of goods or services; and/or suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

“Shine the Light” Law

California residents may request certain information regarding our disclosure (if any) of personal information to third parties for their direct marketing purposes, pursuant to California Civil Code Section 1798.83 (the California “Shine the Light” law). To make such a request, please contact us, identify yourself as a California resident and provide sufficient information so we can take appropriate action, such as your name, email address or any additional information required.

Nevada Residents

Though we do not as a matter of course “sell” “covered information” as those terms are defined by the Nevada Privacy Law (as amended), if you reside in Nevada and believe we have sold your covered information, please contact us as set forth below. 

Information for European Union Residents: Your EU Privacy Rights

If you are located in certain countries, including Switzerland or those countries that fall under the scope of the European Union’s General Data Protection Regulation or the UK General Data Protection Regulation (collectively, “GDPR”), data protection laws give you rights with respect to your personal data (as defined by GDPR), subject to any exemptions provided by the law, including the rights to:

  • Request access to your personal data;
  • Request correction or deletion of your personal data;
  • Object to our use and processing of your personal data;
  • Request that we limit our use and processing of your personal data; 
  • Request portability of your personal data;
  • Withdraw a consent to process your personal data that you previously granted.

You can usually access, correct, or delete your personal data using your account settings and tools that we offer, but if you aren’t able to do that, or you would like to contact us about one of the other rights, scroll down to “How to Reach Us” to, well, find out how to reach us. Individuals in the European Union, Switzerland, and United Kingdom (collectively, “EU”) also have the right to make a complaint to a government supervisory authority.

Legal Bases for Use of Your Information

The legal bases for using your information as set out in this Privacy Notice are as follows:

  • Where use of your information is necessary in order to fulfill our commitments to you under our Terms of Service and/or other agreements with you or is necessary to administer your account (for example, in order to enable access to our Website on your device or charge you for a paid plan);
  • Where use of your information is necessary for compliance with a legal obligation;
  • Where use of your information is necessary in order to protect your vital interests or those of another person;
  • Where use of your information is necessary for our legitimate interests or the legitimate interests of others (for example, to provide and update our Services, to improve our Services so that we can offer you an even better user experience, to safeguard our Services, to communicate with you, to measure, gauge, and improve the effectiveness of our advertising, and better understand user retention and attrition, to monitor and prevent any problems with our Services, to personalize your experience, and to conduct our recruiting activities); or
  • Where we have your consent, in accordance with applicable law (for example before we place certain cookies on your device and access and analyze them later on).

Controller and Processor Designations

With regard to the processing of Customer Data, our customer is the Controller and Whimsical is the Processor. Whimsical does not access Customer Data unless Customer specifically requests for Whimsical to do so in writing. Whimsical, as the Processor of Customer Data, will only process such Customer Data pursuant to written instructions from you, as the Controller of Customer Data, as more fully set forth in our Data Processing Addendum located at https://whimsical.com/dpa.

With regard to the processing of Registration Data, Usage Data, and Recruiting Data, Whimsical is the Controller and processes such information as set forth in this Privacy Notice and, for our customers, as more fully set forth in our Data Processing Addendum located at https://whimsical.com/dpa.

Other Things You Should Know

Data Processors

Please see our Subprocessor List for information on our use of third-party data processors. 

International Transfer of Data

We may transfer to, process, and store the data we collect about you in countries other than the country in which the data was originally collected, including the USA, Canada or other destinations outside the European Economic Area ("EEA"). Those countries may not have the same data protection laws as the country in which you provided the data. When we transfer your data to other countries, we will protect the data as described in this Privacy Notice and comply with applicable legal requirements providing adequate protection for the transfer of data to countries outside the EEA and the United Kingdom.

We transfer your personal data outside of the EEA or the United Kingdom with appropriate organizational safeguards in place. Specifically, we transfer your personal data in accordance with the Standard Contractual Clauses ("SCCs"). The SCCs are part of our Data Processing Addendum located at https://whimsical.com/dpa. By utilizing our Service, you agree to the transfer of your personal data in accordance with our Data Processing Addendum.

You may request more information about the safeguards that we have put in place in respect of transfers of personal data by contacting us as described in "How to Reach Us" section above.

Privacy Notice Changes

Although most changes are likely to be minor, Whimsical may change its Privacy Notice from time to time, and in Whimsical’s sole discretion. Whimsical encourages visitors to frequently check this page for any changes to its Privacy Notice. Your continued use of this site after any change in this Privacy Notice will constitute your acceptance of such change.

How to Reach Us

If you have a question about this Privacy Notice, or you would like to contact us about any of your rights mentioned herein, please contact us at privacy@whimsical.com. You may reach us by mail at Whimsical, Inc., 1630 Welton Street, 7th Floor, Denver, Colorado 80202, USA.

Product

Company

Contact Sales
StatusSecurityTermsPrivacy
© 2023 Whimsical Inc.
TermsPrivacySecurity
© 2020 Whimsical