Legal
Data Processing Agreement
Last updated: June 2026
Roles
For workspace content you upload (client data, documents, agent records), you are the data controller and Wooho Technologies is the data processor acting on your documented instructions. For account and billing data, Wooho is the controller (see the Privacy Policy).
Scope & purpose
Wooho processes personal data only to provide the platform: hosting, AI-assisted answers, matching, training, billing, and support — and as otherwise instructed in writing by you.
Subprocessors
Wooho uses Google Cloud / Firebase (hosting, auth, database, embeddings), Vercel (web hosting), Polar (card billing), Resend (email), and Google Gemini (AI generation). We will inform controllers of changes to this list and remain responsible for subprocessor compliance.
Security measures
Wooho implements the technical and organizational measures described on the Security page: encryption in transit and at rest, tenant isolation via Firestore rules, role-based access, CSP, and secret scanning.
International transfers
Data may be processed in the EU (Frankfurt) and the United States. Where required, transfers rely on standard contractual clauses and equivalent safeguards.
Data subject requests
Wooho will assist the controller in responding to access, correction, deletion, restriction, and portability requests under Egypt PDPL, GCC data-protection laws, and GDPR, taking into account the nature of processing.
Breach notification
Wooho will notify the controller without undue delay after becoming aware of a personal data breach affecting the controller's data, with the information needed to meet notification obligations.
Return & deletion
On termination, workspace data is retained for up to 90 days then deleted, unless law requires longer retention (e.g. 7-year billing records). Earlier deletion is available on request.
Requesting a signed DPA
Enterprise customers can request a countersigned DPA at privacy@wooho.app. This page sets out the standard terms that apply to all customers.