Skip to content

Privacy and Data Policy

Privacy Policy

Effective Date: May 12, 2024

The privacy and handling of data is crucial for a product used by children. We take it seriously. This privacy policy outlines how we collect, use, share, and protect information through our chat and robotic sidekicks. In this policy 'user' is the human paired with Willow. 

Parental Consent and COPPA Compliance

In compliance with the Children's Online Privacy Protection Act (COPPA), Willow collects parental or guardian consent before allowing children under the age of 13 to use our service. Parents must review and agree to our privacy practices, including our limited collection, use, and sharing of children's personal information as described in this policy for their children to user our services.

Information We Collect

  • Sensitive Personally Identifiable Information: user name, purchaser billing and shipping address. 
  • Non-Sensitive Personally Identifiable Information: user date of birth.  
  • Conversational Data: Includes voice recordings, transcripts, metadata, summaries, or parts of conversations. This data may inadvertently include personally identifiable information (PII) disclosed by users during interaction with Willow. 
  • Technical Information: Includes data such as IP address, browser type, and operating system, collected automatically.

Information We Do Not Collect

  • Personally identifiable information: user address, user SSN, user drivers license, user passport information, user financial information, user medical records. 

How We Use Information

  • To deliver features and functionality.
  • To improve our service.

Data Sharing and Disclosure

  • Third-party Service Providers: Conversational data is shared, transmitted through, and stored by third-party providers to support language processing, consciousness and thinking, speech, and other features.
  • Legal Requirements: We disclose information if required by law or to protect our rights and safety.
  • Payment Information: payment instruments, billing address, shipping address and other details are shared and stored with payments partners for payment processing. 

Data Breach Notification

In the unlikely event of a data breach, we will notify affected individuals via email within 72 hours of becoming aware of the breach, where feasible, as required by law. We will also provide information on measures to mitigate the potential adverse effects of such a breach.

User Rights

Users have the right to access, correct, delete, or transfer their personal data. Email us at to get a report with the information we've collected (identity verification required). We will delete data when you ask us to.

Changes to This Policy

We will update this policy overtime. Changes will be communicated to users via our website at least 7 days before they take effect. We encourage you to review this policy periodically.

Data Retention

We retain the personal data collected through Willow only for as long as necessary to fulfill the purposes outlined in this privacy policy, unless a longer retention period is required or permitted by law. The criteria we use to determine the retention periods include:

  • The duration of our ongoing relationship with you and the services we provide; we keep your data while your account is active or as needed to provide you services. This includes periods during which you may return to use our services intermittently.
  • Whether there is a legal obligation to which we are subject; such as certain laws requiring us to keep records for tax purposes, compliance regulations, or for handling disputes. This might require retaining data beyond the duration of our relationship with you.
  • The necessity to resolve disputes and enforce our agreements; data may be retained to defend or assert the legal rights of any party involved, including situations where litigation is imminent.
  • The requirements to comply with technical and organizational security measures; retaining data to protect the integrity and stability of our systems and ensure ongoing confidentiality, integrity, availability, and resilience.
  • The impact on the privacy rights and freedoms of data subjects; we assess whether the retention of specific data proportionally and reasonably fulfills our stated purposes, ensuring it does not excessively infringe on your privacy rights.

Data that no longer serves any of the purposes specified will be securely deleted or anonymized, so it no longer constitutes personal data. We review our data retention practices regularly to ensure they comply with our policies and relevant laws.