Privacy Policy
Effective Date: March 16, 2026
Wise Owl Collective respects your privacy. This Privacy Policy explains how we collect, use, protect, and retain your information when you use our website, engage our services, or transmit data to our platform.
Who We Are
Wise Owl Collective is a data and analytics consultancy, organized as a limited liability company (LLC) registered in the Commonwealth of Massachusetts. Our website is: https://wiseowlcollective.com. We operate a secure, cloud-based analytics platform (Bubo AI) hosted on Google Cloud Platform, designed for advanced analytics and AI/ML projects.
Information We Collect
We collect and manage the following types of information:
Client-provided data: datasets, project files, or related materials shared with us for analysis or consulting. These are typically anonymized and do not contain personally identifiable information (PII).
Contact information: submitted through website forms or business communications (e.g., name, email address, company name, phone number).
Chatbot interactions: session data is temporarily stored in memory to improve your user experience during a conversation. Anonymized chatbot queries may be used to refine future performance. Chat conversations are not stored permanently and are cleared when the session ends.
Voice interactions: if you use the voice feature on our chatbot, your speech is processed by your browser's built-in speech recognition (no audio is sent to our servers). Bot responses may be spoken aloud using Google Cloud Text-to-Speech; the text content (not your voice) is sent to Google for synthesis.
Website usage data: anonymized traffic data via Squarespace and Google keyword tracking.
Portal uploads: files uploaded through our secure client portal are stored in Google Cloud Storage and automatically scanned for malware (via VirusTotal) and personally identifiable information (via Google Cloud Data Loss Prevention) before processing.
How We Use Your Information
We use your information only to:
Perform contracted work on your behalf.
Understand your needs and improve our services.
Communicate with you effectively.
Deliver a responsive and helpful chatbot experience.
Ensure secure, compliant handling of uploaded files.
What We Never Do
We never sell your data.
We never share your data with third parties, except under written instruction or as required by law.
We never use your data for purposes beyond the work you've engaged us to do.
Who Has Access
Only authorized Wise Owl team members and approved collaborators working directly on your project may access your data. Our infrastructure includes strict role-based access controls (Google Cloud IAM), dedicated service accounts per service, and client isolation policies. Each client's data is stored in isolated prefixes within encrypted cloud storage.
Data Retention
Contact form and communication data is retained for up to 12 months.
Client project data is retained for the duration of the project plus 90 days unless otherwise specified.
Portal uploads are subject to automated versioning and lifecycle policies in Google Cloud Storage.
Cloud platform logs are retained for 30 days in Google Cloud Logging and archived to encrypted long-term storage.
Explicit deletion requests will be honored promptly, with certificates of destruction available upon request.
Retention extensions may be granted based on client requests or compliance obligations.
Cookies and Tracking
This site uses cookies to support basic functionality, maintain session continuity (e.g., for chatbot interactions), and track anonymized traffic patterns using Squarespace and Google tools. We do not use cookies for advertising, profiling, or behavioral targeting.
Cookies are categorized as follows:
Necessary Cookies: Essential for secure site operation, form protection, and spam prevention. These cookies do not store personally identifiable information and cannot be disabled via the consent banner.
Analytics Cookies: Used to understand how visitors interact with the site -- such as page views, session activity, and visitor frequency. These cookies are only activated with your consent. You can manage your cookie preferences at any time through the cookie banner available on our website.
Security Measures
Your data is protected by our defense-in-depth security framework
Endpoint Protection:
Malwarebytes endpoint protection on all workstations
Cloud Infrastructure Security (Google Cloud Platform):
All data encrypted at rest (AES-256) and in transit (TLS 1.3)
Virtual Private Cloud (VPC) with private networking and Cloud NAT
Identity and Access Management (IAM) with dedicated service accounts per service
Workload Identity Federation for CI/CD (no long-lived service account keys)
Secret Manager for all API keys and credentials (no plaintext secrets in code)
File Upload Security:
Automated malware scanning via VirusTotal on every uploaded file
Automated PII detection via Google Cloud Data Loss Prevention (DLP)
Files containing malware or sensitive data are automatically quarantined
File type, size, and filename validation before processing
Path traversal and injection attack prevention
Application Security
Input validation and sanitization on all user inputs
Rate limiting on all public endpoints
Security headers (HSTS, X-Content-Type-Options, X-Frame-Options, CSP)
JWT-based authentication for portal access with time-limited tokens
No passwords stored -- portal uses tokenized, time-limited access links
Monitoring and Alerting
Real-time error rate monitoring on all services
Authentication failure detection and alerting
Automated health checks every 6 hours via AI-powered health agent
Audit logging with long-term archival to encrypted cloud storage
Budget and cost anomaly alerts
We follow the principle of least privilege and continuously monitor access for anomalies.
Data Breach Notification
In the event of a data breach affecting your personal information, Wise Owl Collective will:
Promptly investigate the incident to determine its scope and impact
Notify affected individuals without unreasonable delay -- typically within 72 hours of discovery
Clearly explain what information was compromised (if known)
Outline the steps we're taking to contain the breach and protect your data
Provide guidance on actions you can take to protect yourself
Notify relevant authorities as required by applicable law
As a small company, our founders and management team directly oversee all security matters and will personally handle any breach-related communications. While we maintain robust security controls, no system is entirely immune to threats. We are committed to transparency and will communicate clearly should an incident occur.
For concerns or questions about our data breach procedures, please contact us at: legal@wiseowlcollective.com
International Users
If you are located outside the United States, including in the EU or UK, your information may be transferred to and processed in the U.S. We apply appropriate safeguards to such transfers, including Standard Contractual Clauses when required by law. Our cloud infrastructure is hosted in Google Cloud Platform's us-east4 region (Northern Virginia).
Your Rights
If you have shared identifiable personal information with us (e.g., as a business contact or via a contact form), you may:
Request a copy of the data we hold about you
Ask us to delete or restrict your data
Withdraw consent for future processing
Request early deletion of your contact information
These rights do not apply to fully anonymized data sets, which contain no personally identifiable information.
To exercise any of these rights, email us at: legal@wiseowlcollective.com
Changes to This Policy
We may update this Privacy Policy periodically. Any changes will be posted on this page and reflected in the updated effective date.
Contact
If you have any questions, data concerns, or accessibility requests, contact:
Email: legal@wiseowlcollective.com
