Use of Cookies and E-mail

Wiplist collects cookies on our Web site to capture information about page visits. This information is anonymous and Wiplist uses this information only internally - to deliver the most effective content to our visitors. Information from the cookies is used to gauge page popularity, analyse traffic patterns on our site and guide development of other improvements to our site. Wiplist does not require that you accept cookies, however, some functionality on our Web site, our product or service check-out process, and products and services may be disabled if you decline to accept cookies. You can set your browser to notify you when you receive a cookie, giving you the chance to decide whether or not to accept it. You may also change your cookie settings through preferences options in our products and/or services, where applicable. Wiplist never gives away information about our users. If you choose to e-mail us and provide personally identifiable information about yourself, Wiplist will use this information only to respond to your inquiry. Wiplist will not sell, rent or otherwise disclose that information to third parties unless such disclosure is necessary for the purposes set forth in this Policy, by law or a policy or notice contained or associated with a specific Wiplist product or service.

Volunteered Information and Use of Information

When you trial or subscribe to a product or service or complete an online registration on our site, Wiplist collects personal information from you which may include:

• name and email address;

• billing information, including credit card information and your shipping address;

• information concerning software programs used, products and content licensed, accessed, or downloaded through Wiplist products or services;

• location information (such as zip code or postal code and country);

• computer configuration (such as operating system, connection speed, and peripherals);

• the IP Internet (IP) address and URL of the Web site that sent you to the Wiplist registration page;

• the types of peripherals (including portable media or recording devices) used by Wiplist products on your computer (to ensure that you have access to the latest fixes and patches for full compatibility with these devices);

• demographic information provided by you (such as language, gender and age, and, if applicable, software program and content preferences and personalisation information); and

• whether you logged into or out of a Wiplist service, or changed your password or billing information.

This information is collected on Web pages using encryption technology to help prevent any third party from intercepting the information. Your credit card information is only used for completing the transaction and is retained only as necessary for administration purposes. Wiplist uses the information provided by our customers to analyse product trends based on, for example, geographic and demographic factors. This analysis helps us improve the quality of our Web site and product and service mix.

We may use cookies and other technologies for a variety of purposes. These technologies may provide us with personal information, information about devices and networks you utilise to access our websites, and other information regarding your interactions with our Websites. Our sole use of this technology is to provide you with a tailored experience specific to your location or preferences.

Tags and scripts may be used on our Websites, Application, an email or other electronic communications we send to you. These assist us in delivering cookies, counting visits to our Websites, understanding usage and software effectiveness and determining whether an email has been opened and acted upon. We may receive reports based on the use of these technologies by our third-party service providers on an individual and aggregated basis.

Google User Data

Wiplist’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Data Accessed

When you choose to connect your Google account to Wiplist, we may access the following types of Google user data, depending on which integrations you enable:

• Google Calendar Data: Calendar event titles, descriptions, locations, start and end times, event status (confirmed, tentative, cancelled), attendee information (email addresses, display names, response status), organiser and creator email addresses, links to events, and recurrence rules for recurring events.

• Google Drive Data: File metadata (file IDs, MIME types, thumbnail links) for files created through Wiplist. We request the drive.file scope, which limits access to only files created or opened by Wiplist — we do not access your entire Google Drive.

• Google Docs, Sheets, and Slides Data: The ability to create and manage documents, spreadsheets, and presentations within Google Drive on your behalf, as part of project collaboration features.

• OAuth Tokens: Access tokens and refresh tokens necessary to maintain your authenticated connection to Google services.

The specific OAuth scopes we request are:

• https://www.googleapis.com/auth/calendar — for reading and syncing your Google Calendar events.

• https://www.googleapis.com/auth/drive.file — for creating and managing files that Wiplist creates or that you open with Wiplist.

Data Usage

We use the Google user data we access solely to provide and improve the Wiplist services you have opted into:

• Google Calendar Integration: We sync your Google Calendar events into Wiplist so you can view your schedule alongside your projects and tasks. We use webhook push notifications from Google to keep your calendar data up to date in real time. Calendar data is used exclusively for displaying events within the Wiplist application.

• Google Drive Integration: We create Google Docs, Sheets, and Slides documents on your behalf as part of project workflows. We manage sharing permissions for these documents so that your project team members can collaborate. We retrieve file thumbnails for display within the Wiplist interface.

• Token Management: We store OAuth access and refresh tokens to maintain your authenticated session with Google services. Tokens are automatically refreshed when they expire to ensure uninterrupted service.

We do not use Google user data for advertising purposes. We do not use Google user data to train machine learning or artificial intelligence models. We do not use Google user data for any purpose other than providing the specific Wiplist features you have enabled.

Data Sharing

Wiplist does not sell, rent, or share your Google user data with any third parties for their own purposes. Specifically:

• Google Calendar event data is not shared with any external services or third parties.

• Google Drive documents created through Wiplist may be shared with other members of your project team within Wiplist, based on your project’s team membership. This sharing is performed through Google’s own permission system and is limited to team members you have added to the relevant project.

• OAuth tokens are never shared with any third party.

• No Google user data is transferred to advertising platforms, data brokers, or any unrelated third-party services.

Data Storage & Protection

Google user data is stored securely in our databases with the following protections:

• OAuth access tokens and refresh tokens are stored in a dedicated, access-controlled database table with encryption at rest.

• Google Calendar events are stored in a structured database table linked to your user account, accessible only by authenticated users with appropriate permissions.

• All data is transmitted over encrypted connections (HTTPS/TLS) both between your browser and Wiplist, and between Wiplist and Google’s APIs.

• Access to Google user data within our systems is restricted to the authenticated user who connected their Google account.

• Our servers are hosted on Amazon Web Services (AWS) with data stored in the region closest to your location (e.g., customers in Europe have data stored on AWS servers in London, United Kingdom). Backups are stored on a separate AWS server in the same region.

• We employ industry-standard security practices including access controls, encryption, and regular security reviews to protect your data.

• Webhook endpoints that receive data from Google are protected by verification middleware and rate limiting to prevent unauthorised access.

Data Retention & Deletion

• Retention: Google user data is retained only for as long as your Google account remains connected to Wiplist and your Wiplist account is active. OAuth tokens are retained for the duration of your connection and are automatically refreshed as needed.

• Disconnection: You can disconnect your Google account from Wiplist at any time through the application settings. When you disconnect:

• Your OAuth access and refresh tokens are immediately deleted from our systems.

• Synced Google Calendar events are removed from your Wiplist account.

• Webhook subscriptions for calendar updates are cancelled with Google.

• Any Google Drive permissions created by Wiplist remain managed through Google’s own systems and can be managed directly in Google Drive.

• Account Deletion: If you delete your Wiplist account, all associated Google user data — including OAuth tokens, synced calendar events, and webhook subscriptions — is permanently deleted from our systems.

• Requesting Deletion: You may request the deletion of your Google user data at any time by:

• Disconnecting Google services through the Wiplist application settings.

• Contacting our support team at our head office to request full deletion of your data.

• Deleting your Wiplist account, which will remove all associated data.

• Upon receiving a deletion request, we will process it promptly and confirm deletion within 30 days.

Third-Party Service Integrations

Wiplist integrates with various third-party services to provide its features. Below is a summary of the categories of third-party services we use and the types of data shared with them:

• Accounting Software (e.g., Xero, QuickBooks, MYOB, Sage): When you connect an accounting integration, we share invoice, bill, expense, payment, contact, and tax information necessary to synchronise your financial data between Wiplist and your accounting platform.

• Payment Processors (e.g., Stripe, PayPal): We share transaction details, invoice amounts, and customer payment information necessary to process payments on your behalf.

• Email Delivery (e.g., SendGrid, Amazon SES): We share email addresses and email content necessary to deliver system notifications, invitations, and transactional emails to you and your team.

• Cloud Storage (Amazon S3, CloudFront): User-uploaded files and documents are stored on Amazon Web Services infrastructure.

• Real-Time Communication (Pusher): We use Pusher to deliver real-time notifications and updates within the application.

• Error Monitoring (Sentry): We share application error and performance data with Sentry to identify and resolve technical issues. This may include request metadata and stack traces but does not include your personal content or financial data.

• Logging (Sentry): Application logs are sent to Sentry for monitoring and debugging purposes.

• Customer Support (Intercom): We share user identifiers with Intercom to provide in-app customer support and messaging.

• PDF Generation (PDFShift): Document content is sent to PDFShift for conversion to PDF format when generating invoices, estimates, and other documents.

• Bot Prevention (Google reCAPTCHA): We use Google reCAPTCHA to protect against automated abuse. reCAPTCHA may collect hardware and software information and send it to Google for analysis.

All third-party service providers are required to protect and manage personal information to high standards and cannot use the information for purposes other than to provide the services Wiplist has requested.

Logs

We gather certain information and store it in log files when you interact with our Websites and Services. This information includes internet protocol (IP) addresses as well as browser type, internet service provider, URLs of referring/exit pages, operating system, date/time stamp, information you search for, locale and system configuration information. This information is used mainly for Analytics and for our support ticketing software. Occasionally, we connect personal information to information gathered in our log files as necessary to improve our Websites and Services. In such a case, we would treat the combined information in accordance with this Policy.

Analytics

We collect analytics information when using our Website to help us build more relevant and useful content, this data is stored by Google Analytics which is our preferred analytic software. This data is not personally identifiable.

Information Collected in Contests

If you enter one of our contests, the data we collect will be handled according to the rules of that particular contest and those rules may differ based on where you live. We provide a privacy policy specific to each contest that you should review prior to entering the contest.

Forums

Membership into our forums is voluntary. When you provide your username, password and e-mail address, you can receive online support from Wiplist and from other Wiplist users. Please refer to the policy before registering to join our forums.

Newsletters

Subscription to a Wiplist newsletter is voluntary. By providing your e-mail address, you are agreeing that Wiplist can send you important information about our products, including announcements of new releases. You may update your e-mail address or unsubscribe by contacting head office sending an email request.

Notice

Wiplist informs its customers what information it collects, how it is used, whether it may be temporarily transferred to others to provide the products or services requested and how to contact Wiplist with privacy inquiries. Wiplist provides a link to Wiplist’s privacy notice on its sites, and in e-mails.

Choice

Wiplist offers customers and individuals who provide us information choices about receiving further communications from us; for example, our e-mail newsletters are sent only to those who have expressly asked to receive them, and the newsletters have a link to use to opt out of receiving future messages. Wiplist may ask individuals if they wish to participate in market research, and then contact them if they give us their permission. Wiplist does not contact customers or individuals for marketing purposes for those persons who have contacted Wiplist directly to opt out of our direct marketing programs.

Technology

Wiplist uses technology in order to better serve its customers and others. Wiplist informs customers or individuals when Wiplist use technologies that are privacy related.

Data Integrity & Access

Wiplist takes steps to make sure that the personal information Wiplist uses is correct. Wiplist provides customers and individuals with reasonable access to the personal information they may have provided us so that they can review and correct it, or ask us not to use it. For example, customers or individuals may obtain a copy of the data they have provided, or update their information by contacting head office.

Security

Wiplist protects personal information under its control by industry standard security practices and measures, in order to prevent loss, misuse, unauthorised access, disclosure, alteration, or destruction. Wiplist limits access to personal information to those who have a business need. Wiplist does not keep personal information any longer than necessary to meet the business purpose for which it was collected, though in some cases, legal or regulatory reasons require that personal information not be deleted. Wiplist shall use its best efforts to quickly work to remedy any vulnerabilities found in our or software and to alert our customers about any potentially dangerous vulnerabilities.

Data Transfer

Wiplist may transfer personal information to Wiplist databases in countries other than where it was provided. Wiplist privacy program requires the same high level of security and protection of personal information in all geographies with procedures and contracts in place to help ensure this is so. Data may be temporarily transferred to a vendor or business partner to provide services for Wiplist, such as mailing information or processing credit card transactions. These vendors and business partners are required to protect and manage the personal information to the same high standards Wiplist uses, and they cannot use the information for purposes other than to provide the services Wiplist has requested. Also, Wiplist may disclose or transfer your personal information, including, without limitation, personal information regarding customers under 13, if required to do so by law or in the good faith belief that such action is necessary to:

• satisfy an applicable law, regulation, legal process or enforceable governmental request;

• enforce applicable Wiplist’s Terms of Use, License or Service Agreements;

• detect, prevent, or otherwise address fraud, security or technical issues;

• to protect against imminent harm to rights, property or safety of Wiplist, its users, or the public at large as required or permitted by law.

Notification

If major content changes are made to Wiplist’s Privacy Policy, Wiplist will outline and post the changes along with the new version on this Wiplist site.

Links

Wiplist may create links to the sites of other parties. Independently operated sites are not associated with Wiplist or authorised by us and may also have links leading to this Wiplist site. Wiplist cannot control any of these links and are not responsible for any content appearing on the sites linked to or from Wiplist’s site, or for any personal information gathered at those independently operated sites.

Non-Australian Customers

If you are a customer or individual who is logging on from outside Australia, the personal information you submit to Wiplist will be sent to and stored in servers in our Australian headquarters in Melbourne, Victoria. Any data that you enter into the Wiplist product will be stored in a server central to your location, for example, customers in Europe will have your data stored on an Amazon Web Services (AWS) server in London, United Kingdom. Backups are also stored on a separate AWS server in the same region. Your data will be able to be accessed for maintenance and for technical support.

The personal information practices set out in this Privacy Policy apply to all Wiplist products, services, and customers worldwide. You have a right to access and to correct such data and/or personal information. To exercise these rights, or for other data privacy questions, please contact head office.

Enforcement

Wiplist regularly reviews its compliance with this Privacy Policy. Please feel free to direct any questions or concerns regarding this Policy or Wiplist’s treatment of personal information by contacting us at head office. When Wiplist receives a formal written complaint at this address, it is Wiplist’s policy to contact the complaining party regarding his or her concerns. Wiplist will cooperate with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of personal data that cannot be resolved by Wiplist and an individual.

No Error Free Performance

Wiplist does not guarantee error-free performance under this Privacy Policy. Wiplist will use reasonable efforts to comply with this Privacy Policy and will take prompt corrective action when Wiplist learns of any failure to comply with our Privacy Policy. Wiplist shall not be liable for any incidental, consequential or punitive damages relating to this Privacy Policy. This Privacy Policy shall be governed by the laws of the state of Victoria and the laws of Australia to the extent applicable.