Whodini Privacy Policy

Effective Date: March 27, 2026 | Last Updated: March 27, 2026

1. Introduction

This Privacy Policy (“Policy”) describes how Whodini AI, Inc. (“Whodini,” “we,” “us,” or “our”), a Delaware corporation, collects, uses, processes, shares, and protects information in connection with the Whodini browser extension, the Whodini web application, and all related services (collectively, the “Service”).

This Policy applies to all users of the Service, including individual end users and authorized users of enterprise accounts. By installing the extension or using the Service, you acknowledge that you have read and understood this Policy. Your use of the Service is also governed by our Terms of Service.

The Service was developed by WARP 10 AI, LLC (“WARP 10”), a Connecticut limited liability company, and is being transferred to Whodini AI, Inc. WARP 10 is a shareholder of Whodini AI, Inc. To the extent any personal information was collected or processed in connection with the Service prior to or during the transfer to Whodini AI, Inc., Whodini AI, Inc. is the successor data controller for such information and assumes all obligations under this Policy with respect thereto. References to “Whodini” in this Policy include WARP 10 AI, LLC as applicable.

2. What the Service Does

The Whodini Service is a browser extension and web application that analyzes web page content to identify pharmaceutical drug names, company names, and related industry terms. When enabled, the extension reads the content of web pages you visit, transmits relevant portions to Whodini’s backend servers for processing using artificial intelligence and machine learning systems, and returns enriched information that is displayed via tooltips, side panels, or modifications to the displayed web page.

The Service is designed for research, evaluation, and informational purposes. All output is informational only. Whodini does not provide medical, legal, financial, or regulatory advice. Users are solely responsible for how they evaluate, interpret, and act upon information provided by the Service, including compliance with all applicable laws and regulations.

3. Information We Collect

3.1 Account and Authentication Information

When you create a Whodini account or authenticate, we collect information necessary to identify and authorize you, which may include:

Email address
Name and organization (if provided)
Authentication tokens and session identifiers
Account preferences and settings

3.2 Web Page Content

When the extension is enabled on a supported page, it reads the content of the web page you are viewing, which may include:

Page text and structured content (the Document Object Model, or DOM)
The page URL
Metadata associated with the page

This web page content is transmitted to our backend servers for processing. We do not retain web page content on our servers after processing is complete. Web page content may incidentally contain personal information about third parties (such as names, job titles, biographical information, or other data present on the page). We do not target this personal information for collection; it is processed solely as part of the page content necessary to deliver the Service, and it is not stored or retained.

3.3 Usage and Analytics Data

We automatically collect certain information about how you use the Service, including:

Extension activation and feature usage events
Pages on which the extension is activated (domain-level, not full URL content)
Performance and error data
Browser type, version, and operating system
IP address (used for server communication; not stored for tracking purposes)

3.4 Information We Do Not Intentionally Collect

Whodini does not intentionally collect:

Financial account numbers, Social Security numbers, or government-issued identifiers
Passwords to third-party services
Health records or protected health information (PHI) as defined by HIPAA
Biometric data

However, because the Service processes web page content as displayed in your browser, such content may incidentally contain personal or sensitive information about you or third parties. We process this content only to deliver the Service and do not retain it.

4. How We Use Information

4.1 To Provide and Operate the Service

Authenticate your access to the Service
Process web page content to identify and enrich pharmaceutical and company information
Display enriched information via tooltips, side panels, or page modifications
Maintain and improve Service functionality

4.2 AI and Machine Learning Processing

The Service uses artificial intelligence and machine learning (“AI/ML”) systems to process web page content. Specifically:

Web page content you view is transmitted to our servers, where AI/ML models analyze the text to detect known pharmaceutical terms, drug names, company names, and related industry information.
The AI/ML system cross-references detected terms against proprietary and third-party pharmaceutical databases to generate enriched information.
Processed results are returned to the extension and displayed in your browser.
AI/ML-generated output may be inaccurate, incomplete, or out of date. Whodini makes no representations regarding the accuracy, reliability, or completeness of any output.
Web page content is processed in real time and is not retained on our servers after processing. We do not use your web page content to train or improve our AI/ML models unless we obtain your separate, explicit consent.

4.3 Analytics and Service Improvement

Analyze usage patterns to improve Service features and performance
Monitor for errors, outages, and security incidents
Generate aggregated, de-identified insights about Service usage

4.4 Legal and Safety

Comply with applicable laws, regulations, and legal processes
Enforce our Terms of Service
Protect the rights, safety, and security of Whodini, our users, and the public

5. Legal Bases for Processing

For users located in the European Economic Area (“EEA”), the United Kingdom, or Switzerland, we rely on the following legal bases under the General Data Protection Regulation (“GDPR”) and equivalent laws:

Contract: Processing necessary to perform the Service you have requested (account authentication, content processing, delivery of results).
Consent: Where we process web page content via the extension, which you activate and control. You may withdraw consent at any time by disabling or uninstalling the extension.
Legitimate Interest: Analytics, security monitoring, and service improvement, where our interests do not override your fundamental rights. We conduct balancing tests for each legitimate interest use.
Legal Obligation: Processing required to comply with applicable laws, regulations, or legal processes.

6. How We Share Information

We do not sell your personal information. We do not use or transfer personal information for advertising, profiling unrelated to the Service, or data brokerage. We share information only as described below.

6.1 Service Providers and Sub-processors

We use the following third-party service providers to operate the Service. Each processes data only for the purposes described and under contractual obligations to protect your information:

Provider	Purpose	Data Processed	Location
Amazon Web Services (AWS)	Cloud hosting, data processing	All service data	United States
Google Analytics	Product analytics	Usage events, anonymized identifiers	United States
Mixpanel	Product analytics	Usage events, feature interactions	United States
Logfire	Backend monitoring, error tracking	Server logs, performance metrics	United States

Our analytics providers receive usage data only and do not receive web page content. We require all sub-processors to maintain appropriate security measures and to process data only as instructed.

6.2 Legal Disclosures

We may disclose information if required by law, subpoena, court order, or other legal process, or if we believe in good faith that disclosure is necessary to protect the rights, safety, or security of Whodini, our users, or the public, or to investigate or prevent fraud, abuse, or security incidents.

6.3 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email or prominent notice on our website before your information becomes subject to a different privacy policy.

7. Third-Party Websites and Content

The Service operates by reading and processing content from third-party websites that you choose to visit. Whodini is not responsible for the content, accuracy, or privacy practices of any third-party website.

User Responsibility for Third-Party Terms. You are solely responsible for your compliance with any terms of service, license agreements, or usage policies governing the third-party websites on which you use the Service. Whodini is not a party to any such third-party agreement and has no liability arising from your use of the Service on any third-party website. Some third-party websites may restrict or prohibit the use of browser extensions, automated access, or modification of their content. It is your responsibility to determine whether your use of the Service on any particular website complies with that website’s terms.

8. Data Retention

We retain information only as long as necessary for the purposes described in this Policy, or as required by law.

Data Category	Retention Period	Justification
Web page content	Not retained (processed in real time and immediately discarded)	No ongoing purpose after processing
Account credentials and profile	Duration of active account plus 30 days after deletion request	Service delivery; grace period for accidental deletion
Usage analytics (Google Analytics)	14 months (Google’s default retention)	Product improvement and trend analysis
Usage analytics (Mixpanel)	12 months	Product improvement
Server logs (Logfire)	90 days	Debugging, performance monitoring, incident response
Aggregated / de-identified data	Indefinitely	No longer constitutes personal information

9. Data Security

We implement reasonable administrative, technical, and organizational safeguards designed to protect information from unauthorized access, disclosure, alteration, or destruction, including:

All data transmitted between the extension and our servers is encrypted in transit using TLS/HTTPS.
Data at rest on our servers is encrypted using industry-standard encryption.
Access to production systems is restricted to authorized personnel and subject to audit logging.
We conduct regular security assessments of our infrastructure and codebase.

No method of electronic transmission or storage is completely secure. While we strive to protect your information, we cannot guarantee absolute security.

9.1 Data Breach Notification

In the event of a security breach involving personal information, we will notify affected users without undue delay and in accordance with applicable law. For users in the EEA, we will notify the relevant supervisory authority within 72 hours of becoming aware of a qualifying breach, as required by GDPR Article 33. For California residents, we will provide notice consistent with California Civil Code Section 1798.82.

10. International Data Transfers

All Whodini servers are hosted by Amazon Web Services (AWS) and are physically located in the United States. If you access the Service from outside the United States, your information will be transferred to, processed in, and stored in the United States.

For users in the EEA, United Kingdom, or Switzerland: we rely on the European Commission’s Standard Contractual Clauses (SCCs) and, where applicable, the UK International Data Transfer Addendum, as the legal mechanism for transferring personal data to the United States. We ensure that appropriate safeguards are in place to protect your data in accordance with GDPR requirements. You may request a copy of the applicable SCCs by contacting us at the address below.

11. Your Rights and Choices

11.1 All Users

Toggle the extension: You can enable or disable the extension at any time, which stops data collection and processing on web pages.
Uninstall: You can uninstall the extension to permanently stop all data collection through the extension.
Account data requests: You may contact us to request access to, correction of, or deletion of information we maintain about you.

11.2 Rights Under the GDPR (EEA, UK, Switzerland)

If you are located in the EEA, United Kingdom, or Switzerland, you have the following additional rights under applicable data protection law:

Right of access: Obtain confirmation of whether we process your personal data and a copy of that data.
Right to rectification: Request correction of inaccurate personal data.
Right to erasure: Request deletion of your personal data, subject to legal exceptions.
Right to restrict processing: Request that we limit how we use your data in certain circumstances.
Right to data portability: Receive your personal data in a structured, commonly used, machine-readable format.
Right to object: Object to processing based on legitimate interests, including for direct marketing purposes.
Right to withdraw consent: Withdraw consent at any time, without affecting the lawfulness of processing based on consent before withdrawal.
Right regarding automated decision-making: The Service uses AI/ML to process web page content, but does not make automated decisions that produce legal effects concerning you or similarly significantly affect you. If you believe otherwise, you may contact us to request human review.
Right to lodge a complaint: File a complaint with your local data protection supervisory authority.

To exercise any of these rights, contact us at support@whodini.ai. We will respond within 30 days (extendable by 60 days for complex requests, with notice to you).

11.3 Rights Under the CCPA/CPRA (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (“CCPA/CPRA”):

Right to know: Request disclosure of the categories and specific pieces of personal information we have collected about you, the sources, the purposes, and the categories of third parties with whom we share it.
Right to delete: Request deletion of personal information we have collected from you.
Right to correct: Request correction of inaccurate personal information.
Right to opt out of sale or sharing: We do not sell or share your personal information as defined by the CCPA/CPRA.
Right to limit use of sensitive personal information: We do not use sensitive personal information for purposes beyond those permitted by the CCPA/CPRA.
Right to non-discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise these rights, contact us at support@whodini.ai or submit a request via our website. We will verify your identity before processing any request. We will respond within 45 days (extendable by an additional 45 days with notice to you).

11.4 Other U.S. State Privacy Rights

Residents of Virginia, Colorado, Connecticut, Utah, Montana, and other states with comprehensive privacy laws may have similar rights to access, correct, delete, and opt out of certain processing of personal information. To exercise any such rights, contact us at support@whodini.ai.

12. Cookies and Tracking Technologies

The extension itself does not set cookies in your browser. However, our analytics providers (Google Analytics and Mixpanel) may use cookies or similar technologies to collect usage data. These are used solely for product analytics and improvement, not for advertising or cross-site tracking.

You can manage cookie preferences through your browser settings. Disabling analytics cookies will not affect the core functionality of the extension.

13. Children’s Privacy

The Service is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children under 18. If we learn that we have collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe a child under 18 has provided us with personal information, please contact us at support@whodini.ai.

14. Chrome Web Store and Limited Use Disclosure

The Whodini extension’s use and transfer of information received from Google APIs adheres to the Chrome Web Store User Data Policy, including the Limited Use requirements.

Specifically:

Our use of data obtained through Chrome APIs is limited to providing and improving the Service as described in this Policy.
We do not use data obtained through Chrome APIs for serving advertisements.
We do not use data obtained through Chrome APIs to determine creditworthiness or for lending purposes.
We do not sell data obtained through Chrome APIs to third parties.
We do not use or transfer data obtained through Chrome APIs for purposes unrelated to the extension’s single purpose of pharmaceutical and company information enrichment.

15. Disclaimers

15.1 Accuracy and Fitness

THE SERVICE AND ALL OUTPUT IT PRODUCES, INCLUDING AI- AND ML-GENERATED OUTPUT, ARE PROVIDED “AS IS” AND “AS AVAILABLE” WITHOUT WARRANTY OF ANY KIND. WHODINI MAKES NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED, REGARDING THE ACCURACY, RELIABILITY, COMPLETENESS, LEGALITY, OR SUITABILITY OF THE SERVICE OR ANY OUTPUT FOR ANY PURPOSE. THE SERVICE IS NOT A MEDICAL DEVICE AND DOES NOT PROVIDE MEDICAL, LEGAL, FINANCIAL, OR REGULATORY ADVICE.

15.2 User Responsibility

YOU ARE SOLELY RESPONSIBLE FOR HOW YOU USE THE SERVICE AND ANY INFORMATION OR OUTPUT IT PROVIDES. THIS INCLUDES, WITHOUT LIMITATION, ANY DECISIONS YOU MAKE BASED ON SUCH INFORMATION, ANY ACTIONS YOU TAKE IN RELIANCE ON SUCH INFORMATION, AND YOUR COMPLIANCE WITH ALL APPLICABLE LAWS AND REGULATIONS, INCLUDING WITHOUT LIMITATION EMPLOYMENT, ANTI-DISCRIMINATION, FAIR CREDIT, DATA PROTECTION, AND INDUSTRY-SPECIFIC REGULATIONS.

15.3 Limitation of Liability

IN NO EVENT SHALL WHODINI BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR EXEMPLARY DAMAGES ARISING OUT OF OR IN CONNECTION WITH THE SERVICE, INCLUDING DAMAGES ARISING FROM RELIANCE ON ANY OUTPUT, INACCURACY OF INFORMATION, OR INABILITY TO USE THE SERVICE. THIS LIMITATION APPLIES REGARDLESS OF THE THEORY OF LIABILITY AND EVEN IF WHODINI HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

15.4 Indemnification

By using the Service, you agree to indemnify, defend, and hold harmless Whodini AI, Inc., its officers, directors, employees, and agents from and against any claims, liabilities, damages, losses, or expenses (including reasonable attorneys’ fees) arising out of or in connection with your use or misuse of the Service, your violation of this Policy or the Terms of Service, or your violation of any third-party rights.

16. Data Processing Agreements

Enterprise customers who require a Data Processing Agreement (DPA) or Data Processing Addendum in connection with GDPR or other data protection regulations may request one by contacting support@whodini.ai. Whodini will execute DPAs that incorporate Standard Contractual Clauses where required.

17. Changes to This Policy

We may update this Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will update the “Last Updated” date at the top of this Policy and, where required by law, provide notice via email or an in-product notification before the changes take effect.

Your continued use of the Service after any changes to this Policy constitutes your acceptance of the updated Policy. We encourage you to review this Policy periodically.

18. Contact Us

For questions, requests, or complaints regarding this Privacy Policy or our data practices, please contact:

Whodini AI, Inc.
Email: support@whodini.ai
Website: https://whodini.ai

For GDPR-related inquiries, you may also contact our privacy team at the email address above with the subject line “GDPR Request.”