← Back to WiseBar

WiseBar Privacy Policy

Effective Date: December 16, 2025

Version: v1.0

Last Updated: December 16, 2025

Welcome to WiseBar (the "Product").

The Product is operated by Tutuo.ai ("we", "us"). We take your privacy seriously. This Privacy Policy explains how we collect, use, store, share, and protect your information, and the rights you have.

If you do not agree with any part of this Privacy Policy, please stop using the Product.

1. Scope

This Privacy Policy applies to:

  • The WiseBar Chrome Extension and related features;
  • Our website and related pages (e.g., `tutuo.ai`);
  • Our backend services/APIs and customer support provided for the Product.

This Privacy Policy does not apply to third-party websites/services/extensions. When you access third-party services through WiseBar, their privacy policies apply.

2. Our Principles

We process information based on the following principles:

  • Data minimization: collect only what is necessary;
  • Purpose limitation: use data only for purposes described here and reasonably expected by you;
  • Security: apply reasonable technical and organizational safeguards;
  • Transparency & control: provide clear settings and choices whenever possible.

3. Information We Collect

Depending on features you use, we may collect the following (we do not collect data for features you do not use):

3.1 Information you provide

Account information

email (global users) or phone number (China-region users), username, password (stored as a hash), verification codes (for verification only).

Profile & preferences

avatar (may be stored as a URL), language/timezone, sync/notification/privacy settings.

Content you create/upload/generate

highlights, annotations, notes, tags, learning cards, exports, and communications with support.

Subscription & billing (if applicable)

subscription status, order identifiers, payment time, amount/currency, and invoice/billing details (if provided). We typically do not store full card numbers or payment passwords; payments are processed by third-party payment providers (see Section 6).

3.2 Information collected automatically

Device & log data (security & reliability)

browser/OS type and version, language, timezone, IP address (for anti-abuse and security), error codes, crash stacks, request latency, etc.

Usage data (product improvement)

feature usage frequency, interactions, performance metrics, mostly analyzed in aggregated form.

Local storage data (stored in your browser)

preferences, feature toggles, cache, temporary tokens, etc. (e.g., in `chrome.storage` or browser cache).

3.3 Web content / browsing-related information (as needed for features)

WiseBar is a browser extension. To provide highlights, notes, history timeline, and AI tools, we may process certain web data when you use the features:

Page metadata

URL, title, domain (to identify and organize your content).

Your selections and annotations

selected text, highlight anchors, notes/tags you create.

Page content (only when needed)

when you run AI features (e.g., page analysis/summarization/translation/rewrite), the extension may read relevant parts of the page content locally; if you enable cloud processing or cross-device sync, related content may be sent to our servers or third-party AI providers for processing (see Section 6).

About browsing history / tracking:

We do not collect or sell your browsing history for advertising purposes. Some features (e.g., "History/Timeline") may store visited page metadata (URL/title) locally; whether it is synced depends on your login/sync settings. We aim to use privacy-friendly defaults (for example, new users have browsing tracking disabled by default).

About extension permissions:

The extension requests broad site access (e.g., "all sites") so it can work on the pages you choose to use it on. We do not use this permission to build an advertising profile or sell browsing history; we process page data only as needed to provide the features you trigger.

3.4 Sensitive personal information

We generally do not ask you to provide sensitive personal information (e.g., government ID, precise location, financial account passwords). However, content you submit/annotate may contain sensitive information. Please be cautious; we only process it to provide the service you requested and apply stricter safeguards where appropriate.

4. How We Use Information

We use information to:

  • Provide and maintain core features (highlights, notes, cards, history, export, sync, AI tools, etc.);
  • Account registration/login, verification, and session/device security;
  • Cross-device sync and backup (if you enable it);
  • Subscription management and billing support (if applicable);
  • Security, anti-abuse, troubleshooting, and audits;
  • Customer support;
  • Analytics and product improvement.

If we need to use information for purposes not described here, we will notify you in advance and obtain consent where required.

5. Storage and Security

5.1 Where and how long we store data

**Location**: Our primary infrastructure uses AWS (for example, `us-west-2` / US West). Your data may be processed outside your country/region (see Section 9).

**Retention (high-level)**:

  • Account data and user content: generally for the life of your account; after deletion/account closure, we delete or anonymize within a reasonable period (typically within 30 days, unless required otherwise by law).
  • Billing/financial records: may be retained longer to meet legal/tax requirements.
  • Logs and security records: kept for the shortest period necessary; some compliance/audit logs may be retained longer.

5.2 Security measures

We apply reasonable safeguards, such as:

  • Encryption in transit (TLS/HTTPS);
  • Access control and least-privilege;
  • Infrastructure-level encryption capabilities and application-level encryption depending on your selected privacy mode (e.g., "standard/enhanced/end-to-end" modes; end-to-end encryption may limit certain AI features);
  • Monitoring, patching, backups, and recovery processes.

No system is 100% secure. If a security incident occurs, we will take remediation measures and notify you and regulators where required by law.

6. Sharing, Transfers, and Disclosure

We do not sell your personal information. We only share it in the following cases:

6.1 Service providers (processors)

Depending on features you use, we may use:

  • **Cloud provider**: AWS (hosting, storage, avatar/file storage, email delivery such as AWS SES, etc.).
  • **Payments**: Stripe (subscription and payment processing; we typically receive only necessary identifiers/status).
  • **AI/model providers (when you use AI features)**: such as OpenAI, Anthropic, etc. (processing only content you submit for AI tasks; availability may depend on your privacy mode).
  • **Analytics (if enabled)**: such as Snowplow (minimized configuration and with opt-out options).
  • **Messaging/notifications (as applicable)**: email delivery for verification/notifications; phone-based verification may involve SMS providers.

We require service providers to process data only as necessary to deliver services and to use reasonable security measures.

6.2 Legal and security reasons

We may disclose information to comply with law/court orders/regulatory requests, to protect rights and safety, or to investigate fraud/abuse/attacks.

6.3 Merger, acquisition, or asset transfer

If a merger/acquisition/asset transfer occurs, we may transfer relevant information. The successor must continue to be bound by this policy; if material changes occur, we will notify you and obtain consent where required.

7. Limits on Human Access to User Content

We do not allow personnel to proactively access your content (e.g., annotated page content, AI inputs) except when:

  • You explicitly request support and consent to access specific data;
  • Data is aggregated/anonymized for internal analytics and permitted by law;
  • Necessary for security investigations (abuse/attacks);
  • Required to comply with law.

8. Your Rights and Choices

Subject to applicable law, you may have rights to access, correct, delete, and export your data, withdraw consent, and object to certain processing. You can use in-product settings where available, or contact us at `privacy@tutuo.ai` / `support@tutuo.ai`.

wisebar.privacy.sections.rights.contact

9. Cross-Border Transfers (if applicable)

If we store/process data outside your country/region, we will take required compliance steps (e.g., standard contractual clauses, impact assessments), apply reasonable security safeguards, and notify/seek consent where required.

10. Children's Privacy

WiseBar is not intended for children under 13 (or other age as required by local law). If we learn we have collected personal information from a minor, we will delete or anonymize it promptly.

11. Third-Party Links and Services

WiseBar may include links/integrations with third-party services (payments, login, AI services). Those third parties process information under their own policies; we recommend reviewing them.

12. Updates to This Policy

We may update this policy from time to time. If changes are material, we will notify you via in-app notice, email, or other reasonable means. Continued use indicates acceptance unless re-consent is required by law.

13. Contact Us

Operator: Tutuo.ai (WiseBar team)

Privacy email: `privacy@tutuo.ai`

Support email: `support@tutuo.ai`

Contact page: `https://tutuo.ai/contact`

← Back to WiseBar
Terms of Service | Support