Does Witty read and store everything I write? Is Witty even spying on me? Can this browser extension easily leak confidential information all over the place?
We are glad you are thinking about privacy - this is important. We hear concerns like this regularly, and we understand them. You are not the only one having them, and we would like to provide some clarity.
Transparency & data protection
It is important to us to be absolutely transparent when it comes to security. The trust of our users is more important to us than collecting data. That's why we have set up a page where we explain in detail and in easy-to-understand language what data we collect.
In a nutshell, here are the main points:
Which data are collected or processed?
Witty only analyzes text only on websites where it has been activated, and specifically only in text fields with an active cursor. It does never analyze single input fields, which are typically used for passwords.
Witty maintains a clear distinction between users and their written text. It doesn't retain everything you type. Instead, we collect a small portion of text (about 100 characters) before and after the highlighted term. This data is gathered only when a user decides to accept an alternative or chooses to ignore a highlighted term. This process helps us understand the context in which a term should or shouldn't be highlighted. It's important to note that this is done anonymously. For paid users, there's an option to disable this storage on our end.
Additionally, we always remove URLs, emails, and any numbers (e.g. phone number, account number, credit card numbers) from the collected 100 characters. This precaution is taken to minimize the possibility of collecting personal information.
- We collect data for both individual analytics and an aggregated team view. However, it's important to clarify that analytics occurs only a meta-level and never includes any content from the user's written texts. Instead, it focuses on information such as the frequency of Witty usage, the categories in which highlighted terms appear, and the specific highlighted terms used.
Where is the data processed?
All of our servers are in the EU (dashboard, API, analytics), and some subprocessors are not hosted in the EU. More details are here.
How long will the data be stored?
User text data is not persisted (ie. it only lives in memory during the processing of the API requests), except for the data collection noted above, which is indefinitely (but can be deleted upon request).
What subprocessors have access to user data?You can find all subprocessors here.
Who has the ability to view customer data?
Access to team data (including allow/deny lists, language settings, and analytics) is restricted to the account owner and account administrators. Users can only see their own data (deny list, language settings, and analytics). Team administrators also have the option to give users access to team analytics. It's important to mention that team owners have access to aggregated data, but they cannot view individual analytics
Who can access the data from Witty Works?
Witty Works has complete access to both the team and user settings, but they cannot view the actual text data processed by the browser extension, except for the highlighted words presented in an aggregated form. Please note that this aggregated form does not include the specific 100 characters before or after the highlighted word, these cannot be accessed by Witty Works.
Choose where Witty should work
There are two ways you can configure where Witty is active.
- We offer users the ability to disable Witty for specific websites or to enable them for specific websites. You can also choose that Witty can be used only in the Witty editor. Here we explain in detail how to set this up.
- In addition, the Chrome and Edge browser gives admins the ability to define on which websites a given browser plugin may be used. This is the most secure way to prevent the use of Witty on certain websites.
- We are also in the process of releasing a Word Add-in. Due to the nature of MS Office, this integration will require actively pressing a button to trigger the check. In this way, you are in total control over which texts are read by Witty.
System Architecture and Information Security
Is it a client-server solution?
Yes, the browser extension communicates with an API hosted in the EU.
How does the system manage who can access and do what?
Authentication is managed through Azure AD B2C, while authorization relies on assigned roles within the application (such as owner, admin, or user). Users have the option to create their accounts using Google, Microsoft, or email credentials. Administrators can send invitations to users to join their team. Users can decide whether to accept the invitation or leave the team later on. Additionally, team administrators have the authority to remove users from the team.
By using Google/Microsoft login, users have the flexibility to employ advanced security measures like two-factor authentication (2FA) to enhance the protection of their passwords. It's important to note that our email/password option is designed primarily for user convenience rather than top-level security.
How does information move and interact in the system?
- The browser extension takes the text you've written and sends it to the API.
- The API then handles your request using the team or user settings you have.
- Once the API has processed everything, it sends back the right feedback.
- Finally, the browser extension shows you the feedback and also shares relevant information with the analytics server.
All of this communication is done securely using SSL encryption through HTTP requests.
How does Witty work? Is Witty active all the time?
Witty is a browser extension available for Chrome and Firefox. It functions by overlaying itself on any text box found on webpages, where it examines the text that users write. When it detects biased terms or phrases, it highlights them. By clicking on a highlighted term, Witty opens a small window that explains the bias and suggests more inclusive words or phrases. If you choose one of these alternatives, Witty will replace the biased word in your text.
Users have the flexibility to enable or disable Witty easily. This can be done through the quick settings in the browser's navigation menu (more details below) or by adjusting personal settings, which are saved as the user's personal deny list for future reference.
Can I access and inspect the browser extension's code before I install it?
Witty Works can provide a manually installable package upon request. You have the option to download a zip file containing the latest version of the Witty browser extension using the CRX browser extension. You can then follow the steps outlined here to manually install it: Link to Installation Guide
Where do I find all legal documents about privacy?
All our privacy and data security specifications as well as contract terms are found in the following documents:
Got more questions?
If you have any further questions about privacy, please drop us a line with your question at email@example.com.