What’s yours is yours: Woven’s data privacy philosophy

A lot of consumers harbor fears about subversive actions from various apps on phones, tablets, and computers. And many of those fears are valid! There have been numerous reports in the last few years of apps selling off their collected data for profit. In light of this discussion, it feels like a good time to put down in writing our philosophy and practices surrounding privacy and security.

This post is meant to walk you through our policies and procedures, and to clarify any concerns you might have in an era where technology changes quickly, and can sometimes feel invasive.

Privacy commitment
I want to begin by saying that Woven never sells your data, and it never will.

We feel strongly, as a corporation, that the information you share with us should remain yours and only yours, except for the limited data you specifically choose to share with your collaborators. The combined experience of our executives and engineers led us to establish this priority from the outset. Our business model is to make our product paid for directly by our users (but Woven is free during our beta). It does not, and will never include selling your personal data to third parties for profit. In fact, we go to great lengths to protect the data shared, including internally.

Google permissions
Our privacy policy explains how we approach to protecting your data in general but it does not give the details of how Woven uses the Google permissions for calendar, email and contacts access you grant to us when you sign up.

Calendar
We ask for full access to your calendars to better manage your schedule and meetings within Woven.  Even though the permission we ask for does allow deletion of calendars, we do not offer such functionality within Woven and have no plans to offer it in the future.

Email
Woven bridges the gap between your email and calendar in two ways:

1. Via Woven Assistant, which responds to your commands in outgoing email messages and automatically detects incoming scheduling-related email messages.  Woven Assistant only looks at your primary inbox and does so only using algorithms; humans are not involved in how the Assistant processes a message at all.

2. By allowing you to send and view email messages associated to meetings.  This means you can see the entire conversation around a meeting right inside Woven.  An email thread is considered related to an event if any of its messages were sent from Woven, if it contains a woven.com/go link that refers to that event or if it was detected by Woven Assistant.  We only ever store email messages that fit this criteria in Woven.

Contacts
We use your contacts to allow you auto-complete email message recipients and event participants within Woven.  Because we currently do not make use of phone numbers or street addresses, names and email addresses are the only things we retain from your contacts.  We also do not retain whether a single contact has multiple email addresses or not.

We believe explaining how we use the Google permissions you grant to us is as important as disclosing our privacy policy.  To that effect, we always show a link to an extended version of the above information right before a new user signs up to Woven so the decision to sign up can be an informed one from the get-go.

Location data
When calendaring, where you are - your location - makes a difference. This is why we ask permission to use your location data, but not until the first time we need it.

Our internal Woven Graph Engine, the proprietary technology that syncs, organizes, and updates your information, primarily uses your location data to search nearby addresses when you ask for it, to render visual maps of scheduled events, to predict commute times if you attach a location to an event and to help with timezone selection. We use location data to improve scheduling but we don't keep a per-user location history for anyone.

We understand location data is sensitive so we don't ask for more permissions than needed.  For example, we don't have any functionality that requires Woven to know where you are at all times so we don't even ask for that permission. Take a look in your iOS settings by going to Settings -> Privacy -> Location Services -> Woven. You’ll notice that there are only two choices: Never, and While Using the App.

In addition to location data coming from your devices, Woven also collects IP-based location data primarily for the purpose of debugging, security and improving Woven itself. This information is not aggregated per-user and used only when necessary.

Safe data storage
Another thing that might be of interest is how we store your data. Woven's infrastructure runs entirely on Google Cloud, and all of our servers are currently located in the US. All data at rest (on-disk) is encrypted by default.

The only people who can access that data are our engineers.  Engineers only access this data for debugging purposes when needed and all access is logged. No other Woven employees or contractors have data access. Furthermore, everyone who has access to data was subject to a full background check, even me!

On top of the at-rest encryption, we also encrypt user credentials with a secondary key and use this key both at-rest and in-transit (when data is sent from server to server). This secondary key is stored in a completely separate environment and can only be used by even a smaller number of senior engineers.  In fact, even those senior engineers never get to view the key itself, they just get a right to use it for decryption when needed.  The key itself is never directly accessible by anyone at Woven at any time.

Safe logins
When you login to Woven, we use Google authentication to identify who you are. During this process, your Google account password is never shared with us. Google only sends us your proxy credentials (that we double-encrypt, as I explained above).  We also use Google authentication to constantly verify in the background that you are who you say you are. Even if you aren't aware of it, Woven asks Google to re-verify your identity every 60 minutes when you are using one of our apps.

Top to bottom privacy
To illustrate the privacy built into our system from the ground up, let’s take a closer look at what happens inside an individual event. All elements that contribute to a Woven event are broken down into what we call “entities”. An entity in this context is any piece of data or information: an email message, a note, a tag/category, etc.

Each entity has three levels of permission associated with it:

  • Who can see it?
  • Who can modify it?
  • Who can delete it?

It’s with this level of specificity that we can have events that you’ve collaborated on with others and still maintain your own private records. If you look at any event in your Woven calendar, you’ll see information like Participants, Location, and Description. Below that you’ll notice a section labeled “Private information.” Here you can take notes on candidates that you’re interviewing, investors you’re meeting with, or on your staff meetings.  You can also categorize your events via tags. Those notes and tags will be for you and you alone. Other collaborators will not see these fields at all.

-------------
The bottom line is that Woven is meant to empower you to spend your time on what matters most. We have taken many precautions to make sure that your data remains just that, yours and yours alone.

If you have any further questions about Woven privacy and security practices, please contact us at info@woven.com.

Burc Arpat is a co-founder of Woven and its Chief Technology Officer. Before Woven, he led engineering teams at Google and Facebook.