Enterprise-Grade Security

Enterprises across the globe trust Wrike to manage their team's most important projects and collaborate in the cloud.

Wrike Privacy Policy

Effective Date: May 25, 2018. Wrike, Inc.

This is the Privacy Policy for Wrike, Inc. (“Wrike”) and its affiliates. It covers our handling of two categories of information:
  1. Personal data we handle for our customers and users (“Service Data”). We collect this data through our work management and collaboration platform (including though user accounts on wrike.com and our apps) and through related support and professional services. We refer to all of these offerings as the “Services.” Under applicable law, Wrike is considered a “processor” of this data, and the company or legal entity that administers the Wrike account containing personal data or receiving professional services (or, for group accounts, the authorized representative of the company or legal entity) is a “controller” of the data.
  2. Personal data we handle for our own business (“Business Data”). This includes certain data collected on our websites, such as newsletter signup forms, as well as data collected through other marketing-related efforts and other business communications. Under applicable law, Wrike is a “controller” of this data.
This Privacy Policy has details specific to Service Data, details specific to Business Data, and information relevant to our handling of both kinds of data. If you have any questions about any of the information contained in this Policy, please feel free to contact us; we can be reached via email at privacy@team.wrike.com

1. Privacy Practices Specific to Service Data

a. Types of Service Data
We receive information from or on behalf of our customers and their users.  Because of the nature of our Services, this information may contain any type of personal data. We offer users an optional browser extension to let them create tasks from third-party webpages and view the tasks associated with a particular page.  If you install it, the browser extension will check the websites you visit to see if any tasks are associated with them in Wrike accounts you are part of.  If so, the browser extension then submits information about only those domains/pages that have tasks associated with them to Wrike’s servers so that the servers can search for indexed tasks belonging to (or shared with) your existing account.  (If there are any such tasks associated with the domain and URL you have visited, the Wrike server will return names of those tasks back to your browser extension. The browser extension on your local device performs the initial screening of the domains you have visited to identify those for which tasks have been created and only sends information about those domains and URLs on to the Wrike servers.) Our platform also uses cookies and other automated data collection tools described in Section 3.  We use the Service Data collected through such technology as described below.
b. Uses of Service Data
Subject to our contractual obligations, and depending on the particular Wrike Services, we use the information described above as follows:
  • To provide and/or improve the Wrike Services (including internal analysis of aggregate usage patterns;
  • To enforce the legal terms that govern the Wrike Services;
  • To comply with law and protect rights, safety and property; and
  • For other purposes requested or permitted by our customers or users.
c. Disclosures of Service Data
Subject to our contractual obligations, and depending on the particular Wrike Services, we share the information described above as follows:
  • To provide the Wrike Services, which can involve transferring data to third parties whose own use of the data is not subject this Privacy Policy, such as:
    • By facilitating a user’s posting of information to a Wrike workspace controlled by a Wrike customer (which, like the other examples here, then would be subject to that third party’s decisions about use and disclosure);
    • By facilitating a user’s electronic delivery of information to an external recipient selected by that user (such as to send data to an integration or to invite a nonuser to join a workspace); or
    • By providing a customer or a third party chosen by the customer with any data collected from any user of the customer’s Wrike workspace;
    • By providing an account administrator or account owner or another authorized representative of the Wrike customer with information about a user’s usage of Wrike Services.
  • To enforce the legal terms that govern the Wrike Services;
  • To comply with law, and where we deem disclosure appropriate to protect rights, safety and property (for example, for national security or law enforcement);
  • As part of a business sale, merger, consolidation, change in control, transfer of substantial assets or reorganization; or
  • For other purposes requested or permitted by our customers or users.
For those purposes, we may share information with our affiliates and other entities that help us with the uses and disclosures described above.

2. Privacy Practices Specific to Business Data

a. Types of Business Data
Business Data consists of contact details, professional details (e.g., title and name of company), information about an individual’s interactions with Wrike or our partners, and payment information. We obtain Business Data directly from the relevant individuals, and also from third-party sources, such as credit card issuers, data brokers, referrals from customers and users, as well as publicly available sources such as company websites.   Our platform also uses cookies and other automated data collection tools described in Section 3.  We use the Business Data collected through such technology as described below.
b. Uses of Business Data
Wrike uses and discloses Business Data as follows:
  • To fulfill your requests;
  • To send you information about our products and services, including marketing communications;
  • To respond to your questions, concerns, or customer service inquiries;
  • To analyze market conditions and use of our services;
  • To customize the content and advertising you see on our websites, across the Internet, and elsewhere;
  • To enforce the legal terms that govern our business and online properties;
  • To comply with law and protect rights, safety and property; and
c. Disclosures of Business Data
Subject to our contractual obligations, we share the information described above as follows:
  • For the uses of information described above;
  • As part of a business sale, merger, consolidation, change in control, transfer of substantial assets or reorganization; or
  • For other purposes requested or permitted by our customers or users.
For those purposes, we may share information with our affiliates and other entities that help us with any of the above.
d. Legal Basis for Processing Business Data
The laws in some jurisdictions require companies to tell you about the legal ground they rely on to use or disclose your personal data.  To the extent those laws apply, our legal grounds for processing Business Data are as follows:
  • To honor our contractual commitments to you:  Much of our processing of personal data is to meet our contractual obligations to our customers, or to take steps at customers’ request in anticipation of entering into a contract with them.  
  • Consent:  Where required by law, and in some other cases, we handle personal data on the basis of consent.  
  • Legitimate interests:  In many cases, we handle personal data on the ground that it furthers our legitimate interests in commercial activities such as the following in ways that are not overridden by the interests or fundamental rights and freedoms of the affected individuals:
    • Customer service
    • Marketing
    • Protecting our customers, personnel and property
    • Analyzing and improving our business
    • Managing legal issues
  • We may also process personal data for the same legitimate interests of our customers and business partners.
  • Legal compliance:  We need to use and disclose personal data in certain ways to comply with our legal obligations.

3. Additional Information About Our Privacy Practices (applicable to both Service Data and Business Data)

a. Security and Data Retention
To provide security for Service Data, we maintain physical, organizational and technical safeguards, which are subject to periodic changes.  We use different safeguards to help secure Business Data. Where we or our agents collect information from you, we or they will take reasonable steps to protect such information in transmission, but there may be circumstances when such information will not be protected that way. When you use our Wrike Services- we secure it in accordance with our safeguards. If you use other methods (email, phone, etc.) the protection of the data is not secure. Third-party software and services integrated into our service (for example, Google Drive, Box, Dropbox or other integrations) are handled by such third parties subject to their own privacy and security policies or procedures, which we do not control. We will hold your information for as long as necessary to fulfill the purposes set forth in this Privacy Notice or as long as we are legally required or permitted to do so.  Information may persist in copies made for backup and business continuity purposes for additional time.
b. Personal Data Rights and Choices (including Direct Marketing Opt-Out)
All users can review and update certain user information by logging in to the relevant portions of the Wrike platform. You can deactivate data collection by our browser extension by uninstalling it.  You can unsubscribe from marketing emails by clicking the "unsubscribe" link they contain. A user can deactivate their account by contacting us at support at team.wrike.com, subject to any contractual provisions between Wrike and the customer responsible for the account.  Controls related to cookies and other automated data collection are described in the section below. Residents of the European Economic Area and many other jurisdictions have certain legal rights (including, in certain cases, under the EU-U.S. and EU-Swiss Privacy Shield Frameworks) to obtain confirmation of whether we hold personal data about them, to access personal data we hold about them, and to obtain its correction, update, amendment or deletion in appropriate circumstances.  They also have rights to object to our handling of their personal data and to withdraw any consent they have provided. For example, individuals have a right to opt out of our processing of Business Data for direct marketing purposes.   To exercise those rights, they may contact us as described at the end of this Policy.  Where we process personal data on behalf of our customer, we may refer the request to the relevant customer and cooperate with their handling of the request, subject to any special contractual arrangement with that customer.  For individual user accounts not associated with a customer account, Wrike will handle the request directly. Many of the rights described here are subject to significant limitations and exceptions under the Privacy Shield Frameworks and applicable law.  For example, objections to the processing of personal data, and withdrawals of consent, typically will not have retroactive effect.
c. Cookies and Automated Data Collection
In our websites, apps and emails, we and third parties may collect certain information by automated means such as cookies, Web beacons, JavaScript and mobile device functionality.  This information may include unique browser identifiers, IP address, browser and operating system information, device identifiers (such as the Apple IDFA or Android Advertising ID), geolocation, other device information, Internet connection information, as well as details about individuals’ interactions with our apps, websites and emails (for example, the URL of the third-party website from which you came, the pages on our website that you visit, and the links you click on in our websites). We and third parties may use automated means to read or write information on users’ devices, such as in various types of cookies and other browser-based or plugin-based local storage (such as HTML5 storage or Flash-based storage).  Cookies and local storage are files that contain data, such as unique identifiers, that we or a third party may transfer to or read from a user’s device for the purposes described in this Privacy Notice, such as recognizing the device, service provision, record-keeping, analytics and marketing, depending on the context of collection.  You may be able to set your web browser to refuse certain types of cookies, or to alert you when certain types of cookies are being sent.  Some browsers offer similar settings for HTML5 local storage, and Flash storage can be managed here.  However, if you block or otherwise reject our cookies, local storage, JavaScript or other technologies, certain websites (including our own websites) may not function properly. These technologies help us (a) keep track of whether you are signed in or have previously signed in so that we can display all the features that are available to you; (b) remember your settings on the pages you visit, so that we can display your preferred content the next time you visit; (c) display personalized content; (d) perform analytics, and measure traffic and usage trends, and better understand the demographics of our users; (e) diagnose and fix technology problems; and (f) otherwise plan for and enhance our business. Also, in some cases, we facilitate the collection of information by advertising services administered by third parties.  The ad services may track users’ online activities over time by collecting information through automated means such as cookies, and they may use this information to show users ads that are tailored to their individual interests or characteristics and/or based on prior visits to certain sites or apps, or other information we or they know, infer or have collected from the users.  For example, we and these providers may use different types of cookies, other automated technology, and data (i) to recognize users and their devices, (ii) to inform, optimize, and serve ads and (iii) to report on our ad impressions, other uses of ad services, and interactions with these ad impressions and ad services (including how they are related to visits to specific sites or apps).  To learn more about interest-based advertising generally, including how to opt out from the targeting of interest-based ads by some of our current ad service partners, visit aboutads.info/choices or youronlinechoices.eu from each of your browsers.  You can opt out of Google Analytics and customize the Google Display Network ads by visiting the Google Ads Settings page. Google also allows you to install a Google Analytics Opt-out Browser Add-on for your browser.  If you replace, change or upgrade your browser, or delete your cookies, you may need to use these opt-out tools again.  We do not respond to browser-based do-not-track signals. Please visit your mobile device manufacturer's website (or the website for its operating system) for instructions on any additional privacy controls in your mobile operating system, such as privacy settings for device identifiers and geolocation.
d. International Data Transfers
We are based in the United States, and recipients of the data disclosures described in this Privacy Policy are located in the United States and elsewhere in the world, including where privacy laws may not provide as much protection as those of your country of residence.  (Eligible customers can arrange to have their workspaces stored in our data center located in the Netherlands.) Wrike complies with legal requirements for cross-border data protection, including through the use of European Commission-approved Standard Contractual Clauses and contract language required by the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks (“Privacy Shield”), which is described below.   As a business subject to the investigatory and enforcement authority of the United States Federal Trade Commission, Wrike has certified that its U.S. operations adhere to the Privacy Shield with respect to the personal data that Wrike receives in reliance on the Privacy Shield.  Our Privacy Shield certification is available at https://www.privacyshield.gov/list.  To learn more about the Privacy Shield program, please visit https://www.privacyshield.gov. When Wrike receives personal data under the Privacy Shield and then transfers it to a third-party service provider acting as an agent on Wrike’s behalf, Wrike may have certain responsibility under the Privacy Shield if both (i) the agent processes the information in a manner inconsistent with the Privacy Shield and (ii) Wrike is responsible for the event giving rise to the damage. Covered European residents should direct any questions, concerns or complaints regarding Wrike’s compliance with the Privacy Shield to Wrike as described at the bottom of this Policy.  Wrike will attempt to answer your questions and satisfy your concerns in a timely and complete manner as soon as possible.  If, after discussing the matter with Wrike, your issue or complaint is not resolved, Wrike has agreed to participate in the Privacy Shield independent dispute resolution mechanisms listed below, free of charge to you. Please contact Wrike first.
  • For human resources personal data that Wrike receives under the Privacy Shield (defined under Privacy Shield essentially as information about an employee collected in the context of the employment relationship): cooperation with the relevant data protection authority (which is usually the one where the employee works).
  • For other personal data Wrike receives under the Privacy Shield: Wrike has further committed to refer unresolved privacy complaints under the EU-U.S. and Swiss-U.S. Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.bbb.org/EU-privacy-shield for more information and to file a complaint.
If your complaint still is not resolved through these channels, under limited circumstances, an additional binding arbitration option may be available before a Privacy Shield panel, as described at privacyshield.gov.  Every individual also has a right to lodge a complaint with the relevant supervisory authority. Please note that Wrike’s customers may transfer personal data to Wrike on the basis of other legal mechanisms approved by the European Commission and other relevant authorities for cross-border data transfers, such as Standard Contractual Clauses.  To exercise any legal right to see copies of the data transfer mechanism documents that Wrike uses to transfer data to third parties, please contact us. Our product allows our customers and users to make international data transfers to third parties, for which they are solely responsible.
e. Notification of Changes
Wrike may change this Privacy Policy to reflect changes in the law, our data handling practices or the features of our business. The updated Privacy Policy will be posted on Wrike.com.
f. Contact Information
If you have questions regarding our practices or this Privacy Policy, or to send us requests or complaints relating to personal data, please contact us:
Data Protection Officer
Wrike, Inc.
70 North Second Street
San Jose, CA 95113
Telephone: +1 877-779-7453 or +1 650-318-3551 privacy@team.wrike.com

80 Harcourt Street
Dublin 2
DO2 F449