WaiverKing

Privacy Policy

This document explains how we use your personal information and data.

Last Updated: 16 July 2025
Effective Date: 16 July 2025

WaiverKing ("we," "our," or "us") is committed to ensuring the privacy of all users of our software and services as well as other visitors to our website. This Privacy Policy outlines describes the types of information we may collect from you or that you may provide when you visit our website and our practices regarding the collection, use, disclosure, and protection of personal information and data when you use our services or website. We strongly believe in your right to privacy and actively engage in "privacy-by-design" principles when developing and operating our software and services.

This policy applies to information we collect 1) on our website, 2) in email, text, and other electronic messages between you and our website, 3) your account data, waiver data, and payment data that you may provide us through your account, and 4) any other sources. This policy does not apply to personal information and data collected by us offline or by any third-party. You do not have to provide us with certain personal information and data, however, if you do not provide or enable us to collect the necessary information, we may not be able to provide you all the services offered by us.

Please read this policy carefully to understand our policies and practices regarding your personal information and data, and how we will treat it. If you do not agree with our policies and practices, your choice is not to use our website or services. By accessing or using this website or our services, you agree to this privacy policy. This policy may change from time to time. Your continued use of our website or services after we make changes is deemed to be acceptance of those changes, so please check the policy periodically for updates.

1. YOUR PERSONAL INFORMATION AND DATA

1.1 General. This section provides you with information about: a) what personal information and data we hold and process; b) in respect of personal information and data that we did not collect from you directly, where we obtained that information and data from, and what types of information and data we have collected; c) the purposes for which we may process your personal information and data; and d) the legal grounds on which we process your personal information and data.

1.2 For Business Clients.

a. Business Client Information. While creating an account, our business clients will be asked to provide some information about their company. The information that a business client may need to provide to create an account may include the name of the company, the website for the company (including the street name and number, the city, state, zip code, and country), a telephone number for the company, an email address for the company, and other basic contact information for the company. For some services, our business clients may need to provide credit card information, tax identification number, and other financial information about the business client as necessary to carry out the transaction for the services.

b. Point of Contact. If you are employed by one of our corporate clients, which has a contractual arrangement with us for the provision of services, and create an account for the business client, you will be asked to provide certain personal information. The information that a point of contact for a business client will be asked to provide while making an account may include the point of contact's first and last name, their phone number, the title of the point of contact, and the point of contact's email address. In creating the account, the point of contact may be asked to electronically sign agreements, and, if so, their electronic signature will be collected by us.

c. Use and Treatment of Business Client Information. We may use the personal information and data provided to us when a business client or a point of contact creates an to enable us to:

  • i. provide services to both the business client and the point of contact in accordance with the contract that we have with the main business client;
  • ii. communicate with the business client and the point of contact regarding the provision of such services;
  • iii. improve the services that we provide and to ensure that we maintain our levels of client care; and
  • iv. marketing our products, services, promotions and offers to the main business client.

We may treat the main business client as the controller of any point of contact information and data that we are provided with. Further, we may receive personal information and data in respect to such points of contact direct from the main business client. We will process any such personal information and data referred to in Section 1.2(a) and 1.2(b) strictly in accordance with the instructions of the main business client, not the individual point of contact, including sharing all such information and data with the main business client. The legal basis for this processing is our legitimate interests in supplying products or services to the main business client, in managing and administering our relationship and contract with the main business client, and in marketing our products and services to the main business client. We will not use any information about the main business client or the point of contact for any reason except as provided here in this Privacy Policy.

1.3 For End Users of our Service.

a. End User Account Information and Data. An "End User" means an individual, other than our business clients or their point of contact, that interacts with our website, services, or software. While creating an account for our platform, an End User will be asked to provide certain personal information about themselves, including the End User's first and last name, their address (including their street number and name, the city, state, zip code, and country), date of birth, email address, telephone number, gender, and employment details. A personal generated ID may also be created associated with that specific End User. Some accounts may also have a photograph of the End User. In creating the account, the point of contact may be asked to electronically sign agreements, and, if so, their electronic signature will be collected by us. This information collectively will be referred to as "Account Data". We will use the Account Data to create your account when you sign up, and manage your account while you use our services. This account data may be updated each time you complete a document through our software. If you choose to enable two-factor authentication for enhanced security, we will also collect your mobile phone number. This number will be used exclusively for account security purposes.

b. Waiver Data. If an End User is using our software and services to sign documents such as a waiver, health form, contract, or questionnaire, we may process information that you put into such documents (the "Waiver Data"). This Waiver Data may include your name, signature, date of birth, email address, information about your health and medical history, and any other information that you are required or requested to put into the document. Our business clients may ask the End User to include various other personal information and data added to their waivers, forms, contracts, and questionnaires as custom fields, with the responses submitted by the End User included as Waiver Data. It is not within our control to limit the custom fields a business client requests, and each business client is responsible for the Waiver Data requested through custom field requests.

Once an End User has completed the document, we will process it, convert the document into a different format, store it for you, and send it to the third-party business client that you selected. An End User's Waiver Data may also be stored by the third-party business client.

The purpose for our processing your Waiver Data in this way is to maintain and administer a complete and accurate record of the documents that you have signed and completed for the third-party business clients. The legal basis for our processing your Waiver Data (to the extent that such waiver data does not class as a special category of personal information and data) will be our legitimate interests in providing our services to our clients who have asked you to complete the document in question, in order to ensure that a complete and accurate record of your signing and completing the documents is maintained and administered.

c. Third-Party Data or Information Provided by End-User. An End User may be asked to provide information about others, namely information about the End User's emergency contacts. We will only use third-party data and information provided by an End User for the reason it was provided. If an End User provides us with personal information and data about a third-party, then the End User represents that the End User has the authority and permission to do us.

d. Sensitive Personal Data. During the course of an End User using our software and services and providing us with information to provide our services to them, an End User may provide us with sensitive information about themselves ("Sensitive Data"). This Sensitive Data may include the End User's health and medical history. We will only use this Sensitive Data for providing our services to the End User in a manner that the End User consented to. We will only process this sensitive data if the End User explicitly consents to us doing so. Such consent for us to collect and process an End User's Sensitive Information must come from an adult.

If the Sensitive Data being collected is of a minor under the age of thirteen (13), then the parent or legal guardian of that minor must be the one to consent to us collecting and processing said minor's Sensitive Information.

e. Policy Regarding Information of Children. If the account is made by a parent or legal guardian on behalf of a minor, we may also ask for the name of the minor, the minor's age, and the relationship of the parent or legal guardian to the minor. CHILDREN UNDER THE AGE OF SIXTEEN (16) YEARS OF AGE WILL NOT BE ALLOWED TO CREATE AN ACCOUNT OR INPUT THEIR OWN INFORMATION. CHILDREN UNDER THE AGE OF SIXTEEN (16) WILL NEED THEIR PARENT OR LEGAL GUARDIAN TO CREATE AN ACCOUNT AND INPUT INFORMATION ON THEIR BEHALF.

  • i. Our system will not allow an account to be made for an any user whose birthday indicates that their age is below 16 years of age.

We comply with the requirements of the Children's Online Privacy Protection Act. An End User must be at least eighteen (18) years old to have our permission to use the WaiverKing website and services. If and End User is between the ages of thirteen (13) and seventeen (17), or under the age of majority where that End User lives, the minor End User must represent that the minor End User's parent or legal guardian has reviewed and agreed to this privacy policy.

f. Use of End User Information and Data. We will use the information or data provided to us or collected through our software for the purpose of managing your account and collecting waivers, health forms, contracts, questionnaires, and other forms from the End User on behalf of our business clients. We will only use your personal information and data for the purpose provided above, and for any actions to support that purpose. We do not process your Account Data in any other way or have access to it in any way. We will not sell your personal information and data. The legal basis for this processing is our legitimate interests in providing our services to our clients, and ensuring that your account is updated each time that you complete a document through our software.

g. Use of Information for Account Security. We use your mobile phone number for the specific and limited purpose of sending you One-Time Passwords (OTPs) via SMS. This helps us verify your identity when you log in or perform sensitive account actions, thereby protecting your account from unauthorized access. We will not use this phone number for any marketing or promotional communications. The legal basis for this processing is our legitimate interest in protecting the security of your account and our services.

1.4 Other Data that We May Collect.

a. Website Data. We may process data about your use of our website and services. The website data may include your IP address, geographical location, browser type and version, device ID, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the website data is our analytics tracking system. This website data may be processed for the purposes of analyzing the use of the website and services. The legal basis for this processing is our legitimate interests, namely monitoring and improving our website and services.

We may also process this data for the purposes of diagnosing any issues we detect in relation to the use of our website, products, or services. This data may be collected by our error-tracking software which is provided by Rollbar. We always try to ensure that any such data is anonymized so that you cannot be identified before it is stored in our records. The legal basis for this processing is our legitimate interests in monitoring and improving our products and services.

b. Enquiry Data. We may process information contained in any enquiry you submit to us regarding our products or services. The enquiry data may be processed for the purposes of offering, marketing, and selling relevant products and/or services to you. The legal basis for this processing is our legitimate interests, namely dealing with and responding to your enquiry appropriately.

c. Notification Data. We may process information that you provide to us for the purpose of subscribing to our blog and press releases. The notification data may be processed for the purpose of sending you newsletters or other news updates. Where you are a corporate customer, the legal basis for this processing is our legitimate interests, namely the marketing of relevant products and services to you.

d. Correspondence Data. We may process information contained in or relating to any communication that you send to us. The correspondence data may include the communication content and metadata associated with the communication. Our website will generate the metadata associated with communications made using the website contact forms. The correspondence data may be processed for the purposes of communicating with you and recordkeeping. The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business and communications with users.

e. Payment Data. If you initiate a transaction or attempt to pay through our services, we may process payment information relating to goods and services that you purchase from us. The payment data may include your contact details, your shipping and billing information including card information, the transaction details, your purchase history, and account information. The payment data may be processed for the purposes of administering the payment, for the supply of the purchased goods and services, and keeping proper records of those payments. This information may be shared with third-parties for the same purposes. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract and our legitimate interests, namely our interest in the proper administration of our website and business.

f. Tracking Data. To collect the website data, we may employ various tracking technologies, such as cookies, web beacons and analytics software, that help us better manage content on our website, software, and services by informing us what content is effective. We utilize systems and tools such as Google Analytics to assist in this tracking. For more information on our use of cookies and similar technologies, including instructions on how to opt-out, please refer to our Cookies Policy. While you may be able to opt out on certain tracking features, others may be necessary for the operation of our website, software, and services.

g. Other Processing Activities. In addition to the specific purposes for which we may process your personal information and data set out above, we may also process any of your personal information and data where such processing is necessary for compliance with a legal obligation to which we are subject, or to protect your vital interests or the vital interests of another natural person. We may also use your personal information and data internally to verify that our internal processes function as intended and are compliant with legal, regulatory or contractual requirements or for fraud and security monitoring purposes to detect and prevent cyberattacks or attempts to commit identity theft. We will engage in these activities to comply with a legal obligation or because we have a legitimate interest.

2. DATA SHARING AND DISCLOSURE

2.1 General. We will only share your personal information and data with third parties according to the terms and under the conditions set forth in this Privacy Policy:

a. To Our Business Clients. We may disclose your personal information and data to our business clients, as required to conduct our business and provide our services. You will be made aware of who the business client is when signing the waiver, contract, or form. We will not provide your personal information or data to any other of our business clients unless those additional business clients are relevant to your use of our services. When you are signing a waiver, contract, or form for one of our business clients, you may wish to read and review their privacy policies and terms and conditions as well, as they will also have access to your personal information and data.

b. To Our Partner Service Providers. We may disclose your personal information and data to certain reputable third-party service providers that we use to conduct our business and offer our services such as cloud and IT service providers, website hosting services, our third-party payment processor for internet-based payment services, order fulfillment, custom service, email delivery, auditing, and other similar services. We will ensure that any partner service providers that we disclose your personal information or data to have their own privacy policies and frameworks that are sufficient, in our discretion, to protect and secure your information and data. Specifically, for account security, we use Twilio Inc. to send SMS messages for One-Time Password (OTP) verification. When you use this service, we share your mobile phone number with Twilio for the sole purpose of delivering the verification message to your device. You can review Twilio's data handling practices in their Privacy Policy, available at https://www.twilio.com/legal/privacy .

c. To Our Insurers/Professional Advisers. We may disclose your personal information and data to our insurers, legal counsel, and/or professional advisers insofar as reasonably necessary for the purposes of obtaining and maintaining insurance coverage, managing risks, obtaining professional advice, and managing legal disputes.

d. To Our Main Contractors. We may share personal information and data with our main contractors as set out in this privacy policy.

e. To Comply with Legal Obligations. In addition to the specific disclosures of personal information and data detailed above, we may also disclose your personal information and data where such disclosure is necessary for compliance with a legal obligation we have to comply with, or in order to protect your vital interests or the vital interests of another individual. This may include disclosing your personal information and data in response to any lawful requests by public authorities, including to meet national security or law enforcement requirements.

f. To Enforce or Apply Terms of Service. We may also disclose personal information and data about you to enforce or apply our terms of service and other agreements, as needed or determined by us is appropriate and necessary to our business and services.

2.2 Transfers to Any Third-Party. When we share your personal information and data with any third-party, we will ensure this processing is protected by appropriate safeguards including a suitable data processing agreement with that third party.

2.3 Transfers of Your Personal Information and Data Outside of the European Economic Area. As further detailed below, we may transfer your personal information and data to our servers based in the United States, in compliance with the EU-US Data Privacy Framework. Otherwise, where your personal information and data is transferred outside of the European Economic Area, we will ensure that either (a) The European Commission has made an "adequacy decision" with respect to the data protection laws of the country to which it is transferred, or (b) we have entered into a suitable data processing agreement with the third-party situated in that country to ensure the adequate protection of your personal information and data. In all cases, transfers outside of the European Economic Area will be protected by appropriate safeguards.

3. RETAINING AND DELETING YOUR PERSONAL INFORMATION AND DATA

3.1 Retention of Your Personal Information and Data. We retain your personal information and data only for as long as necessary for the purposes described in this Privacy Policy unless a longer retention period is required by law or government order. In some circumstances, and for some pieces of personal information and data, the retention period will be indefinite until a request for deletion by you or for a time agreed upon in a contract.

Unless we contact you and obtain your consent for us to retain your personal information and data for a longer period, we will retain and delete your personal data as follows:

  • a. Point of Contact data will be retained for the duration of the contract and for such period after termination of the contract, or as specified in that contract or agreed between WaiverKing and the main contractor;
  • b. Waiver Data may be retained for up to 7 years, or for whoever long as legally necessary;
  • c. Website data will be retained for 12 months following the date of our last contact or dealing with you, at the end of which period it will be deleted from our systems;
  • d. Enquiry data will be retained for 12 months following the date of our last contact or dealing with you, at the end of which period it will be deleted from our systems;
  • e. Notification data (other than Notification data that is also Point of Contact data) will be retained for 12 months following the date of our last contact or dealing with you, at the end of which period it will be deleted from our systems;
  • f. Correspondence data will be retained for 12 months following the date of our last contact or dealing with you, at the end of which period it will be deleted from our systems; and
  • g. Payment data will be retained for 12 months following the date of our last contact or dealing with you, at the end of which period it will be deleted from our systems.

3.2 Legal Obligation for Retention. We may retain your personal information and data where such retention is advisory and/or necessary for compliance with a legal obligation to which we are subject (such as with regard to applicable statutes of limitations, litigation, or regulatory investigations), or in order to protect your vital interests or the vital interests of another natural person.

3.3 Servers. We utilize Amazon Web Services to retain and store your personal information and data, specifically Amazon S3 Cloud Services. The servers that we use are physically located in Virginia and California within the United States.

4. YOUR RIGHTS IN REGARD TO YOUR PERSONAL INFORMATION AND DATA

4.1 Right to Request Information and Data. You may instruct us to provide you with a report of any personal information and data we hold about you. Provision of such report on the information and data will be subject to:

  • a. your request not being found to be unfounded or excessive, in which case a charge may apply. What is found to be unfounded or excessive will be determined by us, at our sole ; and
  • b. the supply of appropriate and sufficient evidence of your identity. For the purpose of appropriate and sufficient evidence, we may require a notarized photocopy of your driver's license and/or passport and an original copy of a utility bill showing your current address.

4.2 Withholding Personal Information and Data. We may withhold personal information that you request to the extent permitted by law.

4.3 Marketing Instructions. You may instruct us at any time not to process your personal information for marketing purposes. In practice, you will usually expressly agree in advance to our use of your personal information for marketing purposes, or we will provide you with an opportunity to opt out of the use of your personal information for marketing purposes.

4.4 Right to Access Your Personal Information and Data. You have the right to request access to the personal information and data we hold about you. Additionally, you have the right to ask us to confirm whether or not we process your personal information and data, and to any additional information, including the purposes for which we process your information and data, the categories of personal information and data we hold, and the recipients of that personal information and data. You may request a copy of your personal information and data; the first copy will be provided free of charge, but we may charge a reasonable fee for additional copies.

4.5 Your Right to Correct Your Personal Information and Data. If we hold any inaccurate personal information and data about you, you have the right to request changes or updates to the inaccuracies in your personal information and data and to have these inaccuracies corrected. Where necessary for the purposes of the processing, you also have the right to have any incomplete personal information and data about you completed.

4.6 Your Right to Delete Your Personal Information and Data. In certain circumstances you have the right to have personal information and data that we hold about you deleted and erased from our records. This will be done without undue delay, with commercially reasonable efforts on our behalf to assist your request to delete your personal information and data. These circumstances include the following:

  • a. it is no longer necessary for us to hold pieces of your personal information and data in relation to the purposes for which they were originally collected or otherwise processed;
  • b. you withdraw your consent to any processing which requires consent;
  • c. the processing is for direct marketing purposes; and/or
  • d. the personal information and data that you are requesting us to delete has been unlawfully processed.

However, in regard to your right to deletion, there are certain general exclusions of the right to erasure, including where processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, or for establishing, exercising, or defending legal claims. When considering these exclusions, we will be continuously mindful of your privacy rights to ensure your rights are respected.

4.7 Your Right to Restrict Processing. In certain circumstances you have the right for the processing of your personal information and data to be restricted. These circumstances include the following:

  • a. you do not think that the personal information and data we hold about you is accurate;
  • b. your data is being processed unlawfully, but you do not want your data to be deleted or erased;
  • c. it is no longer necessary for us to hold your personal information or data for the purposes of our processing, but you still require that personal information and data in relation to a legal claim; and/or
  • d. you have objected to processing, and are waiting for that objection to be verified.

Where processing has been restricted for one of these reasons, we may continue to store your personal information and data. However, we will only process it for other reasons with your consent, in relation to a legal claim, for the protection of the rights of another natural or legal person, or for reasons of important public interest.

4.8 Your Right to Object to Processing. You can object to us processing your personal information and data where our legal basis for the processing is that it is necessary for:

  • a. the performance of a task carried out in the public interest, or in the exercise of any official authority vested in us; or
  • b. the purposes of our legitimate interests or those of a third party.

If you make an objection, we will stop processing your personal information and data unless we are able to demonstrate either a compelling legitimate grounds for the processing, and that these legitimate grounds override your interests, rights and freedoms, or that the processing is in relation to a legal claim.

4.9 Your Right to Object to Direct Marketing. You can object to us processing your personal information and data for direct marketing purposes. If you make an objection, we will stop processing your personal information and data for this purpose.

4.10 Your Right to Data Portability. You may have the right to receive your personal information and data in a structured, machine-readable format. Where you have given us consent to process your personal information and data, or where we are processing your personal information and data for the performance of a contract, you have a legal right to receive a copy of the personal information and data we hold about you in a structured, commonly used and computer readable format. When a data request is made of us, we will make available all applicable personal information and data to you in a computer readable format and will transmit your personal information and data to the appropriate third-party pursuant to your instruction. We will not process your data in this way if we believe that it may pose a threat to the security of the data.

4.11 Your Right to Object for Statistical Purposes. You can object to us processing your personal information and data for statistical purposes on grounds relating to your particular situation, unless the processing is necessary for performing a task carried out for reasons of public interest.

4.12 Rights in Relation to Automated Data Processing. To the extent that the legal basis we are relying on for processing your personal information and data is consent, and where the processing is automated, you are entitled to receive your personal information and data from us in a structured, commonly used, and computer-readable format. However, you may not have this right if it would adversely affect the rights and freedoms of others.

4.13 Right to Withdraw Consent. To the extent that the legal basis we are relying on for processing your personal information and data is consent, you are entitled to withdraw that consent at any time. Withdrawal of consent will not affect the lawfulness of processing before the withdrawal.

4.14 Complaints to a Supervisory Authority Pursuant to the GDPR. If you think that our processing of your personal information and data infringes data protection laws, you can lodge a complaint with a supervisory authority responsible for data protection. You may do this in the EU member state of your habitual residence, your place of work, or the place of the alleged infringement. This provision is only applicable if you are subject to the protections of the GDPR.

4.15 Complaints if You Are Not Subject to the Protections of the GDPR. If you think that our processing of your personal information and data infringes data protection laws, but you are not subject to the protections of the GDPR, then you may contact us via email at privacy@waiverking.com or mail at: WaiverKing, Inc. 340 S Lemon Ave # 2018 Walnut, California 91789.

4.16 Exercising Your Rights. You may exercise any of your rights in relation to your personal information and data by written notice to us in addition to the other methods specified above.

4.17 Exclusion for Point of Contact Data. PARAGRAPHS 4.1 - 4.17 SHALL NOT APPLY TO POINT OF CONTACT DATA OBTAINED OR PROCESSED BY WAIVERKING IN RESPECT OF POINTS OF CONTACT IN CONNECTION WITH A MAIN BUSINESS CLIENT. IN RESPECT OF SUCH DATA: a) WAIVERKING IS ACTING AS A PROCESSOR OF THAT DATA AND THE MAIN BUSINESS CLIENT IS THE CONTROLLER; b) AUTHORIZED USERS SHOULD CONTACT THE MAIN BUSINESS CLIENT TO EXERCISE THE RIGHTS SET OUT IN THIS PARAGRAPH 5.

5. OTHER WEBSITES OR THIRD-PARTY COMPANY SERVICES.

Except as otherwise discussed in this Privacy Policy, this document only addresses the use and disclosure of information that we collect from you. Other websites accessible through our website have their own privacy policies and data collection, use, and disclosure practices. Please consult each website's privacy policy to see how they collect, store, secure, and process your personal information and data. We are not responsible for the policies or practices of third-parties, including any third-party site or other products and services used in connection with WaiverKing's services. The inclusion of a link does not imply endorsement of the linked site or service by us or by our affiliates. We are not responsible for the collection, usage, and disclosure policies and practices (including the data security practices) of other organizations, such as, Apple, Google, Microsoft, or any other operating system provider, wireless service provider or device manufacturer, including any personal data you disclose to other organizations through or in connection with WaiverKing's services.

6. SECURITY OF YOUR INFORMATION.

6.1 General. The security of your personal information and data is a high priority for us. We seek to use reasonable technical, administrative, and physical safeguards designed to protect your personal information and data within our company from accidental loss and from unauthorized access, use, alteration, and disclosure. All information and data you provide to us is stored on our secure servers behind firewalls. While we have implemented strict security group rules to limit access to our resources, ensuring personal information and data remains isolated and secure, unfortunately, no data transmission or storage system can be guaranteed to be 100% secure.

6.2 Network Protection. We utilize Keycloak, a software product to allow single sign-on with identity and access management aimed at modern applications and services, to manage identity and access, ensuring your personal information and data is protected from unauthorized access or breaches. Additionally, we have implemented strict security group rules in Amazon Web Service EC2 and Aurora to limit access to our resources, ensuring tenant data remains isolated and secure. All secure servers are protected by firewalls, best-of-class router technology, TLS encryption, file integrity monitoring, and network intrusion detection that identifies malicious traffic and network attacks.

6.3 Encryption. Data encryption is actively in place both in transit and at rest. All data transmitted between you and the WaiverKing services is done so using strong encryption protocols. We use the latest Transport Layer Security protocols for encrypting data in transit, providing the latest security standards for secure communication. We have implemented appropriate safeguards to protect the creation, storage, retrieval, and destruction of secrets such as encryption keys and service account credentials. Amazon Web Services Key Management Service encrypts data at rest within our Aurora database, maintaining the isolation and security of tenant data.

6.4 Access Control. To minimize the risk of data exposure, we adhere to the principles of least privilege and role-based permissions when provisioning access. We have created a robust role-based access control system so our employees and affiliates are only authorized to access data that they reasonably must handle to fulfill their current job responsibilities. Furthermore, Keycloak has been configured and integrated to manage role assignments and permissions, ensuring that only authorized personnel, with the appropriate roles, can access tenant-specific data.

6.5 User Authentication. The safety and security of your information also depends on you. We have created policies to try to ensure that only you have access to your account. To protect your account, we have enforced strong password policies to ensure that users follow best practices when creating their passwords. This includes complexity requirements for passwords when you create the password for your account. You are responsible for keeping this password confidential and we ask you not to share your password with anyone. In addition, users can set up two-factor authentication (2FA) for an extra layer of security, enhancing the isolation and security of tenant data. User authentication is securely handled through Keycloak.

6.6 Security Compliance Audits. We continuously monitor, audit, and improve the design and operating effectiveness of our security controls. These activities are regularly performed by both third-party credentialed assessors and our internal IT Risk and Compliance teams. Assessment and audit results are shared with senior management, and all findings are tracked to ensure prompt remediation.

6.7 Penetration Testing. In addition to our compliance audits and assessments, we plan on engaging both internal and independent external entities to conduct application-level and infrastructure-level penetration tests at least annually. The results of these tests are shared with senior management and any potential issues are triaged, prioritized, and remediated promptly.

6.8 Breach Response Plan. A data breach occurs when information is accessed without permission. Data breaches can be intentional and the act of outside individuals targeting businesses or individuals to get access to data. As a business collecting and storing personal information and data, we are at risk of being targeted by these criminal individuals. In such an event, we have established policies and protocols in place through data compromise insurance to limit the access of any invasion or data breach, reduce the damage, identify how the breach occurred, identify what data has been comprised, and help us help our users and clients that have been affected.

We have engaged Beazley Group Cyber and Technology Group to help increase our data security, services, and procedures to prevent data breached or incursions, and, in the unfortunate scenario one occurs, to respond swiftly and diligently to limit the exposure of any breach or incursion and prevent such breach or incursion from happening again. If you are interested in learning more about the procedures that Beazley Group Cyber and Technology takes in the case of data breached, you can visit their website https://www.beazley.com .

In the event that we become aware of a data breach, we will comply with all legal requirements for data breach notifications, including informing affected individuals, regulatory authorities, and law enforcement, as necessary.

7. IP ADDRESSES AND COOKIES.

7.1 A cookie is a small text file that is stored on your computer or other internet connected device in order to identify your browser, provide analytics, remember information about you such as your language preference or login information. They're completely safe and can't be used to run programs or deliver viruses to your device.

We use cookies to help identify your computer, including where available, your IP address, operating system, and browser type, for system administration so we can keep your activity secure, tailor your user experience and remember your preferences. This is statistical data and does not identify any individual. You are always free to decline our cookies if your browser permits, but some parts of our website may not work properly.

You can find out more about cookies and how we use them by going to out Cookie Policy on our website.

8. CALIFORNIA PRIVACY RIGHTS.

8.1 Notice to California Customers. Residents of the State of California, under certain provisions of the California Civil Code, have the right to request from companies conducting business in California a list of all third-parties to which the company has disclosed certain personal information or data, as defined under California law, during the preceding year for third-party direct marketing purposes. You are limited to one request per calendar year. In your request, you must supply appropriate evidence of your identity and attest to the fact that you are a California resident and provide a current California address for our response. You may request the information by writing to privacy@waiverking.com.

8.2 Do Not Track and Opt-Out Information. Some web browsers incorporate a "Do Not Track" feature that signals to websites that you visit that you do not want to have your online activity tracked. California residents are entitled to know how WaiverKing, Inc. responds to "Do Not Track" signals. How browsers communicate the Do Not Track signal is not yet uniform, so a standard technological response has not yet been developed by the appropriate technology communities. For this reason, we do not respond to Do Not Track signals currently. To opt out of direct advertising on our website, please send a request to the address above. The effect of an opt-out will be to stop direct advertising, but it will still allow the collection of usage data for certain purposes (e.g., research, analytics, and internal online services operation purposes).

9. USE OF OUR SERVICES BY MINORS.

9.1 Use of Our Services by Minors. Our website and services are not intended for children under thirteen (13) years of age. The use of our services by minors is strongly regulated. No one under the age of thirteen (13) may provide any personal information or data to or on our website or services. We do not knowingly collect personal information from children under the age of thirteen (13), unless provided by the minor's parent or legal guardian. If you are under thirteen (13), do not use or provide any information on this website, our services, through any of their features, register on the website or make an account, make any purchases or transactions through the website or services, use any of the interactive or public comment features of the website or services, or provide any information about yourself to us, including your name, address, telephone number, email address, or any user name you may use. If we learn we have collected or received personal information from a child under thirteen (13) without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under thirteen (13), please contact us immediately.

9.2 Compliance with Children's Online Privacy Protection Act. We comply with the requirements of the Children's Online Privacy Protection Act. You must be at least 18 years old to have our permission to use the WaiverKing website or services. If you are between the ages of 13 and 17, or under the age of majority where you live, you represent that your legal guardian has reviewed and agreed to this privacy policy.

10. INTERNATIONAL DATA TRANSFERS.

10.1 General. The WaiverKing website and services are controlled and operated by us from the United States and are not intended to subject us to the laws or jurisdiction of any state, country, or territory other than that of the United States. We currently do not have any plans to transfer any data or information outside of the United States, but in the future there is the potential that your personal information and data may be stored and processed in any country where we have facilities or in which we engage service providers. By using our website and services you understand that your information and data may be transferred to countries outside of your country of residence, including the United States, which may have data protection rules that are different from those of your country and whose laws don't provide the same level of protection as in the European Economic Area or the United Kingdom. In certain circumstances, courts, law enforcement agencies, regulatory agencies, or security authorities in those other countries may be entitled to access your personal Information and data.

10.2 EU-U.S. Data Privacy Framework and Swiss-U.S. Data Privacy Framework. We rely on standard contractual clauses based on the clauses published below for transfers of personal data from the European Economic Area, copies of which can be obtained by contacting us. For data transfers from the European Economic Area and Switzerland, we use the standard contractual clauses for international transfers found at https://commission.europa.eu/publications/standard-contractual-clauses-international-transfers_en , while for data transfers from the United Kingdom we use ones found at https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/international-data-transfer-agreement-and-guidance .

Nonetheless, and in addition to standard contractual clauses, we comply with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. Data Privacy Framework (UK Extension to the EU-U.S. DPF), and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. If there is any conflict between the terms in this Privacy Policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework ("DPF") program, and to view our certification, please visit https://www.dataprivacyframework.gov/ .

We are responsible for the processing of personal information and data we receive, under the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPR, and subsequently transfers to a third-party acting as an agent on our behalf. We comply with the EU-U.S. DPF and Swiss-U.S. DPR Principles for all onward transfers of personal information and data from the European Economic Area, the United Kingdom, and Switzerland, including the onward transfer liability provisions.

The Federal Trade Commission has jurisdiction over our compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF. In certain situations, we may be required to disclose personal information and data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, we commit to refer unresolved complaints concerning our handling of personal information and data received in reliance on the applicable DPF to TRUSTe, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://feedback-form.truste.com/watchdog/request for more information or to file a complaint. These dispute resolution services are provided at no cost to you.

For complaints regarding EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF compliance not resolved by any of the other DPF mechanisms, you have the possibility, under certain conditions, to invoke binding arbitration. Further information can be found on the official DPF website: https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2 .

10.3 Other International Data Transfers. If you are located outside the European Economic Area (EEA), we may transfer and process your data outside your jurisdiction, including to countries that may not provide the same level of data protection. While we do not plan on any international data transfers, and do not foresee the need to in the future, if, at some point, we do transfer your personal information and data across international borders, we will ensure appropriate safeguards are in place.

11. CHANGES TO OUR PRIVACY POLICY.

We reserve the right to change this policy at any time, without prior notice to you. Such changes, modifications, additions, or deletions shall be effective immediately upon notice thereof, which may be given by means including, but not limited to, issuing an e-mail to the e-mail address provided by you or posting the revised policy on this page. You acknowledge and agree that it is your responsibility to maintain a valid e-mail address and/or review the WaiverKing website and this policy periodically, and be aware of any modifications.

a. In using our Services, and following any modification, change, or update to our Privacy Policy, you may be required to acknowledge that you received notice of the modification, change, or update and that you agree to the revised Privacy Policy before using our services. If such acknowledgement is not required, and continued use of our services following the receipt of a notice the modification, change, or update to our Privacy Policy will be deemed by both you and us as your explicit agreement to the new Privacy Policy.

b. Your continued use of the WaiverKing website any modification, change, or update to our Privacy Policy will constitute your: (a) acknowledgment of the modified policy; and (b) agreement to abide and be bound by the modified policy.

12. INFORMATION AND DETAILS ABOUT US.

12.1 Who We Are. This website and software is owned and operated by WaiverKing, Inc. We are a corporation formed in the State of California under registration number C3518177.

12.2 Our Address. Our registered office is located at 1990 N California Blvd, 8th Floor, California, United States, 94596.

12.3 How to Contact Us. There are many ways to get in contact with us. To do so, you can contact us:

a. by mail, using the postal address given above;

b. using our website contact form;

c. by telephone, on the contact number published on our website from time to time; or

d. by email, using the email address published on our website from time to time.

Response times may vary, but we promise we will take all commercially reasonable steps to ensure that we respond in an efficient, thoughtful, and timely manner.

12.4 Our Data Protection Officer. As you can tell from reading our Privacy Policy, we at WaiverKing really do take the privacy of you and your personal information and data seriously. We even have a designated person to serve as our Data Protection Officer to ensure that not only follow all applicable privacy laws, but that our software and services are designed and operated in a manner that respects both you and your personal information and data.

Our Data Protection Officer can be contacted via email at privacy@waiverking.com or by telephone by calling them at +1(888) 221-6693. Again, response times can vary, but we do promise that we will take commercially reasonable steps to ensure that we respond in an efficient, thoughtful, and timely manner.

There are other services that aim for WaiverKing's stellar results but none of them can deliver the same comprehensive suite of features, support, and value that we can! WaiverKing has simplified and perfected the waiver/document process so you can focus on servicing your clients and growing your business. Our unique, dynamic tool is changing the way business works by: Streamlining waiver completion, storage, submissions, and integration. Saving you time and money. Keeping your customers happy. Eliminating registration mistakes and headaches. AND energizing your bottom line!

WaiverKing has perfected this vital process to ensure reliable and exceptional results for you, your business, and all your clients. With easy online access to all waiver/registration forms and our no-hassle completion process, your clients will complete and submit all forms without confusion or missteps. Now, when they arrive at your office, everything is verified and integrated so the client can proceed without delay to their appointment. Furthermore, WaiverKing kiosks are providing full onsite document completion and submission with a simple ATM-like experience that will delight your clients with its user-friendly interface and prevent time-consuming lines and issues at your front desk.

And that's just the beginning!… Complete form customization … Combined family accounts for seamless integration … Alerts for improperly completed forms … Multiple locations with unlimited documents … Instant MindBodyOnline integration … If it's important to your document completion process and it energizes your business … WaiverKing has it and you're going to love it!

WKForm logo
PRIVACY POLICY COOKIES POLICY DELETION POLICY TERMS OF SERVICE MANAGE COOKIES
Start free trial

No credit card required

+1 (888) 211-6693

contact_us@waiverking.com support@waiverking.com

WaiverKing © Copyright 2026

Facebook LinkedIn