Privacy Policy

Choreo takes Your privacy seriously. This privacy policy explains what information we collect when you visit  and how we treat that information. Choreo is owned by WSO2 LLC (“WSO2”) and whenever the terms “we” “us” or “our” appear in this policy, we’re talking about WSO2 and its subsidiary companies.  When we use “You” and “Your” in this policy, we mean the person or entity visiting our site or using the services on it.


Information You provide

When You sign up for Choreo, use Choreo to create an application, pay for our services or register for an event, newsletter or activity on our site, we ask that You give us all or some of the following information about Yourself:

  • Your name
  • Email address
  • Telephone number
  • Country
  • State ( if applicable)
  • Your payment details ( if You are paying for a service)
  • Authentication tokens: When You wish to integrate Choreo with third party services easily, You can use authentication tokens instead of storing Your credentials. OAuth is the most commonly used protocol for this purpose. 
  • API keys and API credentials: Third-party services that do not use the OAuth protocol use either API keys or login credentials. If You wish to integrate Choreo with such services, Choreo will ask for the relevant API Key to authenticate/authorize the communication with that third party service's API.

Some of the services on Choreo- such as paid services, may make it mandatory that You provide some personal details. This is because we won’t be able to process Your payments or provide You with certain services without them. You’re completely free to opt out of this, but that means that You may not be able to fully access those services.

When You build applications using Choreo, the source code of Your application will be visible to us. However, You will always own and control Your code. Check our Terms of Use to see how You retain Your rights to the code You write. 

Information collected automatically

When You visit our site, there is some generic information that we can see automatically. This includes Your IP address, Your browser type, device info, the time and frequency You access our site and the URL You came from. This type of generic information won’t reveal Your identity as a visitor but is still useful to us to analyse and improve the way our site is being used.

When You use Choreo to create and run applications, we store data such as application logs  so that You have the option to view them. We also aggregate non-personally identifiable information about how You use Choreo. This information is important to us to analyse the ways in which Choreo is used to develop applications, to understand what users’ needs are and to make our service better suited to those needs. Such usage data never identifies You personally.

To see how we use cookies, check WSO2’s cookie policy. 

Information we get from third parties about You

We may obtain information from other sources and combine that with information we collect through our services. For example if You create or log into Your account through one of our integration partners ( such as Google or Github), we will have access to basic information from that sign on service, such as Your name and account information. 

When You create applications using Choreo, You may choose to integrate with various third party services (like messaging services, email or calendar services). In those scenarios, Choreo’s access to the third party service will be limited to performing the functions that You specify. Choreo doesn’t store any data that resides on these third party services nor does it access that data in any way outside of Your instructions .  Choreo’s use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.


We use the data we collect to:

  • Perform the service You ask for.  For instance, if You need support, we use Your contact details to get in touch with You. If You want to pay for a service, we use Your payment details to process that payment.
  • Analyse how Choreo is being used. We rely on analytics of Your activity and applications to improve Your user experience.  As examples, we use analytics to take design decisions, find bugs in the systems, and recommend actions and features to users. 
  • To improve our services and content. We check on what You have clicked on and what kind of activities or scenarios You run on Choreo, to find out what is most commonly used, and in what ways people use our services. We use this feedback to make our service better.
  •  To update You and market our services. If there are updates to Your service, important information You need to know, or if we think You would be interested in our technology and what we’re doing with it, we’ll get in touch with You using Your contact details. You can unsubscribe from our marketing emails at any time by either clicking on the unsubscribe link at the bottom of the email or by contacting us on the Choreo user portal. However, You may still receive important information about Your service, security or payments. 


We don’t sell Your information to anyone. 

We do share Your information within the WSO2 group, because our affiliate entities also help provide our services. WSO2 LLC is located in the United States of America. Our current affiliates are WSO2 UK Limited (located in the United Kingdom), WSO2 Lanka (Private) Limited (located in Sri Lanka), WSO2 Brasil Tecnologia E Software Ltda (located in Brazil), WSO2 Germany GmbH ( located in Germany) and WSO2 Australia Pty Limited ( located in Australia).

Data transferred from the European Union and United Kingdom to other affiliate entities located around the world is transferred on the basis of Data Transfer Agreements containing EU Standard Contractual Clauses set out by the European Commission. These clauses guarantee certain levels of physical, administrative and technical safeguards of Your data.

WSO2 has also certified to the US Department of Commerce that it adheres to the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. To learn more about the Privacy Shield program, and to view our certification, please visit

We may share data with verified technology partners who provide additional services that enhance our services. Your information may also be visible to our service providers who help us run our platform and provide certain services, such as our customer support platform, marketing, analytics and CRM tools. They are only authorized to use information that is strictly relevant for them to perform their tasks, and we make sure  that they are under obligations of confidentiality and security to us so that Your data is secure. Our hosting provider is Microsoft Azure. To see more details on how MS Azure protects Your privacy visit

If You use our paid services, we also use a third party payment card processor. We don’t actually see any of Your payment card information and this goes directly to Your payment card processor. 

We may also release Your information when we believe release is appropriate to comply with the law, enforce our privacy policy or protect ours or others’ rights, property or safety.


We will only collect and process personal data about You where we have lawful bases. Lawful bases include consent (where You have given consent on one of our forms), contract (where processing is necessary for the performance of a contract with You) and legitimate interests (such as to protect You, us, or others from security threats, comply with laws that apply to us and to administer our business through consolidated reporting, or marketing our services etc.) See the “WHAT ARE YOUR RIGHTS TO YOUR PERSONAL INFORMATION?” section below if You wish to withdraw Your consent or object to any processing of Your personal data. 


We implement industry standard security safeguards designed to protect Your data. We encrypt all data at rest ( including credentials/tokens to external systems). All our data transfers are done securely through encrypted channels using Transport Layer Security (TLS) technology. We regularly monitor our systems for possible vulnerabilities and attacks and conduct testing. However, we cannot warrant the security of any information that You send us. There is no complete guarantee that data may not be accessed, disclosed, altered or destroyed by breach of any of our physical, technical or administrative  safeguards. 


We store the information we collect about You for as long as is necessary for the purpose(s) for which we originally collected it. For instance, we may retain Your information during the time in which You have an account to use our website or services. We also may retain Your information during the period of time needed for WSO2 to pursue our legitimate business interests, conduct audits, comply with our legal obligations, resolve disputes, and enforce our agreements. At the end of these periods, we ensure that Your data is deleted securely using an industry standard methodology.

WSO2 acknowledges Your right to access Your data. If information pertaining to You as an individual has been submitted to us then You have the right to access, correct, or edit Your data. If You wish, we can provide all the personal information on our records to You or to someone You nominate in a portable format as well. 

You can ask us to stop using all or some of Your personal data (e.g., if we have no legal right to keep using it) or to limit our use of it (e.g., if Your personal data is inaccurate or unlawfully held).

You may also choose to delete Your data from our website or service at any time You choose, and unsubscribe from any Choreo mailing lists You are on. You can unsubscribe from our emails by clicking on the unsubscribe link which is at the bottom of every marketing email we send. You can click on Your account within the Choreo user portal, which will let You do certain functions like deleting Your account or You can reach out to us as [email protected] for any of the above requests.

We only ever retain Your personal data after You have ceased using our services, or sent us a request to unsubscribe or delete Your data if  it is reasonably necessary to comply with our legal obligations (including law enforcement requests), meet regulatory requirements, resolve disputes, maintain security, prevent fraud and abuse, or fulfill Your request to “unsubscribe” from further messages from us.


When You choose to integrate certain functionalities with sites or applications outside of WSO2, you are bound by the terms of the particular site or application. 


We reserve the right to amend this Privacy Policy at any time. We will not send individual email notifications on the updates. Any amendments will be posted on this page. You are therefore encouraged to visit this page periodically.

By using our website and services, You consent to our Privacy Policy and any revisions thereto. If You do not agree with our privacy policy or any changes we make to it, You may delete Your profile.


For further information about our privacy policy or any concerns or complaints, please contact our Data Protection Officer at [email protected] or for Choreo specific requests email [email protected].

For EU/EEA/UK residents:

If You are located within the European Union,the United Kingdom or the European Economic Area, WSO2 UK Limited will be the controller of Your personal data provided to, or collected by or for, or processed in connection with our services.

If You have any issues with regard to Your data security on our website, then in addition to informing us, You also have the right to write directly to the independent data protection monitoring organization in Your country. Within the UK, this is the Information Commissioner's Office (ICO). The ICO is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals. Please do email our data protection officer at [email protected] if You have any issues, concerns or questions regarding Your personal data and we are happy to help.

For California residents: 

California residents may view WSO2's California-specific privacy policy at

Effective April 20, 2021