Who this notice covers
Obligary is a product operated by Web Wonderland Ltd. This notice explains how information is handled when people visit the public site, create an account, join a workspace or contact the team.
This notice is written for public-site visitors, people who create or use an Obligary account, invited workspace users, and people who contact Obligary for support, feedback or feature requests.
A customer organisation may also need its own privacy information for the records it chooses to place in Obligary.
Information the product handles today
Account and team access
Names, email addresses, Clerk user identifiers, organisation memberships, invite details and role assignments.
Workspace records
Organisation details, profile answers, generated and manual tasks, categories, owners, dates, notes, statuses, reports and audit history.
Evidence vault content
Uploaded evidence files plus metadata such as filename, type, size, task link, expiry date, uploader and archive state.
Billing and support
Stripe customer, subscription and invoice references, plus messages sent through help, feedback and support channels.
Obligary also needs limited technical and diagnostic information to deliver pages, protect authenticated areas, troubleshoot failures and keep the service operating.
Where information comes from
- Directly from visitors and users when they sign up, complete forms, upload evidence or contact support.
- From workspace owners or admins who invite colleagues, create client workspaces or assign tasks.
- From connected service providers when they return authentication, billing or email-delivery information needed by Obligary.
Why Obligary uses it
Obligary uses information to authenticate users, scope organisation access, generate and manage task calendars, store evidence, send reminders and assignment emails, produce reports, support billing screens, respond to support messages and improve product reliability.
Sharing and service providers
Workspace information is shown to authorised members according to their organisation membership and role. Evidence downloads are designed for authenticated workspace access rather than public file links.
Obligary uses service providers for core functions: Clerk for authentication, Stripe for paid subscription billing, Resend for product emails, PostgreSQL hosting for application data and S3-compatible storage for private evidence files.
Access, retention and deletion
Workspace access is controlled through organisation membership and role checks. Current roles include owner, admin, member and viewer, with different abilities to manage billing, settings, tasks and evidence.
Obligary retains product data while it is needed to provide the service, preserve expected workspace history, handle support or billing matters, meet operational or legal requirements, or follow an agreed deletion process.
Security summary
Obligary is built around authenticated app routes, organisation-scoped permissions, private evidence storage keys and signed evidence download URLs. No online service can promise absolute security, so operational controls, supplier settings and incident procedures still need active review.
Privacy requests
UK data protection rights may apply depending on the information and context. Contact Obligary at hello@due-desk.co.uk with privacy questions or requests.