Weave Corp Privacy Policy

May 12, 2025

1. Introduction

Weave Corp (“Weave,” “we,” “our,” or “us”) builds tools that let people stitch together their favorite apps, data, and automation threads. Protecting your privacy is baked into that mission. This Privacy Policy explains what data we collect, why we collect it, how we use it, and the choices you control when you use the Weave mobile app, desktop app, website, APIs, or any service that links to this policy (collectively, the “Services”).

2. Scope

This policy applies to anyone who visits, registers for, or uses our Services worldwide, except where we direct you to a different policy. Separate contracts (e.g., a Master Service Agreement) govern enterprise customers and override this policy where they conflict.

3. Information We Collect

Category

Examples

Purpose

Account Information

Name, email address, password (hashed), phone number (optional), authentication tokens for third‑party services.

Create and secure your account; let you log in and connect integrations.

Usage Data

Workflows created, API calls routed, in‑app actions, session duration, crash logs.

Operate, maintain, and improve the Services; surface recommendations.

Integration Content

Data you explicitly pull from connected apps (e.g., calendar events, emails, health data).

Execute your workflows; display results back to you.

Device & Log Data

IP address, device identifiers, OS version, browser type, language, referring URLs, diagnostics.

Fraud prevention, analytics, debugging.

Cookies & Similar Tech

First‑ and third‑party cookies, local storage, SDK events.

Remember preferences, measure performance, personalize content.

4. How We Use Your Information

  1. Provide the Services
    Run automations, sync integrations, authenticate you, and deliver requested features.

  2. Improve & develop new features
    Analyze aggregated, de‑identified data to understand feature usage and pain points.

  3. Personalize experience
    Suggest workflows, integrations, or settings based on your activity.

  4. Communicate
    Send transactional messages (e.g., security alerts) and service‑related updates. Marketing emails are opt‑in and can be stopped anytime.

  5. Protect Weave & users
    Detect abuse, enforce terms, and comply with legal obligations.

5. Legal Bases for Processing (EEA/UK)

We process personal data only when we have a valid legal basis, including Contractual Necessity, Legitimate Interests (e.g., improving security), Consent (for marketing or certain integrations), and Legal Obligations.

6. Sharing & Disclosure

We share data only as needed to run the Services:

  • Service providers (cloud hosting, error monitoring, payment processors) under strict confidentiality agreements.

  • Integration partners you choose to connect. We share only the minimum tokens/data required to execute your workflows and only while the connection is active.

  • Corporate transactions (merger, acquisition) where data transfers follow this policy and you are notified.

  • Legal compliance when required by law or to protect rights, property, or safety of Weave, our users, or the public.

7. Third‑Party Integrations

When you connect a third‑party service, you authorize Weave to access and process data from that service on your behalf. We do not control how third‑party providers handle your data—review their privacy policies before connecting.

8. Data Retention

We keep personal data only as long as necessary to fulfill the purposes described above:

  • Account data persists until you delete your account.

  • Workflow logs are erased after 90 days by default (enterprise customers can customize).

  • Legal/financial records are retained as required by applicable law.

You can delete your account anytime in Settings → Privacy → Delete Account, which queues deletion of associated data within 30 days, unless retention is legally required.

9. Your Rights & Choices

Depending on where you live, you may have rights to:

  • Access the personal data we hold about you

  • Correct inaccurate data

  • Delete or erase data

  • Port data to another service

  • Opt‑out of certain processing (e.g., marketing, personalised suggestions)

  • Limit or object to processing under specific circumstances

Submit requests via privacy@weavecorp.com or in‑app under Settings → Privacy. We verify and respond within 30 days.

California residents can also opt‑out of "sharing" under the CCPA by toggling Do Not Share My Info in Settings.

10. Security

We employ administrative, technical, and physical safeguards, including:

  • End‑to‑end TLS encryption in transit

  • AES‑256 encryption at rest

  • Role‑based access controls & audit logs

  • Annual SOC 2 Type II & penetration testing

No system is 100% secure, so please protect your credentials and report any concerns to security@weavecorp.com.

11. International Data Transfers

We store data primarily in the United States. When we transfer personal data from the EEA/UK or other regions with data‑transfer restrictions, we rely on Standard Contractual Clauses and equivalent safeguards.

12. Children’s Privacy

Our Services are not directed to children under 13 (or equivalent age in your jurisdiction). If we learn we have collected data from a child without verifiable parental consent, we will delete it.

13. Changes to This Policy

We may update this Policy periodically. Material changes will be announced via email or in‑app notice at least 30 days before they take effect. Continued use after updates means you accept the revised Policy.

14. Contact Us

‹ Weave Corp Terms of Service