WeaveX - AI Networking for Students

60-Second Privacy Snapshot

Get the key points without reading the full policy

Your data stays yours

We never sell it or run ads

Bank-level security

AES-256, SOC 2 cloud, zero-knowledge encryption

Tiny vendor list

Stripe (payments), Supabase (hosting), OpenAI (AI)

Delete anytime

One click → full purge in 72 hours

Regulator-ready

GDPR, CCPA/CPRA, FERPA-aware

Breach plan

We notify you within 72 hours

926 paid students already trust WeaveX

1. Who We Are

WeaveX, Inc. ("WeaveX," "we," "our," "us")

Address: 3131 S Hoover St, Los Angeles, CA 90089, USA

Data-Protection Officer: Denys Pavlov — denys@weavex.app

2. The Data We Collect

Category	Examples	Legal Basis*
Account Data	name, email, university affiliation	Contract
Uploaded Content	résumé files, LinkedIn PDFs, outreach copy	Contract
CRM Activity	contacts, emails, follow-ups, notes	Contract
Usage Data	feature clicks, session duration, device, truncated IP	Legitimate Interest
Payment Data	last-4 card digits, billing country (via Stripe)	Contract / Legal Obligation

*GDPR Art. 6 (1)(b) contract; Art. 6 (1)(f) legitimate interest; Art. 6 (1)(c) legal obligation.

3. How We Use Your Data

Provide the service – generate AI emails, manage contacts.
Improve features – analyse anonymised usage trends.
Secure the platform – fraud detection, abuse prevention.
Comply with law – tax, accounting, court orders.

We never sell your data or show third-party ads.

4. Data Protection & Security

AES-256 encryption at rest; TLS 1.3 in transit.
SOC 2 Type II cloud (Supabase, us-west-2).
Role-based access + hardware FIDO2 keys.
Zero-knowledge content encryption—WeaveX staff cannot read your messages.
Annual penetration test + 24/7 intrusion monitoring.
Breach notification within 72 hours.

5. International Transfers

Primary servers in the United States.
EU/UK data protected via Standard Contractual Clauses (SCCs).
Participant in the EU-U.S. Data Privacy Framework.

6. Third-Party Sub-Processors

Vendor	Purpose	Jurisdiction
Stripe, Inc.	payment processing	USA
Supabase, Inc.	hosting & storage	USA
OpenAI, L.L.C.	AI text generation	USA

We contractually require every sub-processor to meet or exceed our security standards and to process data solely to deliver their service to us.

7. Your Rights

Region	Rights
Global	access • correction • deletion • portability • objection
California (CCPA/CPRA)	know • delete • no sale • no discrimination
EU/EEA/UK (GDPR)	restrict processing • lodge DPA complaint
FERPA Note	Education records treated as confidential; never disclosed without consent.

Submit requests in Settings → Privacy Dashboard or email denys@weavex.app. We verify identity and respond within 30 days.

8. Data Retention

Active accounts: retained until you delete.
Deleted accounts: secure purge within 72 hours (backups within ≤ 30 days).
Free-tier inactive > 18 months: data is anonymised.

9. Cookies & Tracking

Essential cookies for login, session security, CSRF.
Analytics cookie (first-party, pseudonymised).
No third-party ad or cross-site tracking cookies.

You can disable non-essential cookies in Settings → Privacy Dashboard.

10. Children's Privacy

WeaveX is 16+ worldwide / 13+ in the U.S. Accounts proven underage without parental consent are deleted immediately.

11. Policy Changes

We email and display an in-app banner 30 days before any material change. Archived versions available on request.

12. Contact

Questions or concerns? Email denys@weavex.app

Mail: WeaveX, 3131 S Hoover St, Los Angeles, CA 90089, USA