60-Second Privacy Snapshot

Get the key points without reading the full policy

Your data stays yours

We never sell it or run ads

Bank-level security

AES-256, SOC 2 cloud, zero-knowledge encryption

Tiny vendor list

Stripe (payments), Supabase (hosting), OpenAI (AI)

Delete anytime

One click → full purge in 72 hours

Regulator-ready

GDPR, CCPA/CPRA, FERPA-aware

Breach plan

We notify you within 72 hours

926 paid students already trust WeaveX

WEAVEX PRIVACY POLICY

Effective Date: 23 June 2025

1. Who We Are

WeaveX, Inc. ("WeaveX," "we," "our," "us")

Address: 3131 S Hoover St, Los Angeles, CA 90089, USA

Data-Protection Officer: Denys Pavlov — denys@weavex.app

2. The Data We Collect

CategoryExamplesLegal Basis*
Account Dataname, email, university affiliationContract
Uploaded Contentrésumé files, LinkedIn PDFs, outreach copyContract
CRM Activitycontacts, emails, follow-ups, notesContract
Usage Datafeature clicks, session duration, device, truncated IPLegitimate Interest
Payment Datalast-4 card digits, billing country (via Stripe)Contract / Legal Obligation

*GDPR Art. 6 (1)(b) contract; Art. 6 (1)(f) legitimate interest; Art. 6 (1)(c) legal obligation.

3. How We Use Your Data

  • Provide the service – generate AI emails, manage contacts.
  • Improve features – analyse anonymised usage trends.
  • Secure the platform – fraud detection, abuse prevention.
  • Comply with law – tax, accounting, court orders.

We never sell your data or show third-party ads.

4. Data Protection & Security

  • AES-256 encryption at rest; TLS 1.3 in transit.
  • SOC 2 Type II cloud (Supabase, us-west-2).
  • Role-based access + hardware FIDO2 keys.
  • Zero-knowledge content encryption—WeaveX staff cannot read your messages.
  • Annual penetration test + 24/7 intrusion monitoring.
  • Breach notification within 72 hours.

5. International Transfers

  • Primary servers in the United States.
  • EU/UK data protected via Standard Contractual Clauses (SCCs).
  • Participant in the EU-U.S. Data Privacy Framework.

6. Third-Party Sub-Processors

VendorPurposeJurisdiction
Stripe, Inc.payment processingUSA
Supabase, Inc.hosting & storageUSA
OpenAI, L.L.C.AI text generationUSA

We contractually require every sub-processor to meet or exceed our security standards and to process data solely to deliver their service to us.

7. Your Rights

RegionRights
Globalaccess • correction • deletion • portability • objection
California (CCPA/CPRA)know • delete • no sale • no discrimination
EU/EEA/UK (GDPR)restrict processing • lodge DPA complaint
FERPA NoteEducation records treated as confidential; never disclosed without consent.

Submit requests in Settings → Privacy Dashboard or email denys@weavex.app. We verify identity and respond within 30 days.

8. Data Retention

  • Active accounts: retained until you delete.
  • Deleted accounts: secure purge within 72 hours (backups within ≤ 30 days).
  • Free-tier inactive > 18 months: data is anonymised.

9. Cookies & Tracking

  • Essential cookies for login, session security, CSRF.
  • Analytics cookie (first-party, pseudonymised).
  • No third-party ad or cross-site tracking cookies.

You can disable non-essential cookies in Settings → Privacy Dashboard.

10. Children's Privacy

WeaveX is 16+ worldwide / 13+ in the U.S. Accounts proven underage without parental consent are deleted immediately.

11. Policy Changes

We email and display an in-app banner 30 days before any material change. Archived versions available on request.

12. Contact

Questions or concerns? Email denys@weavex.app

Mail: WeaveX, 3131 S Hoover St, Los Angeles, CA 90089, USA