Privacy Policy

Introduction

In this policy, we lay out: what data we collect and why; how your data is handled; and your rights with respect to your data. We never sell your data, and we aim to collect as little data as possible.

This policy applies to the Weave desktop application and related services (together, "Weave" or the "Services") built and maintained by Weave AI Inc. ("we," "us," or "our").

What We Collect and Why

Our guiding principle is to collect only what we need. Here's what that means in practice:

Identity and Access

When you sign up for Weave, we ask for identifying information such as your name and email address. This is so that so you can log in to your account on different devices, secure access to your account, personalize your experience within your account, and so we can send you product updates and other essential information.

We'll never sell your personal information to third parties, and we will not use your PII for our own marketing materials.

Billing Information

If you sign up for a paid Weave subscription or purchase credits, you will be asked to provide your payment information. Credit card information is submitted directly to our payment processor, Stripe, and doesn't touch our servers beyond creating the initial payment sessions. We store a record of the payment transaction, including billing-related identifiers, for purposes of account history, invoicing, and billing support.

We also store a one-way hash (SHA-256) of your email address to prevent trial abuse across multiple accounts.

User-Generated Content

All user-generated content in Weave—including chat conversations, documents, images, transcriptions, workspaces, and custom prompts—is stored locally on your device. This content is not uploaded to our servers.

AI Service Usage

When you use Weave's cloud AI features, your prompts and messages are sent to third-party AI providers (such as GreenPT, Google, Anthropic, and OpenAI) for processing. We do not store the content of your AI conversations on our servers. However, we do log usage metadata for billing purposes, including:

- Which AI model was used

- Token counts (input and output)

- Timestamps

- Request status

This usage data allows us to calculate costs and provide you with accurate billing.

Image Generation Usage

When you use cloud-based image generation or alteration features, we log:

- Which model was used

- Number of images generated

- Operation type (generate or alter)

- Timestamps

We do not store the prompts or the generated images on our servers.

Web Search Usage

When you use the web search feature, your search queries may be sent to our third-party search provider (Tavily) for processing as a fallback to local search (done directly from your device). We log usage metadata for billing purposes, including:

- Number of searches performed

- Credits used

- Timestamps

We do not store or log the content of your search queries.

Device and Technical Data

We collect limited technical data to provide and improve our services:

- App version and platform: Collected during update checks to ensure you receive the correct updates for your operating system.

- Anonymous device identifier: A locally-generated hash used for anonymous analytics when you are not signed in.

Legal Agreement Records

When you accept our Terms of Service, Privacy Policy, or other legal agreements, we record:

- The type and version of agreement accepted

- The timestamp of acceptance

- Optionally, your user agent (browser/app information)

This creates an audit trail for legal compliance purposes.

Error Reporting

We use Sentry for error tracking to help us identify and fix bugs. When an error occurs, we collect:

- Error stack traces (with file paths sanitized)

- App version and platform information

- Error context

We do not collect IP addresses in error reports, and we filter out personally identifiable information. You can disable error reporting at any time in the Weave application under Settings > Privacy.

Analytics

We use PostHog for product analytics to understand how Weave is used and to make improvements. Our analytics configuration is privacy-first:

- IP address collection is disabled

- All text content is masked

- We respect Do Not Track browser settings

- No personally identifiable information is collected

We collect basic usage events such as app launches and feature usage patterns. You can disable analytics at any time in the Weave application under Settings > Privacy.

Voluntary Correspondence

When you email us with a question or to ask for help, we keep that correspondence, including your email address, so that we have a history of past correspondence to reference if you reach out in the future.

Third-Party Services We Use

We use the following third-party services to provide Weave. When you use certain features, your data may be shared with these providers:

AI Providers

When you use cloud AI features, your prompts and messages are processed by:

- GreenPT — For eco-friendly AI chat options, their privacy policy can be found at: https://docs.greenpt.ai/privacy/privacy-policy.

- Google (Gemini) — For certain AI chat models and image alteration, their privacy policy can be found at:. https://policies.google.com/privacy.

- Anthropic (Claude) — For certain AI chat models, their privacy policy can be found at:. https://www.anthropic.com/legal/privacy.

- OpenAI — For certain AI chat models and DALL-E image generation, their privacy policy can be found at: https://openai.com/privacy.

These providers process your data according to their respective privacy policies. We recommend reviewing their policies if you have concerns about how your AI interactions are handled.

Infrastructure and Services

- Supabase — Our backend infrastructure provider for authentication, database, and API services. Their privacy policy can be found at: https://supabase.com/privacy.

- Stripe — Payment processing. Stripe handles all payment card data directly; we never see or store your full card number. [Stripe Privacy Policy](https://stripe.com/privacy)

- Tavily — Web search functionality for premium users. Their privacy policy can be found at: https://tavily.com/privacy.

Analytics and Error Tracking

- PostHog — Product analytics with privacy-first configuration. Their privacy policy can be found at: https://posthog.com/privacy.

- Sentry — Error tracking and performance monitoring. Their privacy policy can be found at: https://sentry.io/privacy.

Other Services

- Hugging Face — Model downloads (no user data shared, only model metadata requests). Their privacy policy can be found at: https://huggingface.co/privacy.

- Cloudflare — Application updates distribution (only app version and platform information shared).

When We Access or Disclose Your Information

To provide products or services you've requested. We use the third-party services listed above to help run Weave and provide the Services to you.

To help you troubleshoot or fix a software bug, with your permission. If at any point we need to access your account data to help you with a support case, we will ask for your consent before proceeding.

To investigate, prevent, or take action regarding restricted uses. Accessing a customer's account when investigating potential abuse is a measure of last resort. We want to protect the privacy and safety of both our customers and the people reporting issues to us.

Aggregated and de-identified data. We may aggregate and/or de-identify information collected through the Services. We may use de-identified or aggregated data for any purpose, including analytics.

When required under applicable law. We are a company with data infrastructure located in the United States.

Requests for user data. Our policy is to not respond to government requests for user data unless we are compelled by legal process or in limited circumstances in the event of an emergency request. However, if law enforcement authorities have the necessary warrant, criminal subpoena, or court order requiring us to disclose data, we must comply. It is our policy to notify affected users before we disclose data unless we are legally prohibited from doing so.

If we are audited by a tax authority, we may be required to disclose billing-related information. If that happens, we will disclose only the minimum needed.

Finally, if Weave is acquired by or merges with another company, we'll notify you well before any of your personal information is transferred or becomes subject to a different privacy policy.

Your Rights With Respect to Your Information

We strive to apply the same data rights to all customers, regardless of their location. These rights include:

Right to Know: You have the right to know what personal information is collected, used, shared, or sold. We outline both the categories and specific bits of data we collect, as well as how they are used, in this privacy policy.

Right of Access: This includes your right to access the personal information we gather about you, and your right to obtain information about the sharing, storage, security, and processing of that information.

Right to Correction: You have the right to request correction of your personal information. You can update your name and email directly in the Weave application settings.

Right to Erasure / "To Be Forgotten": This is your right to request, subject to certain limitations under applicable law, that your personal information be erased from our possession and, by extension, from all of our service providers. You can delete your account directly from within the Weave application. Fulfillment of some data deletion requests may prevent you from using Weave services.

Right to Complain. You have the right to make a complaint regarding our handling of your personal information with the appropriate supervisory authority.

Right to Restrict Processing. This is your right to request restriction of how and why your personal information is used or processed, including opting out of sale of your personal information. (Again: we never have and never will sell your personal data.) To opt out of analytics and error reporting, go to Settings > Privacy in the Weave application and disable "Share anonymous usage data."

Right to Object: You have the right, in certain situations, to object to how or why your personal information is processed.

Right to Portability: You have the right to receive the personal information we have about you and the right to transmit it to another party. Since your user-generated content is stored locally on your device, you already have full access to export your data.

Right to Not Be Subject to Automated Decision-Making: You have the right to object to and prevent any decision that could have a legal or similarly significant effect on you from being made solely based on automated processes.

Right to Non-Discrimination: We do not and will not charge you a different amount to use our products, offer you different discounts, or give you a lower level of customer service because you have exercised your data privacy rights.

Many of these rights can be exercised by signing in and updating your account information within the Weave application. If you have questions about exercising these rights or need assistance, please contact us at support@weavegreenai.com.

How We Secure Your Data

All data is encrypted via SSL/TLS when transmitted between our servers and your application. Our database uses encryption, and we implement row-level security policies to ensure users can only access their own data.

Local Data Security

Your user-generated content (chats, documents, images, transcriptions) is stored locally on your device in an SQLite database. This data remains under your control and is protected by your device's own security measures.

Authentication Token Security

Your authentication tokens are stored securely using Electron's safeStorage API, which leverages your operating system's built-in encryption:

- macOS: Keychain

- Windows: Data Protection API (DPAPI)

- Linux: Secret Service API

Tokens are never sent to or stored in the renderer process to prevent potential security vulnerabilities.

API Key Security

All API keys for third-party services are stored securely on our servers and are never exposed to the client application.

Data Retention

We keep your information for the time necessary for the purposes for which it is processed. Here are specific retention periods:

Account Data

We retain your account information (email, name, preferences) for as long as your account is active.

Billing and Usage Data

We retain billing records, subscription history, and usage data even after account deletion for legal and accounting purposes. This data is anonymized when you delete your account, preserving the records without linking them to your identity.

User-Generated Content

Since your content is stored locally on your device, its retention is under your control. We do not have access to this data.

Upon Account Deletion

When you delete your account:

- Your authentication data is immediately removed

- Your account profile is deleted

- Billing and usage records are anonymized (not deleted, for legal compliance)

- Your locally stored content remains on your device until you choose to delete it

Location of Site and Data

Our products and infrastructure are primarily hosted in the United States via Supabase. Our third-party AI providers also primarily operate infrastructure in the United States.

If you are located in the European Union, UK, or elsewhere outside of the United States, please be aware that any information you provide to us will be transferred to and stored in the United States. By using Weave and/or providing us with your personal information, you consent to this transfer. GreenPT is based in the EU and is subject to EU law and different privacy laws than those in the US.

Age Requirements

Weave is intended for users who are 18 years of age or older. We do not knowingly collect or solicit personal information from anyone under the age of 18. If you are under 18, please do not attempt to register for Weave or send any personal information about yourself to us.

If we learn that we have collected personal information from a person under age 18, we will delete that information as quickly as possible. If you believe that a person under 18 may have provided us with personal information, please contact us at support@weavegreenai.com.

California Privacy Rights

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

- Right to know what personal information we collect, use, and disclose

- Right to delete your personal information

- Right to opt-out of the sale or sharing of your personal information (we do not sell your data)

- Right to non-discrimination for exercising your privacy rights

- Right to correct inaccurate personal information

- Right to limit use of sensitive personal information

To exercise these rights, please contact us at [your-email@example.com].

Categories of Personal Information Collected

| Category | Examples | Collected |

| Identifiers | Name, email address, account ID | Yes |

| Commercial information | Subscription records, purchase history | Yes |

| Internet or network activity | App usage, feature interactions | Yes (anonymized) |

| Geolocation data | General location via IP (not precise) | Yes (once, not stored) |

| Professional or employment information | N/A | No |

| Biometric information | N/A | No |

| Sensory data | N/A | No |

| Education information | N/A | No |

We do not sell or share your personal information for cross-context behavioral advertising.

Changes and Questions

We may update this policy as needed to comply with relevant regulations and reflect any new practices. If we make significant changes, we will update the date at the top of this page and notify you through the application or via email.

Have any questions, comments, or concerns about this privacy policy, your data, or your rights with respect to your information? Please get in touch by emailing us at support@weavegreenai.com.

Weave AI Inc.

251 Little Falls Drive, Wilmington DE

support@weavegreenai.com