Privacy Policy

1. Introduction

Welcome to Weave ("we", "us", or "our"). We operate the Weave web application, accessible at weave-app.io (the "Service").

This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information. We are committed to protecting your privacy and will never sell or share your personal data with third parties for marketing or commercial purposes.

By using Weave, you agree to the collection and use of information as described in this policy.

2. Who We Are

Weave is operated from Australia. If you have any questions about this policy, please contact us at:

Email: support@weave-app.io

As we grow, we intend to offer our Service to users in the United Kingdom, United States, European Union, and other regions. Where applicable, we comply with the relevant data protection laws of those jurisdictions, including the UK GDPR, EU GDPR, and applicable US state privacy laws.

3. Information We Collect

3.1 Information You Provide via Sign-In

When you sign in to Weave using Google or Microsoft OAuth, we receive the following information from those providers:

• Full name
• Email address
• Phone number (optional, if provided by you)

Authentication is handled by Clerk (our identity management provider). We do not receive or store your password.

3.2 Calendar and Meeting Data

To provide our core functionality, Weave accesses your calendar and mail data via the OAuth permissions you grant. Specifically, we may collect and store:

• Meeting invite data (event titles, times, attendees, descriptions)
• Associated calendar metadata required to deliver the Service

We only access the minimum data necessary to provide the features you use.

3.3 Automatically Collected Information

We may collect standard technical information when you use the Service, such as your IP address, browser type, device information, and usage logs. This information is used solely for operating, securing, and improving the Service.

4. How We Use Your Information

We use the information we collect to:

• Authenticate you and maintain your account
• Provide, operate, and improve the Service
• Display and process your meeting and calendar data as part of core features
• Respond to your support requests
• Ensure the security and integrity of the Service
• Comply with our legal obligations

We do not use your personal data for advertising or sell it to any third party.

5. How We Store and Protect Your Data

We take data security seriously. Your data is protected using the following measures:

• All data is encrypted at rest using double encryption: a master encryption key and a unique per-user encryption key.
• All data in transit is encrypted using TLS (HTTPS).
• Authentication and identity management is handled by Clerk, a trusted third-party identity platform.

While we take all reasonable steps to protect your data, no method of transmission or storage is 100% secure. We will notify you promptly if a data breach occurs that affects your personal information, as required by applicable law.

6. Third-Party Services

We use the following third-party services to operate Weave:

• Clerk — identity and authentication management
• Google (via OAuth) — sign-in and calendar/mail access
• Microsoft (via OAuth) — sign-in and calendar/mail access

These providers have their own privacy policies and data practices. We encourage you to review them:

• Google Privacy Policy: https://policies.google.com/privacy
• Microsoft Privacy Statement: https://privacy.microsoft.com
• Clerk Privacy Policy: https://clerk.com/legal/privacy

We do not share your personal data with any other third parties, except as required by law.

7. Data Retention

We retain your personal data for as long as your account is active, or as necessary to provide you with the Service. If you delete your account, we will delete or anonymise your personal data within 30 days, except where we are required by law to retain it for longer.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access — request a copy of the data we hold about you
• Correction — request that inaccurate data be corrected
• Deletion — request that we delete your personal data
• Portability — request your data in a portable format
• Objection — object to certain types of processing
• Withdrawal of consent — revoke OAuth permissions at any time via your Google or Microsoft account settings

To exercise any of these rights, please contact us at support@weave-app.io. We will respond within 30 days.

If you are located in the EU or UK, you also have the right to lodge a complaint with your local data protection authority.

9. Children's Privacy

Weave is not intended for use by anyone under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately at support@weave-app.io and we will delete it promptly.

10. International Data Transfers

Your data may be processed and stored outside of your home country, including in Australia and the countries where our third-party service providers operate. Where such transfers occur, we ensure appropriate safeguards are in place in accordance with applicable data protection law.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the effective date at the top of this document and, where appropriate, notify you by email or via the Service. Your continued use of the Service after any changes constitutes your acceptance of the updated policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, please contact us at: