1. Introduction

Weav.com, LLC (“Weav,” “we,” “us,” or “our”) provides a customer support platform that combines AI agents with a multichannel inbox for human agents. We respect your privacy and are committed to protecting your personal data.This Privacy Policy describes how we collect, use, disclose, and retain personal information when you:

• Use our website weav.com or our application at app.weav.com (“Sites”),

• Create or use a workspace on Weav (“Users” – people who log in and use Weav as part of a workspace), or

• Interact with a Weav workspace as an end user – for example by chatting with an AI agent or contacting support via chat, email, or other channels (“Customers”).

If you are a User, this policy applies to the personal data we collect about you. If you are a Customer, the workspace you interact with (our customer) controls how your data is used in the platform; we process it on their behalf as a service provider, and this policy describes our practices in that context as well.

2. Definitions

• Users – Individuals who are part of a workspace and log into weav.com (e.g., workspace members, admins, agents).

• Customers – End users who interact with a Weav workspace (e.g., visitors who use the chat widget or contact support via email or other channels).

• Workspace – A customer’s Weav account/organization; data is scoped to the workspace and removed when the workspace is deleted.

3. Personal Data We Collect

3.1 Data about Users (workspace members)

We may collect:

• Account and identity: Name, email address, profile/avatar, and (where applicable) identity information provided through our authentication provider (e.g., WorkOS).

• Workspace and role: Organization/workspace membership, role, and permissions.

• Payment and billing: Billing address, payment method details (processed by our payment providers), and information needed for invoicing.

• Usage and device: IP address, browser type, device information, and how you use the Sites and application (e.g., pages visited, features used).

• Communications: Support requests and other communications you send to us.

3.2 Data about Customers (end users of a workspace)

When you interact with a Weav workspace (e.g., chat, email, or other channels), we may collect and process on behalf of that workspace:

• Contact and identity: Name, email address, phone number (if provided), and other identifiers you or the workspace associate with you.

• Conversation data: Message content, attachments, channel (e.g., chat, email), and related metadata (e.g., timestamps, assignee).

• Device and technical data: IP address, browser/device information, and similar technical data in connection with your interactions.

The workspace owner is the data controller for Customer data; we process it as a service provider to deliver and operate the platform.

3.3 Data we collect automatically

• Cookies and similar technologies: We use session and essential cookies (e.g., to keep you logged in and remember preferences). We may use analytics cookies (e.g., Fathom Analytics) and advertising-related technologies (e.g., Google Ads) to improve our Sites and for marketing. You can manage cookie preferences via your browser or any cookie preference tool we provide.

• Logs and usage: Server logs, security events, and usage data necessary to operate, secure, and improve our services.

4. How We Use Your Personal Data

We use personal data to:

• Provide the Weav platform – Account and workspace management, authentication, AI and inbox features, and support.

• Process payments and billing – Usage-based billing, invoicing, and payment processing (via our billing and payment providers).

• Communicate with you – Service-related and security messages; with your consent or where permitted, marketing.

• Improve and secure our services – Analytics, troubleshooting, security, fraud prevention, and compliance with law.

• Comply with law – Responding to legal process, enforcing our terms, and protecting our and others’ rights.

We do not use your conversation or usage data to train third-party AI models. Our AI provider (OpenAI) processes data in accordance with our agreement with them, which does not permit using your data to train their models.

5. Sharing and Disclosure

We may share data with the following service providers (subprocessors):

• WorkOS – Authentication and organization management

• Stripe – Payment processing

• Metronome – Usage-based billing and metering

• Postmark – Email delivery (inbound and transactional)

• OpenAI – AI response generation

• Langfuse – AI observability and evaluation

• Amazon Web Services (AWS)

• PlanetScale – Database hosting

• Fathom Analytics and Google Ads (or similar) – Analytics and advertising on our Sites, where used

We require these providers to protect personal data and use it only for the purposes we specify.

• Workspace owners/admins – As needed so they can manage their workspace and support their Customers.

• Legal and safety – When required by law, to enforce our terms, or to protect rights, safety, or property.

• Business transfers – In connection with a merger, sale, or other change of control (subject to the same privacy commitments).

We do not sell personal information for monetary compensation.

6. Data Retention

We retain personal data for as long as the relevant workspace exists and as needed to provide the service, comply with law, resolve disputes, and enforce our agreements. We retain User Data for 90 days following cancellation or termination of the subscription, regardless of payment status, except where retention is required by law or for legitimate business purposes.

7. Data Location and Transfers

Our systems and subprocessors store and process data in the United States, including in AWS data centers (e.g., us-east-1 and us-east-2). If you are located outside the United States, your data will be transferred to and processed in the United States. We take steps to ensure such transfers are lawful (e.g., standard contractual clauses, adequacy decisions, or other approved mechanisms where required by applicable law).

8. Security

We use technical and organizational measures to protect personal data, including encryption in transit and at rest, access controls, and secure development practices. No system is completely secure; we encourage you to use strong credentials and protect your account.

9. Your Rights and Choices

9.1 All users

• Access and correction: You may request access to or correction of your personal data by contacting us.

• Marketing: You may opt out of marketing emails via the link in our emails or by contacting us.

• Cookies: You can manage cookies via your browser or any cookie preference center we offer.

9.2 EEA, UK, and Switzerland (GDPR)

If you are in the European Economic Area, the United Kingdom, or Switzerland, you may have the right to:

• Access, rectify, or erase your personal data

• Restrict or object to certain processing

• Data portability

• Withdraw consent where processing is based on consent

To exercise these rights, contact us at hello@weav.com. We will respond in accordance with applicable law.

9.3 California residents (CCPA/CPRA)

If you are a California resident, you may have the right to:

• Know what personal information we collect, use, and disclose

• Access your personal information

• Correct inaccurate personal information

• Delete your personal information

• Opt out of “sales” or “sharing” – We do not sell personal information. We may “share” information for cross-context behavioral advertising (e.g., via cookies used for Google Ads); you can opt out via our cookie preferences or the “Your Privacy Choices” or similar link in our website footer, when available.

• Non-discrimination for exercising your privacy rights

To exercise these rights, contact us at hello@weav.com. We may need to verify your identity. You may designate an authorized agent subject to applicable verification requirements.

10. Children’s Privacy

Our services are not intended for anyone under 18. We do not knowingly collect personal data from anyone under 18. If you believe we have collected such data, please contact us at hello@weav.com and we will delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated policy on this page and update the “Last updated” date. Your continued use of the Sites or services after the effective date constitutes acceptance of the updated policy, to the extent permitted by law.

12. Contact Us

For privacy-related questions, requests, or complaints:

Weav.com, LLC
222 S Main Street Ste 500
Salt Lake City, Utah 84101
USA

Email: hello@weav.com