This Policy explains our practices regarding the collection, protection, use, sharing, and disclosure of information we collect when you visit our websites or use our application.
For Google user data collected through Google APIs, see specific restrictions on our use of that data are set forth in the section titled Google User Data. Weavit’s use of Information received through the Google API will adhere to Google API Services User Data Policy, including the Limited Use Requirement.
You may access our Services from websites, phones, tablets, desktops, laptops and other devices, as well as third-party applications. By your use of our Services, you consent to this Policy and our Terms of Service This Policy also describes your choices regarding the sharing, use, access and correction of your personal information.
We may collect and process personal data (as defined in the Personal Data (Privacy) Ordinance (“PDPO”)) about you when you visit the site, install, download, access, register for or use the app, use our Services, or contact us in relation to the Services. We will only use your personal data as set out below and always in accordance with the PDPO. While we are not based in the European Economic Area (“EEA”) we also comply with the European Union’s General Data Protection Regulation 2016/679 (“GDPR”) as a matter of best practice.
We do not collect special category personal information (as defined in the GDPR), i.e. personal information revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs, trade union membership, genetic and biometric data, or data concerning health, sex life or sexual orientation.
The Services: Weavit is an application that lets you take small notes ('thoughts') that can link information from your digital ecosystem, including emails, contacts, meetings, notes, documents, places etc. that you can connect one with another such that you can retrieve and analyse them in a natural way. The Weavit app on your phone interacts directly with your mail, contacts and calendar providers over a secure connection and to allow you to link contacts and meetings on your device.
Information We Collect
We collect information when you use Services and Sites.
A. INFORMATION WE COLLECT TO PROVIDE YOU THE SERVICE.
Information We Collect from the Services: if you grant us the permission, Weavit accesses email messages in any email accounts you have connected and data collected from other internet accounts you connect. From these email messages, we only process minimal data to determine what is your affinity with the sender and recipients of the email. The data we collect and process are limited to the names and email addresses of the sender and recipients of emails, as well as the date, the subject and time the email was sent or received. We never store any of your email bodies or their attachments on our servers.
WE DO NOT USE ANY OF THIS INFORMATION FOR OUR OWN USAGE. WE ONLY STORE AND PROCESS IT SO THAT YOU CAN ACCESS IT IN A MEANINGFUL WAY THROUGH THE SERVICE. YOU CAN AMEND OR REVOKE THE RIGHTS TO ACCESS THIS INFORMATION AT ANY TIME AND IT WILL BE IRREVOCABLY ERASED FROM OUR SERVERS.
By linking our Services to your email or other internet accounts, you authorize us to collect, process, and retain information, including personal information, from those accounts. We use this information solely to provide our Services to you. We do not sell or otherwise transfer any of this information to third parties.
Connected Internet Accounts. You can connect your Internet accounts to Weavit in order for you to access select information from those accounts in Weavit, and as agreed between the Internet account providers and Weavit. We access, store and use the information We collect from Connected Internet Accounts to provide our Services to you.
We do not store, read or manage any password related to your accounts.
We do not share your personal information with the Internet account providers and We do not sell or otherwise transfer any of this information to third parties.
Push Notifications. If you opt in to receive push notifications, we will send you push notifications about new recommendations such as contacts you have not reached for a certain period of time or to write a short memo on a meeting you just attended. If you no longer wish to receive these types of communications, you may turn them off at the device level.
B. OTHER INFORMATION WE COLLECT FROM YOUR REGISTRATION, USE OF SERVICES, AND VISITS TO OUR SITES
By registering for a Weavit Account, you may provide us with your information including, but not limited to, type of device, operating system version, your name, picture, email address, contacts, and, in some instances, credentials (in an encrypted format), and your device identifier (IDFA). We may also collect preferences and demographic information from you and about you from third parties, and information about your website and app usage, sessions, actions, and how you interact with our applications. This data collection is intended to help us improve our features and your Weavit experience.
Information we Collect from Your Communications with Us. As is true of most websites and apps, we gather certain information automatically when you use our apps and visit our website. This information may include information on the type of device you use, operating system version and the device identifier (IDFA), internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data to analyze trends in the aggregate and administer the site.
HOW WE USE THE OTHER INFORMATION
We use, process, and store your information as necessary to perform the contract with you and for our legitimate business interests, including to:
Provide and Improve Services. We use the information we collect to operate, maintain, provide, and personalize our Services and app, and to research and develop new ones.
Communicate with You. We will use your email address to communicate with you, including updates and new features of the Services, and to provide customer support. By providing your email address, you consent to our using that email address to send you service-related notices and receipts. Please see the Your Choices to Manage Information section for information about how to opt-out of such communications.
Analysis. Our Service may use certain information about you and/or your data internally for analytical purposes such as analyzing how our Services are used, diagnosing service or technical problems, and maintaining security.
We use analytics software to better understand the functionality of our software on your device. This software may record information such as how often you use the application, aggregated usage data, performance data, and where the application was downloaded from.
App Usage & Website Visitor Information.
We use automatically collected information for a variety of purposes, including to:
- remember information so that you will not have to re-enter it during your use of our Services;
- provide custom content, and information;
- determine the effectiveness of our Services;
- fix technology problems reported by our users or engineers that are associated with certain IP addresses;
- automatically update the application on your system and related devices.
HOW WE SHARE INFORMATION
We will always request your consent before sharing any of your information in a way not discussed in this Policy.
We take very seriously our responsibility to maintain the privacy of your personal information. As permitted, we make certain information available to our service providers, partners, and other third parties. These third parties may include the following:
Service Providers & Vendors. We use service providers who assist us in meeting business operations needs, including hosting and delivering our Services. We also use service providers for specific services and functions, including email communication, customer support services, application development, data storage, and maintenance, and analytics. These service providers may only access, process, or store Personal Data pursuant to our instructions and to perform their duties to us.
Third Party Services. We use the service of third party storage, marketing, security, and analytics services like:
- Amazon Web Services
- MongoDB Atlas
- Facebook Analytics
- Google Analytics
Legal Compliance. In certain situations, Weavit may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement. We may disclose to: (a) conform to the law, comply with legal process served on us or our affiliates, or investigate, prevent, or take action regarding suspected or actual illegal activities; (b) to enforce our Terms of Service, take precautions against liability, to investigate and defend ourselves against any third-party claims or allegations, to assist government enforcement agencies, or to protect the security or integrity of our site; and (c) to exercise or protect the rights, property, or personal safety of ourselves, our Services, customers, or others.
Please note: Our policy is to notify you of legal processes seeking access to your information, such as search warrants, court orders, or subpoenas, unless we are prohibited by law from doing so. In cases where a court order specifies a non-disclosure period, we provide delayed notice after the expiration of the non-disclosure period. Exceptions to our notice policy include exigent or counterproductive circumstances, for example, when there is an emergency involving a danger of death or serious physical injury to a person.
Corporate Change or Business Transfer. We may also transfer or assign your information in the course of a corporate change or business transfer including, but not limited to, divestitures, mergers, or dissolution. We will continue to take measures to protect the confidentiality of personal information and give affected users notice before transferring any personal information to a new entity.
YOUR CHOICES TO MANAGE INFORMATION
Revoke Access to Email & Social Network Accounts. Upon request, Weavit Software will provide you with information about whether we hold any of your personal information by contacting firstname.lastname@example.org. You may choose to disconnect your email account or social networking accounts from our Services through your account settings. For steps on how to remove yourself from our Services please visit our FAQ pages for our App. If you no longer have access to your phone or your application, you can also contact your email account provider to revoke our access to your account, or contact us at email@example.com. We will respond to your request within a reasonable timeframe.
Data Retention. We may retain your information for as long as your account is active or as needed to provide our services, comply with our legal obligations, resolve disputes and enforce our agreements.
Data Update. You can request an update of any of your personal information by contacting us at firstname.lastname@example.org. We can only update the data after verifying identity and if the data is collected by our systems.
Email Data Deletion. You can request deletion of any of your information collected and stored by Weavit under the “Manage Privacy” settings within the Email app.
Unsubscribe. If you receive commercial emails from us, you may unsubscribe at any time by following the instructions contained within the email. Alternatively, you can send us an email at email@example.com requesting to unsubscribe. Please note, even after you opt out from receiving commercial messages from us, you will continue to receive administrative messages from us regarding our Services.
It is your responsibility to keep your passwords private and secure. We strongly recommend against sharing your logins and passwords with others.
We take the protection of your information very seriously and employ measures through administrative, technical, and physical safeguards designed to protect information against loss, theft, misuse, unauthorized access, disclosure, alteration, and destruction. We encrypt all data in transit and to the extent possible we also encrypt data at rest. We take reasonable precautions to ensure the integrity and security of our network and systems, but cannot guarantee these security measures will prevent third parties from obtaining information by illegal actions or attacks.
PRIVACY NOTICE FOR CALIFORNIA RESIDENTS
This notice applies to natural persons who are residents of California for compliance with the California Consumer Privacy Act of 2018 (“CCPA”). Weavit does not sell and will not sell your personal information, including in the past 12 months, regardless of your age. Weavit shall not discriminate against you in any way should you exercise your rights under the CCPA.
YOUR RIGHTS UNDER CCPA
- Right to Know. You have the right to request that we disclose what personal information we collect, use, disclose, and sell. To make a request, contact Weavit via email at firstname.lastname@example.org.
- Deletion Rights. You have the right to request deletion of your personal information. See the section above titled “Your Choices to Manage Information” for options and processes for deleting your personal information. Deletion requests require a two-step process, first by making the request, then a second confirmation either via a response from your email account or a second confirmation inside the Services.
- Verification. Weavit verifies requests made via email by first sending a confirmation email to the account connected with the Services, verification is completed when you reply to that email confirming the request. If a request is made on your device from within the Services, then the request for data is confirmed via a pop-up in the Services.
- Response Time. Weavit responds promptly to all requests, but will confirm receipt of requests within 10 days, and respond within 45 days from the day you made the request. If additional response time is necessary, up to 45 days, Weavit will provide you notice and explanation.
- Who may make a request. Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf as your agent, may make a request related to your personal information.
- Denials. If we are unable to verify the request, the request is unlawful, or exceeds your rights under the CCPA, we will deny the request.
- Non-Discrimination. You have the right not to receive discriminatory treatment by Weavit for the exercise of your privacy rights under the CCPA.
CONTACT FOR MORE INFORMATION.
For any additional questions related to your personal information, our privacy policies, or privacy practices, please contact us by email at email@example.com
Where We Store your Data
Weavit does not operate or own servers but has contracted with Amazon Web Services and MongoDB Atlas to rent servers. To operate an optimal service in all countries where the Weavit app is available, your data might be stored in local servers, based in the EU and the UK.
Where we Process your Data
If you are residing in regions outside the EU or UK, please note that information collected through our Service, might be transferred to and processed in the EU or UK or elsewhere. These locations may not have the same data protection laws as the country in which you initially used our Services.
GDPR and EEA Users
What Rights Do I Have as an EEA User?
Individuals located in the European Economic Area (EEA) have certain rights in respect of your personal information, including:
- the right of access to your personal information;
- the right to correct or rectify any inaccurate personal information;
- the right to restrict or oppose processing of personal information;
- the right to erase your personal information;
- the right to personal information portability
Where you have consented to data processing, your consent provides the legal basis to process your personal information, such as when you consent to processing in relation to the processing of your data for Trends or for the Services. You have the right to withdraw consent at any time. Please note that your withdrawal of consent to collect and process your personal information will not affect the lawfulness of processing your personal information based on your consent before you withdraw your consent.
We may also process your personal information on the basis of contractual necessity to perform a contract we have with you. For example, we process the messages in your email accounts when you link them to your Weavit account in order to provide you with the Weavit Services.
We may also process your personal information on the basis of our legitimate interests, including analytic reporting and improving the Services. For example, Weavit has a legitimate interest in collecting information about your device hardware and operating system to better understand how users access and use the Weavit Services. We also have a legitimate interest in providing and developing improved AI algorithms to deliver better product features to our users.
In some cases, Weavit may process personal information pursuant to legal obligations or to protect your vital interests or those of another person.
How May I Exercise My Individual Rights as an EEA User?
Right to Data Portability: Users located within the EEA may contact us with questions or requests regarding their personal information using the contact information below. Please note that Weavit may request additional information from you to verify your identity before we disclose any personal or account information.
Right to Restrict or Oppose: Where we rely on legitimate interests to process your personal information, you have the right to object to such processing by using the contact information below. Please note that some processing is essential to providing the Weavit service.
Right to Access Correct and Rectify: Weavit account holders may access, correct and rectify their personal information through their account settings in the Weavit Services.
Right To Delete: You can request deletion of any of your information collected and stored by Weavit. For assistance with other Services, please contact us at firstname.lastname@example.org
Revoking Consent: For the purposes of EU data protection legislation, the “data controller” of your personal information is Weavit. Weavit has appointed Emmanuel Lefort to be its representative. You can contact them directly regarding the processing of your personal information by Weavit by email at email@example.com
HOW WE HANDLE MINORS’ INFORMATION
Our services are not intended for use by persons under the age of 16. If we become aware that a person under the age of 16 has opened an account or provided us with personal information, we will immediately delete the account and any such personal information.
LINKS TO OTHER SITES
Our Services may contain links to other sites that are not under our control and have their own privacy policies. Please read over the rules and policies of third party sites before you proceed to use them. We are not responsible for the acts, omissions, or content linked on websites, and we provide these links solely for the convenience and information of our users.
We may update this Policy from time to time, so you should review this Policy periodically. When we change the Policy, we will update the ‘last modified’ date at the top of this Policy. If we materially change our Policy, we will notify you of such changes by posting them on this page and/ or by a notification within our Services or via an email. Changes to this Policy are effective when they are posted on this page. Your continued use of our Services after the revised Policy has become effective indicates that you have read, understood, and agreed to the current version of this Policy.
Google User Data
Additional Limits on Use of Your Google User Data:
- The Services may read Gmail message metadata, headers, and settings, calendar metadata and contacts details to provide an app that allows users to aggregate, visualise and analyse their digital information and will not transfer this data to others unless doing so is necessary to provide these features, comply with applicable law, or as part of a merger, acquisition, or sale of assets.
- The Services will NOT read, write, modify, delete or control Gmail message bodies or attachments, contacts or calendar events.
- The Services will NOT write, modify, delete or control metadata, headers, and settings for emails, calendar events and contacts.
- The Services will NOT use this data for serving advertisements.
- The Services will NOT allow humans to read this data unless we have your afﬁrmative agreement for speciﬁc messages, contacts or calendar events, doing so is necessary for security purposes such as investigating abuse, to comply with applicable law, or for the Services’ internal operations and even then only when the data have been aggregated and de-identified.
In addition, Weavit uses the OAuth 2.0 for Web Server Applications from Google Identity Platform to authenticate and synchronize securely with a Google Account and access Google User Data:
- As part of the synchronization process, the user will be required to enter their username and password. Upon successful authentication with Google, Weavit will be provided with tokens which will be stored on our secured database.
- Weavit requests access to differents scopes of Google User data depending on the user’s choice:
- Google Sign-In API: userinfo.email (required)
- Google Calendar API : calendar.events.readonly (opt-in)
- Google People API: contacts.readonly (opt-in)
- Google Mail API: gmail.metadata (opt-in)
- This request is made by the Weavit App while running on the personal mobile device of the user.
- The Google Sign-In SDK provides an Access Token which is used to make secure requests to the Google Calendar API, Google People API and Gmail API. Weavit uses this token in order to make authorized requests for data in a google account. Weavit does not have access to any user passwords at any time. The Google Sign-In API provides user name/email for the authenticated user. This is displayed within the App for the sole purpose to indicate to the user which account is authenticated.
- The Weavit app stores the access token and refresh token of the user in a secured database. The Access Token is used to access the different Google API. When the Access Token expires, the Refresh Token is used to obtain a new Access Token.
- The Account owner user can desynchronize their Google Account from the Weavit App using the Unlink or Change Account buttons. These are accessible from the Account screen from within Weavit. The Account owner can also remove Weavit's access to account data by revoking the tokens from their Google Account.
- The authentication Data is only transmitted to, and received from Google for the purpose of authentication. No data is shared with third parties.
If you have any questions about this Policy or our practices, please contact us at firstname.lastname@example.org or at: The WeaverNest Company Limited, ROOM 702, 7/F., FU FAI COMMERCIAL CENTRE, 27 HILLIER STREET, SHEUNG WAN, HONG KONG