Working draft. This privacy policy is a starting point and is still being written. It is not yet final, and is not legal advice.
Legal

Privacy Policy

Last updated: January 2026 Coming soon · Draft v0.1

Weve provides a permissioned API that lets products understand people across the apps they already trust. Privacy isn't a feature we added — it's the whole point. This policy explains what we collect, how we use it, and the control people keep over their data.

The short version

1. Who we are

Weve is operated by WEVE TECHNOLOGY LTD (“Weve”, “we”, “us”), located at 1 Example Street, London, United Kingdom Coming soon. For data-protection questions you can reach us at privacy@weve.dev.

Depending on the interaction, Weve may act as a data processor (handling data on behalf of a product that uses our API) or as a data controller (for our own account and website data).

2. Information we handle

Account & contact information

When you create an account or contact us: name, email, company, and authentication details.

Connected-source data

When a person connects a source (for example Calendar, Spotify, Monzo, or a wearable), Weve accesses only the scopes that person grants. This data is processed to answer a specific request and is not retained beyond what's described in Section 6.

Usage & technical data

API request metadata, log data, device and browser information, and cookies used to operate and secure the service.

3. How we use information

We do not sell personal data, and we do not use anyone's connected data to train machine-learning models.

4. Permissions & connected sources

Access to each source is granted by the person, scope by scope, and can be reviewed or revoked at any time from their connection settings. Revoking access stops all future processing of that source. Weve never accesses a source a person hasn't connected.

5. When we share information

We share personal data only with:

We never sell data, and we never share it for advertising.

6. Data retention

Connected-source data is processed transiently to answer a request and is not stored as a persistent copy. Account, billing, and audit-log data are retained for as long as your account is active or as required by law. Exact windows coming soon

7. Security

We protect data with AES-256 encryption in transit and at rest, row-level permissions, and immutable audit logs. We are pursuing SOC 2 Type II and HIPAA, and operate in line with GDPR.

8. Your rights

Depending on where you live, you may have the right to access, correct, delete, port, or restrict the processing of your personal data, and to withdraw consent. To exercise any of these, contact privacy@weve.dev. You also have the right to lodge a complaint with your local data-protection authority.

9. International transfers

Where data is processed outside your region, we rely on appropriate safeguards such as Standard Contractual Clauses. Hosting regions coming soon

10. Cookies

We use a small number of cookies to keep you signed in, remember preferences, and secure the service.

Essential · Analytics · Preferences — each cookie's name, purpose, and duration will be listed here. Cookie table coming soon

11. Children's privacy

Weve is not directed to children under 16, and we do not knowingly collect their personal data.

12. Changes to this policy

We'll update this page when our practices change and revise the “last updated” date above. Material changes will be communicated directly where appropriate.

13. Contact

Questions about this policy or your data? Email privacy@weve.dev or write to us at 1 Example Street, London, United Kingdom Coming soon.