Legal
Privacy Policy
Effective 2026-07-13
This Privacy Policy describes how Spacing LLC (“Company”, “we”, “us”) collects, uses, and shares information when you use weave at weaveiq.io.
1Information we collect
Account information. When you sign up, we collect:
- Your email address (from Google OAuth or the magic-link flow).
- Your name and profile image, if provided by Google.
Subscription & payment information. If you subscribe to a paid tier, we and our payment processor Stripe collect:
- Payment card details (processed and stored by Stripe — we do not see or store card numbers).
- Billing address (via Stripe).
- Subscription tier, status, trial dates, renewal history.
Usage information. We log:
- Sign-in timestamps.
- Pages visited on weave (via server logs).
- API request counts and rate-limit windows if you use the API.
Cookies + analytics. We use a first-party session cookie (authjs.session-token) to keep you signed in. We use Google Analytics 4 (property G-4PR8161H67) to count pageviews and understand conversion — sign-ups, checkout starts, purchases — in aggregate. GA sets its own cookies (_ga, _ga_*). We do not use advertising cookies. You can opt out via Google's browser add-on (tools.google.com/dlpage/gaoptout), your browser's Do Not Track / Global Privacy Control signal, or an ad blocker such as uBlock Origin.
2How we use information
- To authenticate you and provide access to your tier.
- To process subscriptions and payments.
- To send transactional emails (magic links, trial and renewal notices).
- To enforce API rate limits and detect abuse.
- To improve the Service and diagnose issues.
- To comply with legal obligations.
We do not use your information for advertising or profiling.
3Google OAuth data
If you sign in with Google, we request only your email address and basic profile (name, image). We do not access your Gmail, Drive, Contacts, Calendar, or any other Google service. We use Google authentication solely to verify your identity and create your weave account.
4Third-party services
We share information with the following third parties strictly to operate the Service:
- Google (authentication) — receives sign-in events; we receive your email and basic profile.
- Stripe (payments) — processes and stores your payment card details, billing address, and transaction history. See Stripe's Privacy Policy.
- Resend (email delivery) — receives your email address and message content for magic-link and transactional emails.
- Neon (database) — stores your account and subscription state.
- Vercel (hosting) — processes all HTTP requests.
- Upstash (rate limiting) — stores rolling API request counts keyed by your user ID.
- Cloudflare (DNS + edge) — processes all HTTP requests at the network edge.
We do not sell, rent, or trade your personal information to any third party.
5Data retention
- Account data — retained while your account is active. You may delete your account at any time by emailing [email protected]. We will delete your account within 30 days.
- Subscription and payment records — retained for 7 years for accounting and tax compliance, even after account deletion.
- Server logs — retained for up to 30 days.
- Trend content — derived from public sources; not personal to you and retained indefinitely.
6Your rights
Depending on where you live, you may have the right to:
- Access the personal information we hold about you.
- Correct inaccurate information.
- Delete your account and associated data (subject to legal retention obligations for billing records).
- Export your data in a portable format.
- Withdraw consent for optional processing.
To exercise any of these rights, email [email protected]. We will respond within 30 days.
7Security
We take reasonable measures to protect your information:
- All connections use HTTPS (TLS 1.2+).
- Session tokens are signed and rotated.
- Payment card details never touch our servers — Stripe handles them.
- We use no passwords: authentication is via Google or a single-use magic link.
- Database access is restricted and logged.
No security measure is perfect. If we discover a data breach affecting your information, we will notify you within 72 hours as required by applicable law.
8Children's privacy
weave is not directed to individuals under 18. We do not knowingly collect personal information from anyone under 18. If you believe we have collected information from a minor, contact [email protected] and we will delete it.
9International transfers
Our services are hosted in the United States (Vercel — us-east-1) and rely on providers with US-based infrastructure. If you access the Service from outside the United States, your information will be transferred to and processed in the US. By using the Service, you consent to this transfer.
10Changes to this Policy
We may update this Policy from time to time. Material changes will be notified via email at least 14 days before taking effect.
11Contact
Questions or requests about your data: [email protected].
Spacing LLC — operator of weave (weaveiq.io).