Privacy Policy

Introduction

WeaveAI LLC ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your information when you use our Chrome extension and related services. This policy covers all data collected through our Chrome extension, website, and backend services.

By installing or using the WeaveAI Chrome extension, you agree to the collection and use of information in accordance with this policy.

Information We Collect

1. Account and Authentication Information

• Email address: Collected when you create an account. Stored in our Supabase database and used for authentication, account management, and subscription tracking.
• Authentication tokens: Session tokens issued by Supabase Auth are stored locally in Chrome's secure storage to keep you logged in. These expire periodically and are refreshed automatically.
• Google OAuth tokens (optional): If you use Google Docs or Slides integration, OAuth tokens are cached locally in your browser for up to 1 hour to enable read-only access to files you explicitly choose to chat with. These tokens are never sent to our servers.

2. Usage and Activity Data

• Prompt count: The number of AI prompts you send is recorded in our database to enforce subscription tier limits (trial, basic, or premium).
• Subscription status: Your current subscription tier, plan type, and remaining prompt allowance are stored to manage access to features.
• Feature usage statistics: Anonymous data about which extension features are used (e.g., multi-tab mode, PDF mode) to help us improve the product.
• Error reports: Crash reports and error logs (without personal content) to help us diagnose and fix bugs.
• Extension version and browser type: Collected to ensure compatibility and support.

3. Payment Information

• Billing details: Handled entirely by Stripe. We never see or store your credit card number, CVV, or full billing address. We only receive a Stripe customer ID and subscription status from Stripe after payment.

4. Content Processed by the Extension (Not Stored by Us)

The following content is processed locally in your browser and/or transmitted to AI providers to generate responses, but is not stored on our servers:

• Web page content: Text content from tabs you select for analysis is extracted locally and included in prompts sent to AI providers.
• PDF content: Text extracted from PDFs you choose to analyze, included in prompts sent to AI providers.
• YouTube transcripts: Transcripts from YouTube videos you select, included in prompts sent to AI providers.
• Your chat messages and AI responses: Stored locally in your browser for up to 24 hours and then automatically deleted. Never stored on our servers.
• Your browsing history: Not collected. We only access tabs you explicitly select.

5. API Keys (Optional — BYOK Mode)

• If you use Bring Your Own Key (BYOK) mode, your API keys are stored locally in Chrome's encrypted storage. They are never transmitted to our servers.

How We Use Your Information

• Account management: Your email and authentication tokens are used to create and maintain your account.
• Subscription and usage enforcement: Prompt counts and subscription status are used to enforce trial limits and paid plan allowances.
• Payment processing: Your email is shared with Stripe to create a billing customer record and process subscription payments.
• AI response generation (Managed API mode): When you use WeaveAI's managed API (not BYOK), the content you select (web pages, PDFs, YouTube transcripts) and your chat messages are sent to Google's Gemini API to generate AI responses. This content is processed according to Google's API data use policies.
• Customer support: Your email may be used to respond to support requests.
• Product improvement: Anonymous, aggregated usage statistics help us understand feature adoption and improve the extension.
• Security and fraud prevention: Usage patterns may be monitored to detect abuse or unauthorized access.

Data Sharing — All Third Parties

We do not sell your personal data. We share data only with the following third parties, strictly as necessary to operate the service:

We do not share your data with any other third parties, advertising networks, data brokers, or analytics companies.

Data Storage and Security

• Local storage: API keys, OAuth tokens, and chat history are stored locally in Chrome's secure, encrypted extension storage and never leave your device (except as described above).
• Transit encryption: All network requests use HTTPS/TLS encryption.
• Cloud storage: Email address, subscription data, and usage counts are stored on Supabase with encryption at rest.
• Access controls: Our Supabase database uses row-level security (RLS) so each user can only access their own data.
• No conversation storage: Your chat messages and AI responses are never stored on our servers. They exist only in your browser's local storage.

Data Retention

• Chat history: Stored locally in your browser for 24 hours and then automatically deleted.
• Account data (email, subscription): Retained while your account is active.
• Usage data (prompt counts): Retained for account management; aggregated and anonymized after 90 days of account deletion.
• Deleted accounts: All personal data is removed within 30 days of an account deletion request.

Google OAuth and Drive API

WeaveAI uses Google OAuth to enable read-only access to Google Docs and Slides that you explicitly choose to analyze:

• Scope requested: Read-only access to Google Drive files (drive.readonly).
• Token storage: OAuth tokens are cached locally in Chrome's secure storage and expire after 1 hour. They are never sent to our servers.
• Data usage: Document content is read only when you explicitly initiate a chat with that document. It is sent to Google Gemini API for response generation and is not stored on our servers.
• No write access: We never create, modify, or delete your Google Drive files.
• WeaveAI's use of Google user data is limited to providing the in-product feature you explicitly request and does not include transfer to third parties for advertising or unrelated purposes.

See Google's Privacy Policy for more information.

Your Rights

You have the right to:

• Access: Request a copy of the personal data we hold about you.
• Deletion: Request deletion of your account and all associated personal data.
• Correction: Update your email or account information via the extension's Settings page.
• Portability: Export your locally stored chat history at any time from within the extension.
• Opt-out: Disable anonymous usage statistics collection in the extension's Settings page.
• Withdraw consent: Revoke Google OAuth access at any time via your Google Account permissions page.

To exercise these rights, contact us at reachweaveai@gmail.com. We will respond within 30 days.

Children's Privacy

WeaveAI is not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will promptly delete it.

Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via the extension or by email. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of WeaveAI after changes are posted constitutes acceptance of the updated policy.