Privacy Policy
Draft, pre-adapted to US conventions, to be reviewed by counsel before launch.
1. Overview and who we are
Protecting your personal data matters to us. We handle your data confidentially and in line with applicable data protection laws, including the EU General Data Protection Regulation (GDPR) where it applies and applicable US state privacy laws. Data controller: WECAVIS LLC 2880 W Oakland Park Blvd, Suite 225C Oakland Park, FL 33311, USA Email: [email protected] Privacy contact: Tatjana Muschalik, [email protected]
2. Information we collect
a) When you visit the site, we automatically receive technical data (IP address, date and time, browser type) to deliver the site. Legal basis: legitimate interest (GDPR Art. 6(1)(f)). b) When you register an account or contact us, we process your company name, name, email and any further details you provide, to perform the contract and respond to requests. Legal basis: contract (GDPR Art. 6(1)(b)). c) Content you ingest (website text, chatbot conversations) is processed to generate knowledge pages and to measure citation visibility.
3. Subprocessors and third-party services
a) Stripe (payments): payment data is handled directly by Stripe and is not stored on our servers. b) Google (sign-in): for optional Google sign-in, Google processes your basic account data (name, email). c) AI services (Anthropic PBC, OpenAI, Perplexity, all USA): to generate knowledge pages and support drafts and to measure citations. Use of your data to train their AI models is contractually prohibited. EU Standard Contractual Clauses apply to transfers of EU personal data. d) Hosting and delivery: Hetzner (Germany) for hosting; Cloudflare for CDN, proxy and TLS. Finished pages and data are stored on servers in the EU. e) Email: Google Workspace for transactional and support email.
4. International data transfers
We are a US company, and some subprocessors (for example AI services) process data in the United States. Customer pages and account data are stored on servers in the European Union. Where EU personal data is transferred outside the EU, we rely on EU Standard Contractual Clauses and equivalent safeguards.
5. Artificial intelligence: transparency and human control
Principle: AI assists, humans decide. All AI-generated content (knowledge pages, reply drafts) is a suggestion for human review. Every generated page passes through an approval gate: a responsible person reviews and publishes the content. Nothing goes live without approval. Processing steps are logged for traceability. The AI features are designed to meet the requirements of Regulation (EU) 2024/1689 (the EU AI Act) where applicable.
6. Cookies and consent
We use strictly necessary cookies (for example for the sign-in session and language preference). These do not require consent. Any additional services would be added here.
7. Your rights
Under the GDPR you have the right to access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20), and to withdraw consent (Art. 7(3)). If you are a US resident, you may have additional rights under applicable state privacy laws (for example, the right to know, delete, correct, and opt out of the sale or sharing of personal information under the CCPA/CPRA for California residents). We do not sell your personal information. To exercise any right, contact [email protected].
8. Data retention
We keep personal data for as long as your account is active and as needed to provide the service. After contract termination, customer data is available for export for 90 days and then deleted, unless a legal retention obligation applies.
9. Complaints and updates
If you are in the EU or EEA, you may lodge a complaint with a data protection supervisory authority. This policy is a draft and will be finalized before launch.