1. Data controller
The controller for Wevia AI is Ricky Yin, an individual developer operating Wevia AI. There is no appointed data protection officer because the current scale and processing do not require one.
- Privacy contact: rickyyin98@gmail.com
- Operating region: China; no public walk-in office
- Correspondence address: provided upon a verified legal or data-rights request where required
2. Personal information we collect
Information you provide
- Account information: name, email address, encrypted authentication credentials or OAuth identifiers, profile image, and workspace membership.
- Search and workspace content: search descriptions, filters, saved candidates, notes, and actions taken inside a workspace.
- Communications: support emails, feedback, and security or privacy requests.
- Transaction information: order ID, product or plan, price, currency, tax, payment status, subscription status, and refund status. We do not store full card numbers.
Information collected automatically
- Device and network data: IP address, browser type, operating system, time zone, and device or session identifiers.
- Usage and security logs: pages and features used, request time, error events, authentication events, and audit history.
- Public-source evidence: public profiles, publications, posts, identifiers, engagement metrics, affiliations, and source URLs relevant to a user-requested search.
We do not request precise location, government identifiers, health data, or complete payment-card data.
3. How and why we use information
| Purpose | Legal basis |
|---|---|
| Provide accounts, workspaces, searches, evidence, and support | Contract performance |
| Process purchases, subscriptions, refunds, and receipts | Contract performance and legal obligation |
| Prevent abuse, enforce access limits, and secure the Service | Legitimate interests and legal obligation |
| Debug, measure reliability, and improve product quality | Legitimate interests |
| Send verification, billing, security, and policy notices | Contract performance and legitimate interests |
| Respond to lawful requests and protect legal rights | Legal obligation and legitimate interests |
We may create aggregated or de-identified statistics that cannot reasonably be linked to an individual.
4. Cookies and similar technologies
We use strictly necessary cookies or local storage for login sessions, security, OAuth state, language or interface preferences, and core product operation. These cannot be disabled without preventing the Service from working. We do not currently run advertising cookies or sell cross-site behavioral profiles.
Basic server logs may be used for reliability and security analytics. If optional analytics or marketing tools are introduced, this Policy and any required consent control will be updated before they are enabled.
5. Sharing and service providers
We do not sell personal information. We share only what is needed for the following purposes:
- Waffo Pancake: merchant of record, checkout, payment, tax, receipt, refund, fraud, and chargeback processing. Complete card data is processed by Waffo Pancake and is not stored on Wevia servers.
- Zeabur and infrastructure vendors: application and database hosting, networking, deployment, logs, and backups.
- GitHub: optional OAuth sign-in and basic account profile information authorized by the user.
- Feishu/Lark: restricted operator-console sign-in for approved administrative tenants.
- Resend: account-verification and essential transactional email delivery.
- TikHub, arXiv, and Semantic Scholar: public-source discovery and enrichment for searches requested by authorized users.
- Authorities or advisers: only where lawfully required or necessary to protect rights, security, and users.
Vendors act under their own terms and privacy obligations or under contractual processing restrictions, depending on the service. We may also disclose data in a merger or acquisition with notice and continued safeguards.
6. Public-source data
Wevia processes public professional and content-related information only when an authorized user requests a supported search. We preserve source URLs, capture timestamps, confidence, and provenance so results can be reviewed and corrected. We do not claim that public availability removes a person's privacy rights.
A person may ask us to review, correct, restrict, or remove a Wevia projection by emailing the privacy contact with enough detail to locate the relevant record. Removal from Wevia does not delete information from the original public source.
7. Security
- TLS/HTTPS encryption in transit;
- hashed passwords and encrypted OAuth tokens;
- workspace access controls and separate operator authentication;
- least-privilege server credentials, audit logs, and production health checks;
- database backups and controlled deployment processes.
No system is completely secure. If a breach is likely to affect your rights, we will notify affected people and competent authorities without undue delay and, where applicable, within 72 hours after becoming aware.
8. Retention
| Data | Retention | End of period |
|---|---|---|
| Account and workspace data | While active, then up to 90 days after a verified deletion or cancellation request | Delete or de-identify, except required records |
| Public-source captures and evidence | While referenced by an active workspace, then up to 90 days; immutable audit evidence may be retained longer where needed to resolve a dispute | Delete, de-identify, or restrict |
| Transaction and tax records | Up to 7 years, or the period required by applicable financial and tax law | Delete or archive with restricted access |
| Support and rights requests | 3 years after closure | Secure deletion |
| Security and audit logs | 12 months unless an incident requires longer preservation | Secure deletion |
Backups may retain deleted data for up to 35 additional days before automatic overwrite.
9. Your rights and choices
Depending on your location, you may request access, correction, deletion, restriction, objection, portability, or withdrawal of consent. You may also object to direct marketing and complain to a local data-protection authority. We do not discriminate against a person for exercising a privacy right.
Email rickyyin98@gmail.com. We may verify identity and authority before acting. We aim to respond within 30 calendar days, subject to lawful extensions.
10. Marketing
We do not currently send third-party advertising or sell marketing lists. If optional Wevia product news is introduced, it will include an unsubscribe link. Opting out of marketing will not stop essential account, security, billing, or policy messages.
11. International transfers
Infrastructure, payment, identity, email, and public-data providers may process information outside your country. Where required, transfers use contractual safeguards such as data-processing agreements and EU Standard Contractual Clauses, adequacy decisions, or another lawful transfer mechanism. We limit each provider to the information required for its function.
12. Children
The Service is intended only for people aged 18 or older and is not directed to children. We do not knowingly create accounts for or collect personal information directly from children. Contact us if you believe a child provided data so we can investigate and delete it where required.
13. Third-party links and services
Links and integrations are governed by the third party's own privacy practices. This Policy applies to information controlled by Wevia, not information independently collected by a public source, identity provider, or Waffo Pancake in its merchant-of-record role.
14. Policy changes and contact
We will update the date and version above when this Policy changes. Material changes will be announced by email or in-product notice at least 15 days before taking effect unless urgent legal or security reasons require a shorter period.
- Privacy and support email: rickyyin98@gmail.com
- Controller: Ricky Yin, individual developer operating Wevia AI
- Business hours: Monday–Friday, 09:00–18:00 China Standard Time (UTC+8)
- Website: https://wevia-ai.com