Privacy · Version 1.0

Privacy Policy

This Policy explains what Wevia AI collects, why it is used, who receives it, how long it is kept, and the choices available to you.

Effective and last updated: July 17, 2026

1. Data controller

The controller for Wevia AI is Ricky Yin, an individual developer operating Wevia AI. There is no appointed data protection officer because the current scale and processing do not require one.

  • Privacy contact: rickyyin98@gmail.com
  • Operating region: China; no public walk-in office
  • Correspondence address: provided upon a verified legal or data-rights request where required

2. Personal information we collect

Information you provide

  • Account information: name, email address, encrypted authentication credentials or OAuth identifiers, profile image, and workspace membership.
  • Search and workspace content: search descriptions, filters, saved candidates, notes, and actions taken inside a workspace.
  • Communications: support emails, feedback, and security or privacy requests.
  • Transaction information: order ID, product or plan, price, currency, tax, payment status, subscription status, and refund status. We do not store full card numbers.

Information collected automatically

  • Device and network data: IP address, browser type, operating system, time zone, and device or session identifiers.
  • Usage and security logs: pages and features used, request time, error events, authentication events, and audit history.
  • Public-source evidence: public profiles, publications, posts, identifiers, engagement metrics, affiliations, and source URLs relevant to a user-requested search.

We do not request precise location, government identifiers, health data, or complete payment-card data.

3. How and why we use information

PurposeLegal basis
Provide accounts, workspaces, searches, evidence, and supportContract performance
Process purchases, subscriptions, refunds, and receiptsContract performance and legal obligation
Prevent abuse, enforce access limits, and secure the ServiceLegitimate interests and legal obligation
Debug, measure reliability, and improve product qualityLegitimate interests
Send verification, billing, security, and policy noticesContract performance and legitimate interests
Respond to lawful requests and protect legal rightsLegal obligation and legitimate interests

We may create aggregated or de-identified statistics that cannot reasonably be linked to an individual.

4. Cookies and similar technologies

We use strictly necessary cookies or local storage for login sessions, security, OAuth state, language or interface preferences, and core product operation. These cannot be disabled without preventing the Service from working. We do not currently run advertising cookies or sell cross-site behavioral profiles.

Basic server logs may be used for reliability and security analytics. If optional analytics or marketing tools are introduced, this Policy and any required consent control will be updated before they are enabled.

5. Sharing and service providers

We do not sell personal information. We share only what is needed for the following purposes:

  • Waffo Pancake: merchant of record, checkout, payment, tax, receipt, refund, fraud, and chargeback processing. Complete card data is processed by Waffo Pancake and is not stored on Wevia servers.
  • Zeabur and infrastructure vendors: application and database hosting, networking, deployment, logs, and backups.
  • GitHub: optional OAuth sign-in and basic account profile information authorized by the user.
  • Feishu/Lark: restricted operator-console sign-in for approved administrative tenants.
  • Resend: account-verification and essential transactional email delivery.
  • TikHub, arXiv, and Semantic Scholar: public-source discovery and enrichment for searches requested by authorized users.
  • Authorities or advisers: only where lawfully required or necessary to protect rights, security, and users.

Vendors act under their own terms and privacy obligations or under contractual processing restrictions, depending on the service. We may also disclose data in a merger or acquisition with notice and continued safeguards.

6. Public-source data

Wevia processes public professional and content-related information only when an authorized user requests a supported search. We preserve source URLs, capture timestamps, confidence, and provenance so results can be reviewed and corrected. We do not claim that public availability removes a person's privacy rights.

A person may ask us to review, correct, restrict, or remove a Wevia projection by emailing the privacy contact with enough detail to locate the relevant record. Removal from Wevia does not delete information from the original public source.

7. Security

  • TLS/HTTPS encryption in transit;
  • hashed passwords and encrypted OAuth tokens;
  • workspace access controls and separate operator authentication;
  • least-privilege server credentials, audit logs, and production health checks;
  • database backups and controlled deployment processes.

No system is completely secure. If a breach is likely to affect your rights, we will notify affected people and competent authorities without undue delay and, where applicable, within 72 hours after becoming aware.

8. Retention

DataRetentionEnd of period
Account and workspace dataWhile active, then up to 90 days after a verified deletion or cancellation requestDelete or de-identify, except required records
Public-source captures and evidenceWhile referenced by an active workspace, then up to 90 days; immutable audit evidence may be retained longer where needed to resolve a disputeDelete, de-identify, or restrict
Transaction and tax recordsUp to 7 years, or the period required by applicable financial and tax lawDelete or archive with restricted access
Support and rights requests3 years after closureSecure deletion
Security and audit logs12 months unless an incident requires longer preservationSecure deletion

Backups may retain deleted data for up to 35 additional days before automatic overwrite.

9. Your rights and choices

Depending on your location, you may request access, correction, deletion, restriction, objection, portability, or withdrawal of consent. You may also object to direct marketing and complain to a local data-protection authority. We do not discriminate against a person for exercising a privacy right.

Email rickyyin98@gmail.com. We may verify identity and authority before acting. We aim to respond within 30 calendar days, subject to lawful extensions.

10. Marketing

We do not currently send third-party advertising or sell marketing lists. If optional Wevia product news is introduced, it will include an unsubscribe link. Opting out of marketing will not stop essential account, security, billing, or policy messages.

11. International transfers

Infrastructure, payment, identity, email, and public-data providers may process information outside your country. Where required, transfers use contractual safeguards such as data-processing agreements and EU Standard Contractual Clauses, adequacy decisions, or another lawful transfer mechanism. We limit each provider to the information required for its function.

12. Children

The Service is intended only for people aged 18 or older and is not directed to children. We do not knowingly create accounts for or collect personal information directly from children. Contact us if you believe a child provided data so we can investigate and delete it where required.

13. Third-party links and services

Links and integrations are governed by the third party's own privacy practices. This Policy applies to information controlled by Wevia, not information independently collected by a public source, identity provider, or Waffo Pancake in its merchant-of-record role.

14. Policy changes and contact

We will update the date and version above when this Policy changes. Material changes will be announced by email or in-product notice at least 15 days before taking effect unless urgent legal or security reasons require a shorter period.

  • Privacy and support email: rickyyin98@gmail.com
  • Controller: Ricky Yin, individual developer operating Wevia AI
  • Business hours: Monday–Friday, 09:00–18:00 China Standard Time (UTC+8)
  • Website: https://wevia-ai.com