1. Who We Are

This Privacy Policy applies to weaveleads and the websites, hosted tool pages, embeds, dashboards, APIs, and related services we provide.

weaveleads is an independent software service. In this policy, "weaveleads", "we", "us", and "our" refer to the operator of the weaveleads service.

Contact for privacy matters: privacy@weaveleads.app.

2. Scope And Roles

weaveleads offers a platform that lets customers build interactive lead-capture tools, publish them, collect responses, and manage leads.

For account-holder data, billing data, service communications, logs, and platform analytics, weaveleads generally acts as a controller. For answers, leads, and other customer-submitted data collected through a customer's tool, weaveleads generally acts as a processor or service provider on the customer's behalf, except where we must process limited data for security, fraud prevention, legal compliance, or billing in our own capacity.

3. Personal Data We Collect

4. Sources Of Data

We collect personal data directly from you when you create an account, configure tools, purchase a plan, contact us, or use the dashboard.

We also collect data from visitors who interact with tools published through weaveleads, from third-party identity providers when you choose social sign-in, and from payment, email, storage, analytics, and other service providers involved in operating the platform.

5. Why We Process Personal Data

• To create and manage accounts, authenticate users, and secure access to the platform.
• To host customer tools, process submissions, generate AI outputs, score leads, and deliver customer workflows.
• To process payments, issue invoices, manage subscriptions, and prevent billing fraud.
• To send transactional emails such as welcome messages, password resets, lead confirmations, billing notices, and service updates.
• To maintain logs, prevent abuse, enforce rate limits, detect security incidents, and troubleshoot errors.
• To understand service performance and improve the product, including through product analytics where lawfully permitted.
• To comply with legal obligations, respond to lawful requests, and establish, exercise, or defend legal claims.

6. Legal Bases Under GDPR

If GDPR applies to a particular processing activity, we rely on one or more of the following legal bases: performance of a contract, compliance with a legal obligation, legitimate interests, and consent where consent is required.

Contract is used for account creation, authentication, hosting customer tools, lead processing, subscriptions, and customer support. Legitimate interests may apply to fraud prevention, product security, limited operational analytics, service improvement, and internal administration. Consent is used where required for non-essential cookies, certain direct marketing activities, or other optional features. You may withdraw consent at any time without affecting processing carried out before withdrawal.

7. Cookies And Similar Technologies

weaveleads uses essential cookies and similar technologies needed to keep users signed in, protect against abuse, preserve session state, and deliver core application functionality.

weaveleads uses a third-party analytics service for product analytics. Where consent is legally required for analytics technologies, those technologies should only be activated after valid consent has been obtained. See our Cookie Policy for more detail.

8. Sharing And Disclosure

• Infrastructure, database, cache, hosting, and storage providers that host application data and uploaded files.
• Third-party identity and authentication providers when you choose those sign-in methods.
• Email service providers that help us send transactional and operational emails.
• Payment service providers that support checkout, payment processing, subscriptions, and invoicing.
• Analytics providers when analytics is enabled.
• AI service providers used to generate outputs when customer tools submit answers for AI processing.
• Webhook recipients designated by a customer in that customer's tool configuration.
• Professional advisers, auditors, courts, regulators, law enforcement, or other parties where disclosure is legally required or necessary to protect rights and safety.

9. International Transfers

Because weaveleads relies on third-party service providers, personal data may be processed in countries other than the country where it was collected, including in some cases outside the European Economic Area.

Where GDPR applies, we will use an appropriate transfer mechanism for restricted transfers, such as an adequacy decision or the European Commission's Standard Contractual Clauses, together with supplementary measures where needed.

Where Algerian Law 18-07, as amended, applies, transfers of personal data to a foreign state will only be carried out when the applicable legal conditions are met, including any required authorization from the Algerian national authority and the requirement that the destination ensures an adequate level of protection.

10. Data Retention

• Account data is kept while your account is active and for a limited period afterward as needed for security, dispute handling, legal compliance, and backup recovery.
• Password reset tokens are kept only until expiry or use.
• API key records are kept until revoked or deleted, together with limited usage metadata.
• Tool content, submissions, leads, and related analytics are kept until the customer deletes them, closes the account, or asks us to delete them, unless a longer retention period is required by law or needed for security, fraud prevention, or legal claims.
• Billing and invoice records may be retained for the period required by tax, accounting, anti-fraud, and other mandatory legal obligations.
• When deletion is requested, we may instead anonymize or de-identify data where full deletion is not reasonably possible or where retention is legally required.

11. Your Rights

Subject to applicable law and verification of identity, you may request access to your personal data, rectification of inaccurate data, erasure, restriction, objection, portability, and withdrawal of consent where consent is the legal basis. You may also object to processing based on legitimate interests and complain to a competent supervisory authority.

Under Algerian Law 18-07, data subjects also have rights to information, access, rectification, and opposition in the cases provided by law. Requests can be sent to privacy@weaveleads.app. If you are a visitor who submitted data to one of our customers through a weaveleads-hosted tool, we may direct your request to that customer when they are the controller of your data.

12. Security Measures

We implement technical and organizational measures designed to protect personal data against unauthorized access, destruction, loss, alteration, disclosure, or misuse. These measures may include password hashing, access controls, logging, rate limiting, signed webhook verification, environment-based secret management, and role-based restrictions.

No method of transmission or storage is completely secure. If a personal data breach occurs, we will follow the notification obligations that apply under GDPR and other applicable laws.

13. Children

weaveleads is not intended for children under the age at which they can validly consent to data processing under applicable law, and we do not knowingly collect personal data from children in violation of applicable law. If you believe a child has provided personal data unlawfully, contact us so we can take appropriate action.

14. Changes To This Policy

We may update this Privacy Policy from time to time to reflect legal, technical, or business developments. If the changes are material, we will post the updated version on this page and, where required, provide additional notice.