Privacy Policy

Last Updated: 2026-01-23

Welcome to Weave. We are committed to protecting your privacy and ensuring transparency about how we collect, use, and safeguard your information. This Privacy Policy explains our data practices when you use the Weave mobile application ("App").

By using Weave, you agree to the collection and use of information in accordance with this Privacy Policy.

1. Information We Collect

Account Information

When you create an account, we collect:

  • Email address - Used for authentication and account management
  • Password - Stored securely with encryption (we never see your plaintext password)
  • Account preferences - Your app settings and configurations

Workout Data

We store the following workout-related information you create:

  • Workout plans - Exercise routines you create or extract
  • Exercise details - Sets, reps, duration, instructions
  • YouTube URLs - Links to videos you process for workout extraction
  • Bookmarked plans - Shared workouts you save
  • Workout history - Completed workout sessions and progress tracking

Usage Information

We automatically collect certain information about how you use the App:

  • App interactions - Features you use and actions you perform
  • Device information - Operating system version, app version
  • Usage analytics - Aggregated data about app performance and feature usage

2. How We Use Your Information

We use the collected information for the following purposes:

  • Provide our service - Extract workouts from YouTube videos using AI, store and sync your workout plans across devices
  • Authentication - Verify your identity and manage your account access
  • Improve our App - Analyze usage patterns to enhance features and fix bugs
  • Communicate with you - Send account-related notifications and updates (only when necessary)
  • Customer support - Respond to your inquiries and provide assistance

3. Data Storage and Security

We take the security of your data seriously:

  • Secure storage - All data is stored using Supabase, a secure PostgreSQL database with enterprise-grade security
  • Encryption in transit - All data transmitted between your device and our servers uses HTTPS/TLS encryption
  • Authentication - Passwords are hashed using industry-standard bcrypt algorithm
  • Access controls - Your workout data is only accessible to you when authenticated
  • Regular updates - We maintain and update our security measures to protect against vulnerabilities

While we implement robust security measures, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security but are committed to protecting your information.

4. Data Sharing and Third-Party Services

We do not sell your personal information to third parties.

We share data with the following service providers only as necessary to operate our App:

  • Supabase - Database hosting and user authentication services
  • YouTube API - When you extract workouts from YouTube, we send video URLs to YouTube's API to retrieve video metadata. We do not share your personal information with YouTube
  • AI Services - We use AI models (Google Gemini or OpenAI) to analyze video content and extract workout information. Only video metadata and transcripts are processed, not your personal information

We may also disclose your information if required by law, to comply with legal processes, or to protect our rights and users' safety.

5. Your Rights and Choices

You have the following rights regarding your data:

  • Access - View all your workout plans and account information within the App
  • Edit - Modify your workout plans, exercises, and account details at any time
  • Delete - Remove individual workout plans within the App, or request account deletion
  • Export - Request a copy of your workout data

When you request account deletion, we will remove your personal information and workout data within 30 days. Some anonymized analytics data may be retained for service improvement.

6. Data Retention

  • Active accounts - We retain your data as long as your account is active
  • Deleted accounts - Personal data is permanently deleted within 30 days of account deletion
  • Legal requirements - Some data may be retained longer if required by law
  • Anonymized data - Aggregated, non-identifiable analytics data may be retained indefinitely for service improvement

7. Children's Privacy

Weave is not intended for children under 12 years of age. We do not knowingly collect personal information from children under 12. If you are a parent or guardian and believe your child has provided us with personal information, please contact us, and we will delete such information from our systems.

8. International Users

Weave is operated from India. If you are accessing the App from outside India, please be aware that your information may be transferred to, stored, and processed in India where our servers are located. By using Weave, you consent to this transfer.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify you of any material changes by:

  • Updating the "Last Updated" date at the top of this policy
  • Providing in-app notifications for significant changes

Your continued use of Weave after any changes indicates your acceptance of the updated Privacy Policy.

10. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please contact us:

Data Controller: Weave