Privacy Policy

1. Introduction

Welcome to Wemob ("we", "our", or "us"). We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform for building and publishing software through conversation ("Service").

Wemob is operated by Wemob Ltd, a company registered in the United Kingdom. We comply with the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), and the Data Protection Act 2018.

2. Information We Collect

2.1 Information You Provide to Us

• Account Information: name, email address, password (encrypted), and company name when you create an account.
• Billing Information: payment details, billing address, and VAT number (if applicable), processed securely through our payment processors.
• Project Data: prompts, project names, descriptions, logos, icons, and configuration settings for the apps and sites you build with Wemob.
• Support Communications: information you provide when contacting our support team, including your name, email, subject, and message content.
• App Store Credentials: if you choose our managed publishing option, Apple Developer and Google Play Console credentials (encrypted and stored securely).

2.2 Information Automatically Collected

• Usage Data: pages visited, features used, time spent on the Service, and interaction patterns.
• Device Information: browser type, operating system, device identifiers, and IP address.
• Analytics Data: we use PostHog for privacy-focused analytics to understand how users interact with our Service.
• Cookies and Tracking: see Section 8 for detailed information about cookies.
• Log Data: server logs including IP addresses, timestamps, and requested pages for security and troubleshooting.

2.3 Information from Third Parties

• Authentication Providers: if you sign in using third-party authentication (Google, GitHub, etc.), we receive basic profile information.
• Website Content: when you provide a website URL or reference material, we may automatically fetch and analyze its content to help generate your project.

3. How We Use Your Information

We process your personal data for the following purposes under lawful bases:

3.1 Contract Performance

• Provide and maintain the Service.
• Process transactions and manage subscriptions.
• Generate and deliver builds for web, iOS, and Android.
• Provide customer support and respond to inquiries.
• Manage your account and authenticate your access.

3.2 Legitimate Interests

• Improve and optimize the Service through analytics.
• Detect, prevent, and address technical issues and security threats.
• Develop new features based on user feedback.
• Send important Service updates, security alerts, and administrative messages.
• Conduct data analysis and testing to improve user experience.

3.3 Legal Obligations

• Comply with applicable laws, regulations, and legal processes.
• Maintain records required by tax and financial regulations.
• Respond to lawful requests from public authorities.

3.4 Consent

• Send marketing communications (you can opt out at any time).
• Use cookies for analytics and functionality (see Cookie Policy).
• Process special categories of data if explicitly provided.

4. AI and Automated Processing

Wemob uses artificial intelligence and machine learning to help you design, build, and deploy software. This includes:

• Content Analysis: analyzing your prompts and reference materials to generate code, layouts, and designs.
• Image Processing: automatic generation and optimization of icons, splash screens, and imagery.
• Code Generation: AI-assisted generation of app and site code based on your conversation.
• Quality Assurance: automated testing and optimization of the generated output.

No Automated Decision-Making: we do not use AI for automated decision-making that produces legal effects or similarly significantly affects you. Critical decisions regarding your account, billing, or service access involve human review.

5. How We Share Your Information

We do not sell your personal data. We may share it with:

5.1 Service Providers

• Cloud Infrastructure: Vercel (hosting), AWS (storage and processing).
• Payment Processing: Stripe for secure payment processing.
• Analytics: PostHog for privacy-focused analytics.
• Email Services: for transactional and support emails.
• App Store Management: Apple App Store and Google Play Store for app publishing.

All service providers are bound by data processing agreements and are required to implement appropriate security measures.

5.2 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the acquiring entity. We will provide notice before your data is transferred and becomes subject to a different privacy policy.

5.3 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g. court orders, subpoenas).

5.4 With Your Consent

We may share your information for any other purpose with your explicit consent.

6. International Data Transfers

Your personal data may be transferred to and processed in countries outside the UK and European Economic Area (EEA), including the United States, where our cloud infrastructure and service providers are located.

We ensure such transfers comply with applicable data protection laws through:

• Standard Contractual Clauses approved by the European Commission.
• Adequacy decisions recognizing certain countries as providing adequate protection.
• Additional safeguards such as encryption and access controls.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:

• Encryption: data in transit is encrypted via TLS/SSL; sensitive data at rest is encrypted.
• Access Controls: role-based access controls and multi-factor authentication for our team.
• Regular Audits: security audits and vulnerability assessments.
• Secure Development: security best practices in our development lifecycle.
• Data Minimization: we only collect and retain data necessary for the Service.
• Incident Response: procedures for detecting, responding to, and reporting data breaches.

However, no method of transmission or electronic storage is 100% secure. While we use commercially acceptable means to protect your data, we cannot guarantee absolute security.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience and collect information about usage patterns.

8.1 Types of Cookies We Use

• Essential Cookies: required for the Service to function, including authentication and security.
• Functional Cookies: remember your preferences, such as theme and language.
• Analytics Cookies: PostHog analytics to understand how users interact with our Service.
• Performance Cookies: help us improve the Service by collecting anonymous usage data.

8.2 Managing Cookies

You can control cookies through your browser settings. Disabling certain cookies may affect Service functionality. Most browsers allow you to:

• View and delete cookies.
• Block third-party cookies.
• Block cookies from specific sites.
• Block all cookies.

9. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law:

• Account Data: retained while your account is active and for 90 days after account closure.
• Project Data: retained for 30 days after project deletion to allow recovery.
• Billing Records: retained for 7 years to comply with tax and accounting regulations.
• Support Communications: retained for 2 years for quality assurance and dispute resolution.
• Analytics Data: aggregated and anonymized data may be retained indefinitely.
• Backup Data: may be retained in backup systems for up to 90 days.

10. Your Data Protection Rights

Under GDPR and UK data protection laws, you have the following rights:

10.1 Right to Access

You have the right to request a copy of the personal data we hold about you. Contact us at privacy@wemob.io to make a data access request.

10.2 Right to Rectification

You can update or correct your personal information through your account settings or by contacting us.

10.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data. We will comply unless we have a legal obligation to retain it (e.g. for tax purposes).

10.4 Right to Restrict Processing

You can request that we limit the processing of your personal data in certain circumstances.

10.5 Right to Data Portability

You can request a machine-readable copy of your personal data to transfer to another service provider.

10.6 Right to Object

You can object to processing of your personal data based on legitimate interests or for direct marketing purposes.

10.7 Right to Withdraw Consent

Where we rely on your consent, you can withdraw it at any time without affecting the lawfulness of processing before withdrawal.

10.8 Right to Lodge a Complaint

You have the right to lodge a complaint with the Information Commissioner's Office (ICO) in the UK or your local supervisory authority if you believe we have not handled your personal data properly.

Exercising Your Rights

To exercise any of these rights, contact us at privacy@wemob.io. We will respond within 30 days. We may need to verify your identity before processing your request.

11. Children's Privacy

Our Service is not directed to individuals under the age of 16. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at privacy@wemob.io and we will delete it.

12. Marketing Communications

With your consent, we may send you marketing communications about the Service, new features, and special offers. You can opt out at any time by:

• Clicking the "unsubscribe" link in any marketing email.
• Updating your communication preferences in your account settings.
• Contacting us at privacy@wemob.io.

Even if you opt out, we will still send essential Service-related communications (e.g. account notifications, billing information, security alerts).

13. Third-Party Links and Services

Our Service may contain links to third-party websites and services. We are not responsible for their privacy practices. We encourage you to read their privacy policies before providing any personal information.

When you publish projects built with Wemob, those projects may access or display third-party content, which is subject to its own privacy policy.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by:

• Posting the updated Privacy Policy on our website.
• Updating the "Last updated" date at the top of this page.
• Sending an email notification for significant changes.
• Displaying a prominent notice on the Service.

Your continued use of the Service after such modifications constitutes your acknowledgment and acceptance of the updated Privacy Policy.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We aim to respond to all privacy-related inquiries within 30 days.

16. Additional Information for EEA and UK Residents

Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR:

• Contract: to provide our Service and fulfil our contractual obligations.
• Consent: for marketing communications and optional features.
• Legitimate Interests: to improve our Service, ensure security, and conduct analytics.
• Legal Obligation: to comply with applicable laws and regulations.

Data Protection Impact Assessments

We conduct Data Protection Impact Assessments (DPIAs) for high-risk processing activities to ensure appropriate safeguards are in place.

UK Representative

As we are based in the UK, we do not require an EU representative under GDPR. For EEA residents, you can contact us directly at privacy@wemob.io.