Terms of Service & Privacy Policy

By accessing, downloading, or using the Weavid mobile application ("App," "Service," "Platform"), you ("User," "you," "your") agree to be bound by these Terms of Service and Privacy Policy ("Terms," "Agreement"). If you do not agree to these Terms, you must not use the Service.

These Terms constitute a legally binding agreement between you and Weavid ("we," "us," "our," "Company"). By creating an account, you confirm that:

• You have read, understood, and agree to these Terms in their entirety
• You meet all eligibility requirements stated herein
• You have the legal capacity to enter into this binding agreement
• All information you provide is accurate and truthful

Age Requirements

• Minimum Age: You must be at least 13 years old to create an account and use Weavid
• Users Under 18: If you are under 18, you represent that you have obtained parental or legal guardian consent to use this Service
• COPPA Compliance: We comply with the Children's Online Privacy Protection Act (COPPA) for users under 13 in the United States

Account Creation

To use Weavid, you must create an account by providing:

• Username: Unique identifier (stored in plaintext)
• Email Address: Encrypted on your device before transmission to our servers
• Date of Birth: Encrypted on your device; used for age verification and content filtering
• Password: Hashed using industry-standard bcrypt algorithm; never stored in plaintext
• Phone Number (Optional): Encrypted on your device if provided

Account Security

You are responsible for:

• Maintaining the confidentiality of your password and encryption keys
• All activities that occur under your account
• Immediately notifying us of any unauthorized access or security breach
• Backing up your client-side encryption keys (we cannot recover them if lost)

Account Restrictions

You may not:

• Create multiple accounts for abusive purposes
• Share your account credentials with others
• Purchase, sell, rent, or transfer your account
• Use automated tools (bots, scripts) to create or operate accounts without permission
• Impersonate any person or entity
• Circumvent age verification or content restrictions

Personal Information (PII)

All personally identifiable information is encrypted on your device using client-side encryption before being transmitted to our servers:

Content You Create

• Public Videos: Stored on Cloudflare R2 (May vary), separate from identity data
• Posts & Comments: Stored in our EU-based PostgreSQL database
• Direct Messages: End-to-end encrypted using Signal Protocol; we cannot decrypt them
• Group Messages: Stored encrypted; decryption keys held by group members only
• Virtual Pets: Pet ownership, customization data, interaction history

Usage & Technical Information

• Device Information: OS version, app version, device model (for compatibility and security)
• IP Addresses: Last 3 IP addresses only, encrypted at rest, 30-day rolling retention
• Activity Logs: Post views, likes, follows, engagement metrics (for feed algorithm)
• Session Data: Login times, session duration (for security monitoring)

Information We Do NOT Collect

• Browsing history outside Weavid
• Location data (unless explicitly shared in posts)
• Device contacts or address book
• Keyboard or microphone data outside the app
• Advertising identifiers (IDFA, AAID)
• Cross-site tracking cookies or pixels
• Biometric data

Primary Purposes

We use your information exclusively for the following purposes:

Service Provision

• Create and manage your account
• Deliver content feeds, notifications, and messages
• Enable social features (following, commenting, sharing)
• Process virtual pet interactions and gamification
• Facilitate livestream participation

Security & Safety

• Detect and prevent fraud, abuse, and unauthorized access
• Enforce our Terms of Service and Acceptable Use Policy
• Investigate and respond to abuse reports
• Comply with legal obligations and law enforcement requests
• Protect against malicious activity and attacks

Platform Improvement

• Analyze aggregated, anonymized usage patterns
• Improve features, performance, and user experience
• Develop new features and products
• Conduct research and analytics (using non-identifiable data only)

Communications

• Send account-related notifications (login alerts, password changes)
• Deliver important service updates and policy changes
• Respond to support inquiries and customer service requests
• Send security alerts and abuse report updates

What We Do NOT Do With Your Data

• Never Sell or Rent: We do not sell, rent, or trade your personal information to third parties for any purpose
• No Targeted Advertising: We do not use your data for behavioral advertising or third-party ad targeting
• No Hidden Profiles: We do not build shadow profiles or track your behavior outside Weavid
• No Data Brokerage: We do not share your data with data brokers or aggregators
• No Cross-Platform Tracking: We do not participate in cross-site tracking or advertising networks

Data Locations

Data Sovereignty Commitments

• EU-Only Storage: All user data is stored exclusively within the European Union and Switzerland
• GDPR Jurisdiction: Your data is subject to EU data protection laws, the world's strongest privacy regulations
• Outside US CLOUD Act: By using Swiss and EU providers, we keep your data outside US government jurisdiction
• No International Transfers: We do not transfer data to countries outside the EU/EEA/Switzerland
• Separation of Concerns: Videos and identity data are stored separately; a breach of one does not compromise the other

Data Retention

Client-Side Encryption (Your PII)

Your personal information is encrypted on your device before it ever reaches our servers:

• Algorithm: AES-256-GCM with libsodium/WebCrypto API
• Key Generation: 256-bit encryption keys generated on your device during account creation
• Key Storage: YOU control your keys; they are stored in your device's secure enclave/keychain
• Server Access: We NEVER see your encryption keys; we cannot decrypt your PII
• Recovery: If you lose your keys, we CANNOT recover your encrypted data (this is by design)
• Legal Protection: We cannot provide decrypted PII to anyone, including law enforcement, because we don't have the capability

End-to-End Encrypted DMs

Direct messages use Signal Protocol-style encryption:

• Double Ratchet Algorithm: Forward secrecy ensures past messages remain secure even if current keys are compromised
• Per-Message Keys: Each message encrypted with a unique ephemeral key
• Multi-Device Support: Separate keys for each device; messages synced using device-to-device encryption
• No Server Access: We cannot decrypt your DMs under any circumstances
• Metadata Minimization: We only store sender ID, recipient ID, and encrypted message blob

Host-Side Encryption (Abuse Reports)

When abuse is reported, we use a two-tier system with 30-day key rotation:

• Tier 1 Keys: Allow decryption of reported content and user IDs (but NOT personal information like names, emails, phone numbers)
• Tier 2 Keys: Allow decryption of PII only for serious cases requiring direct contact or law enforcement coordination
• Key Rotation: Both tiers rotate every 30 days, limiting exposure if keys are compromised
• Historical Keys: Retained for 1 year to decrypt past abuse reports, then securely destroyed
• Access Control: Tier 2 keys require multi-person approval and are logged in immutable audit trail

Database & Transport Security

• Encryption at Rest: All database fields encrypted using PostgreSQL pgcrypto with AES-256
• TLS 1.3: All connections use TLS 1.3 with perfect forward secrecy
• Certificate Pinning: Mobile apps use certificate pinning to prevent man-in-the-middle attacks
• Row-Level Security (RLS): Database enforces least-privilege access control at the row level
• Principle of Least Privilege: Database roles have minimum necessary permissions; all access logged

Key Management

• Hardware Security Modules (HSM): Host-side keys stored in EU-based HSMs with FIPS 140-2 Level 3 certification
• Key Derivation: Keys derived using PBKDF2 with high iteration counts
• Key Rotation Schedule: 30-day rotation for abuse review keys, annual rotation for database encryption keys
• Key Destruction: Retired keys securely overwritten and destroyed per NIST guidelines

Security Practices

• Regular Security Audits: Third-party penetration testing and code audits conducted annually
• Vulnerability Disclosure Program: Responsible disclosure program with recognition and rewards
• Secure Development: Security training for all developers, secure code review process
• Incident Response Plan: Documented incident response procedures with 24-hour escalation
• Audit Logging: All sensitive operations logged with immutable timestamps and multi-region replication

Free Speech & Content Standards

Weavid supports freedom of expression while maintaining a safe, respectful environment. You are free to share your opinions, create content, and engage in discussion. However, certain behaviors are prohibited:

Prohibited Content & Conduct

Zero Tolerance (Immediate Permanent Ban)

• Child Sexual Abuse Material (CSAM): Any sexually exploitative content involving minors
• Child Exploitation: Grooming, solicitation, or sexualization of minors
• Human Trafficking: Content facilitating or promoting human trafficking
• Terrorism: Content recruiting for, promoting, or coordinating terrorist activities
• Non-Consensual Intimate Images: Sharing intimate images or videos without consent ("revenge porn")

Hate Speech & Harassment

While we support free speech, we prohibit:

• Hate Speech: Content that attacks, threatens, or incites violence against individuals or groups based on protected characteristics (race, ethnicity, religion, gender, sexual orientation, disability, national origin)
• Targeted Harassment: Sustained malicious attacks, doxxing, or brigading against specific individuals
• Threats of Violence: Credible threats to harm individuals or groups
• Encouragement of Self-Harm: Content promoting suicide, self-injury, or eating disorders

Important Distinction: Political criticism, satire, and controversial opinions are permitted. We distinguish between unpopular speech (protected) and harmful speech (prohibited). Context matters.

Illegal Activity

• Sharing or promoting illegal drugs, weapons, or controlled substances
• Fraud, scams, or financial crimes
• Copyright infringement (see DMCA section)
• Unauthorized access or hacking attempts
• Distribution of malware or viruses

Spam & Manipulation

• Automated posting (bots) without permission
• Coordinated inauthentic behavior or manipulation campaigns
• Spam, phishing, or deceptive links
• Vote/engagement manipulation
• Impersonation of others

Sexual Content & Nudity Restrictions

• No Pornography or Sexually Explicit Content: Sexually explicit content, pornography, and graphic sexual acts are strictly prohibited across all content tiers, including "Mature" (M) tier.
• No Nudity: Creator-generated content featuring nudity is prohibited. This includes:
  • Photos, videos, or livestreams showing exposed genitalia, buttocks, or nipples (male or female)
  • Content where nudity is the primary focus, regardless of context
  • Nudity presented as "artistic," "educational," or "medical" (prohibited to prevent abuse of loopholes)
• No Sexual or Suggestive Content: Content that is sexually suggestive, provocative, or designed to be sexually arousing is prohibited. This includes:
  • Overtly sexual posing, dancing, or behavior
  • Simulated sexual acts or sounds
  • Focus on intimate body parts or sexualized contexts
  • "Educational" or "instructional" content about sexual acts (e.g., "how to" guides for sexual activities)
  • Content designed to circumvent these restrictions through creative framing
• Exception - Documented Artwork: Sharing images of professionally created, historically recognized artwork is permitted when the artwork itself (not the creator) contains nudity. Examples:
  • Museum exhibits, classical paintings, sculptures (e.g., Michelangelo's David, Venus de Milo)
  • Historical or culturally significant artwork
  • Educational content about art history where the focus is the artwork, not nudity
  • Critical Distinction: Sharing a photo of the Sistine Chapel (artwork) is allowed. Creating your own nude content and calling it "art" is NOT allowed.
• Medical & Educational Content: Legitimate medical or educational content must:
  • Use medical diagrams, illustrations, or animations (not real people)
  • Be clearly framed in clinical, educational context
  • Not focus on sexual acts or arousal
  • Be age-appropriate and properly labeled as Mature (M)
  • Examples of PROHIBITED content: "How to find the G-spot," "Prostate exam techniques," or any content that uses "education" as a pretext for sexual content
• Mature (M) Tier Content: While Mature tier (17+) allows stronger language, violence, and adult themes, it does NOT permit nudity or sexual content. Mature discussions of relationships, dating, or sexuality are permitted if they are conversation-based and do not include nudity or suggestive content.

Why This Policy? We're starting strict to build a respectful, safe community. Allowing "artistic nudity" or "educational" exceptions at launch invites abuse and makes moderation nearly impossible. Users will claim any nude content is "art" or "education." We may adjust these policies in the future once the platform is established and we can implement more nuanced moderation.

Violation Consequences:

• First violation: Content removed + 7-day posting restriction + warning
• Second violation: 30-day account suspension
• Third violation: Permanent ban
• Severe violations (e.g., pornographic content): Immediate permanent ban

Content Labeling Requirements

Creators must accurately label content:

• Everyone (E): Safe for all ages, family-friendly
• Teen (T): Ages 13+, mild language, teen themes
• Mature (M): Ages 17+, strong language, adult themes, violence, artistic nudity

Misrating content to circumvent age restrictions is a violation and may result in account suspension.

Respect & Community Standards

• Be Respectful: Disagree without being disagreeable; attack ideas, not people
• No Brigading: Do not coordinate mass harassment or reporting campaigns
• No Doxxing: Do not share others' private information without consent
• Honor Private Mode: Respect users who choose minimal engagement; do not attempt to circumvent their privacy settings
• No Impersonation: Do not mislead others about your identity or affiliation

Consequences of Violations

How Reporting Works

Users can report content that violates our policies:

• In-App Reporting: Tap the "Report" button on any post, comment, DM, or profile
• Report Categories: Spam, harassment, hate speech, violence, CSAM, self-harm, copyright, other
• Evidence Collection: For DM reports, your device decrypts messages with your key, then re-encrypts them for reviewers
• Review Queue: Reports are prioritized by severity (CSAM reports receive immediate human review)

Two-Tier Review System

Tier 1 Reviewers (Standard Cases):

• Can see reported content, usernames, and user IDs
• CANNOT see personal information (emails, phone numbers, real names)
• Handle 95% of cases without PII access
• Decision powers: warnings, content removal, temporary restrictions

Tier 2 Reviewers (Serious Cases):

• Can decrypt PII when necessary for serious violations
• Required for: law enforcement coordination, direct user contact for serious threats, CSAM cases
• Access requires multi-person approval and is logged in immutable audit trail
• Decision powers: permanent bans, law enforcement reporting, legal holds

Evidence Preservation

• Account Deletion Blocked: During active investigations, account deletion is temporarily paused to prevent evidence destruction
• 24-Hour Alert: If you attempt deletion within 24 hours of being reported, reviewers receive urgent alerts
• Audit Trail: All deletion attempts are logged with timestamps and IP addresses
• Resolution Timeline: Most investigations conclude within 5-7 business days; complex cases may take up to 30 days

False Report Protection

We take abuse of the reporting system seriously:

Appeals Process

• You can appeal any moderation decision within 14 days
• Appeals are reviewed by different moderators than the original decision
• Provide additional context or evidence with your appeal
• Appeal decisions are typically made within 5 business days
• Final appeal decisions are made by senior moderation staff

Transparency

We publish quarterly transparency reports including:

• Total reports received by category
• Reports actioned (content removed, warnings, bans)
• Average response time by severity level
• Appeals filed and appeal success rate
• Law enforcement requests received and complied with

Age Verification & Content Access

• Minimum Age: Users must be at least 13 years old to use Weavid
• Teen Users (Ages 13-16):
  • Self-attestation of age during signup with age-appropriate safety education
  • Content locked to "Everyone" (E) and "Teen" (T) rating levels only
  • Cannot access "Mature" (M) content
  • Enhanced privacy protections (stricter DM settings, group restrictions)
• Mature Content Access (Ages 17+):
  • Users 17 and older can access "Mature" (M) content through self-attestation at signup
  • No ID verification currently required (may be implemented in future for enhanced safety)
  • Mature content includes strong language, adult themes, violence, artistic nudity — but NO pornography
• No Hidden Groups: All groups have public summary pages showing activity metrics to prevent "dark corners" where abuse can occur

Private Mode (Enhanced Privacy Option)

Private Mode is designed for users who want minimal digital footprint:

• Can Do:
  • View videos and public content freely
  • Message friends who have added you (after 30 days of established friendship)
• Cannot Do:
  • Add friends yourself (can only receive friend requests)
  • Comment on videos or posts
  • Join or access groups (existing group memberships become inaccessible while in Private Mode)
  • Share media in DMs (except direct links to public videos on platform)
• Cooldown Protection:
  • 3-day cooldown to turn OFF Private Mode (prevents rapid toggling)
  • 5-day cooldown to turn it back ON after disabling
  • Designed to prevent abuse (e.g., commenting then hiding)
• Legacy Content: Comments made before enabling Private Mode remain visible and linked to your profile

COPPA Compliance (United States)

For users under 13 in the United States:

• We do not knowingly collect personal information from children under 13 without verifiable parental consent
• If we discover we have inadvertently collected data from a child under 13, we will delete it immediately
• Parents can request deletion of their child's data by contacting contact@weavid.com
• We limit data collection from teens ages 13-16 to the minimum necessary for service provision

Parental Controls & Oversight

• Family Accounts: Parents can link their account to their teen's account for oversight (opt-in for teens)
• Activity Monitoring: Parents with linked accounts can view their teen's public posts and content ratings accessed
• Contact Restrictions: Parents can limit who can DM or follow their teen
• Content Filtering: Parents can lock content ratings to Everyone/Teen only

Reporting Child Exploitation

If you encounter suspected child exploitation, grooming, or CSAM:

• In-App: Use the reporting tool and select "Child Exploitation" (highest priority review)
• Email: security@weavid.com with subject "URGENT: Child Safety"
• Our Response: Immediate review within 1 hour, content preservation, permanent ban, NCMEC and law enforcement reporting

Safety Education

We provide in-app safety education for teens:

• Recognizing grooming and predatory behavior
• Privacy settings and digital footprint management
• How to report inappropriate contact or content
• Resources for mental health and crisis support

If you are in the European Union, European Economic Area, United Kingdom, or Switzerland, you have the following rights under GDPR:

Right to Access

You can request a copy of all data we hold about you:

• Export available in-app: Settings → Privacy → Download My Data
• Data provided in machine-readable JSON format
• Includes all account data, posts, comments, messages (your encrypted copies)
• Note: Client-encrypted PII will remain encrypted unless you provide your decryption key
• Request processed within 30 days

Right to Rectification

You can update or correct your information:

• Most data editable in-app: Settings → Profile → Edit Information
• For encrypted PII changes, data must be re-encrypted with your key
• Contact contact@weavid.com if you cannot update information yourself

Right to Erasure ("Right to be Forgotten")

You can delete your account and data at any time:

• In-app deletion: Settings → Account Management → Delete Account
• Email request: contact@weavid.com with subject "GDPR: Right to Erasure"
• Full deletion within 30 days (including backup purge)
• Exceptions: Data subject to legal hold or active abuse investigation (temporary delay only)
• See our Account Deletion Policy for complete details

Right to Restrict Processing

You can request we limit how we process your data:

• Freeze account without deletion (data stored but not processed)
• Limit processing during dispute resolution or investigation
• Contact contact@weavid.com with subject "GDPR: Restrict Processing"

Right to Data Portability

You can transfer your data to another service:

• Export data in structured JSON format
• Includes posts, comments, profile data, media files
• Download available in-app: Settings → Privacy → Download My Data

Right to Object

You can object to certain data processing activities:

• Object to automated decision-making (e.g., feed algorithm personalization)
• Opt out of analytics and research uses
• Contact contact@weavid.com with subject "GDPR: Objection"

Right to Withdraw Consent

Where processing is based on consent, you can withdraw it at any time:

• Manage consents in Settings → Privacy → Manage Permissions
• Withdrawal does not affect the lawfulness of processing prior to withdrawal

Right to Lodge a Complaint

If you believe we've violated your rights:

• Contact us first: contact@weavid.com — we want to resolve issues directly
• If unsatisfied, you can file a complaint with your local Data Protection Authority
• For EU users: Find your Data Protection Authority

Exercising Your Rights

To exercise any GDPR right:

• Email contact@weavid.com with subject "GDPR Request"
• Specify which right you're exercising and provide account details
• We may request identity verification for security
• Response within 30 days (may extend to 60 days for complex requests)
• No fees unless request is manifestly unfounded or excessive

What Cookies We Use

Weavid uses minimal cookies and tracking technologies:

Essential Cookies (Required)

These cookies are necessary for the app to function and cannot be disabled:

• Session Cookies: Keep you logged in during your session (deleted when you close the app)
• Authentication Tokens: Verify your identity and maintain secure login
• Security Cookies: Prevent CSRF attacks and protect against unauthorized access

Functional Cookies (Optional)

These improve your experience and remember your preferences:

• Preference Cookies: Remember settings like theme, language, content filters
• Device Fingerprint: Recognize your device for security alerts (e.g., "new device login")

Analytics Cookies (Optional, Opt-Out Available)

Help us understand how the app is used (aggregated and anonymized):

• Usage Statistics: Page views, feature usage, session duration
• Performance Monitoring: Crash reports, load times, error tracking
• Aggregate Only: Never tied to individual user identity

What We Do NOT Use

• No Advertising Cookies: We don't use cookies for ad targeting or behavioral advertising
• No Third-Party Trackers: No Facebook Pixel, Google Analytics, or other cross-site trackers
• No Fingerprinting: We don't create device fingerprints for tracking purposes (security only)
• No Social Media Pixels: No hidden pixels that track you to other platforms

Managing Cookies

• In-App: Settings → Privacy → Manage Cookies
• Opt-Out: Disable all non-essential cookies (may affect functionality)
• Clear Cookies: Settings → Privacy → Clear Cookies & Cache

Third-Party Services

We use limited third-party services that may set cookies:

• Cloudflare R2: Video delivery (does not track users)
• Exoscale: Infrastructure provider (does not track users)
• These services have their own privacy policies and do not share data with us beyond service provision

Service Providers

We use the following third-party services to operate Weavid:

Infrastructure & Hosting

• Exoscale (Switzerland/Germany): Database and account data hosting
  • GDPR compliant, EU-based, ISO 27001 certified
  • Does not access or process user data; provides infrastructure only
  • Privacy Policy: exoscale.com/privacy
• Cloudflare R2 (Region may vary): Video and media storage
  • GDPR compliant, EU data centers
  • Does not track individual users or access content
  • Privacy Policy: cloudflare.com/privacypolicy

Age Verification (Future Implementation)

When ID verification is implemented, we may use:

• SheerID: Age verification service
  • We send only: username and verification request token
  • SheerID handles ID verification independently
  • We receive only: "verified" or "not verified" response + secure token
  • We do NOT receive or store ID documents or verification details
• ID.me: Alternative age verification service
  • Same data minimization approach as SheerID
  • We only receive verification status, not underlying ID data

Payment Processing (Future Implementation)

If we implement in-app purchases:

• Stripe: Payment processing
  • Handles all credit card data; we never see or store card numbers
  • GDPR compliant, PCI DSS Level 1 certified
  • We receive only: transaction ID, amount, success/failure status

Data Sharing Limitations

• Minimal Data: We share only the minimum data necessary with third parties
• No PII Sharing: Third parties never receive your encrypted PII (email, phone, real name)
• No Marketing: We do not share data with marketing or advertising platforms
• Contractual Protections: All service providers sign Data Processing Agreements (DPAs) with strict data protection requirements
• GDPR Compliance: All processors are GDPR compliant and located in the EU or have Standard Contractual Clauses

Links to External Sites

• Weavid may contain links to external websites (e.g., in user posts)
• We are not responsible for the privacy practices of external sites
• External sites have their own privacy policies and terms
• We do not track your activity on external sites

Creator Protection

We take intellectual property rights seriously and protect creators:

Automatic Attribution

• Stitches & Duets: Automatically tag original creators; attribution cannot be removed
• Watermarks: Downloaded videos include visible @username watermark
• Reupload Detection: Perceptual hashing detects reuploaded content and auto-credits original creator

DMCA Takedown Process

If your copyrighted work has been posted without permission:

Filing a DMCA Notice

Send a written notice to contact@weavid.com with subject "DMCA Takedown Notice" including:

• Your physical or electronic signature
• Identification of the copyrighted work claimed to be infringed
• Identification of the infringing material and its location on Weavid (URL or username)
• Your contact information (address, phone, email)
• Statement that you have a good faith belief the use is unauthorized
• Statement that the information is accurate and, under penalty of perjury, you are authorized to act on behalf of the copyright owner

Our Response

• We will review your notice within 2-3 business days
• If valid, we will remove the infringing content and notify the uploader
• The uploader may file a counter-notice if they believe the claim is invalid
• Repeat copyright infringers will have their accounts terminated

Counter-Notification

If your content was removed and you believe it was a mistake or fair use:

• Send a counter-notice to contact@weavid.com
• Include: your signature, identification of removed content, statement under penalty of perjury that removal was mistake, your contact info, consent to jurisdiction
• We will forward your counter-notice to the original complainant
• If they do not file a lawsuit within 10-14 business days, we may restore your content

Three-Strike Policy

• First Strike: Content removed, warning issued
• Second Strike: 7-day posting restriction
• Third Strike: Permanent account termination
• Strikes expire after 90 days if no new violations occur

Our Commitment

While we implement robust security measures, no system is completely invulnerable. In the unlikely event of a data breach:

Detection & Response

• 24/7 Monitoring: Automated intrusion detection and security monitoring
• Incident Response Team: Dedicated team on call 24/7 for security incidents
• Immediate Investigation: Security incidents investigated within 1 hour of detection
• Containment: Affected systems isolated immediately to prevent further exposure

User Notification

If a breach affects your data, we will notify you:

• Within 72 Hours: GDPR requires notification within 72 hours; we aim for 24 hours
• Notification Method: Email to your registered address + in-app alert + public disclosure
• Information Provided:
  • Nature of the breach (what systems were affected)
  • Types of data potentially exposed
  • Estimated number of users affected
  • Steps we've taken to contain and remediate
  • Steps you should take to protect yourself
  • Contact information for questions

Regulatory Notification

• We will notify relevant Data Protection Authorities as required by GDPR
• We will cooperate fully with regulatory investigations
• We will report to law enforcement if criminal activity is suspected

Post-Breach Actions

• Security Audit: Comprehensive third-party security audit after any breach
• System Hardening: Implement additional security measures to prevent recurrence
• Transparency Report: Public post-mortem report (anonymized) detailing cause and remediation
• User Support: Dedicated support team to answer user questions and concerns

Limited Exposure Design

Our architecture minimizes breach impact:

• Client-Side Encryption: Your PII is encrypted with keys we don't have; breaches cannot expose it
• E2EE DMs: Even if servers are compromised, your messages remain encrypted
• Separation of Concerns: Videos and identity data are separate; breach of one doesn't expose the other
• 30-Day Key Rotation: Even if keys are compromised, exposure is limited to recent data

Policy Updates

We may update this Terms of Service and Privacy Policy from time to time to:

• Reflect changes in our practices or services
• Comply with new legal requirements
• Improve clarity or transparency
• Add new features or functionality

Notification of Changes

Material Changes:

• We will notify you via email at least 30 days before material changes take effect
• In-app notification banner will appear when you next open the app
• Push notification alerting you to review updated terms
• Public announcement on our website and social media

Minor Changes:

• Non-material changes (e.g., typo corrections, clarifications) may be made without advance notice
• "Last Updated" date at the top of this document will always reflect the most recent change
• You can view change history on our website

Your Options

• Accept Changes: Continued use of the Service after changes take effect constitutes acceptance
• Reject Changes: If you disagree with material changes, you may delete your account before the effective date
• Request Information: Contact us at contact@weavid.com with questions about changes

Change Log

We maintain a public change log of all policy updates:

• Available at: [website]/privacy-changelog
• Shows: date of change, summary of changes, reason for update
• Retained for 5 years for transparency

Voluntary Termination (Your Choice)

You may delete your account at any time:

• See our Account Deletion Policy for complete details
• In-app: Settings → Account Management → Delete Account
• Email: contact@weavid.com with subject "Delete Account"
• Full data deletion within 30 days (including backup purge)

Involuntary Termination (Our Decision)

We may suspend or terminate your account if:

• You violate these Terms of Service or Acceptable Use Policy
• You engage in illegal activity
• Your account is used for fraud, spam, or abuse
• You repeatedly violate copyright or intellectual property rights
• You create multiple accounts to circumvent restrictions
• We are required to do so by law or court order

Suspension vs. Termination

Suspension (Temporary):

• Account access blocked for specified period (7-30 days)
• Data retained; account reinstated after suspension period
• Used for moderate violations or pending investigations

Termination (Permanent):

• Permanent account closure; no reinstatement
• Used for severe or repeated violations
• Data deleted per our standard deletion process (30 days)
• You may be prohibited from creating new accounts

Notice & Appeal

• We will notify you via email if your account is suspended or terminated
• Notification will include reason for action and duration (if suspension)
• You may appeal within 14 days by contacting contact@weavid.com
• Appeals reviewed by different staff than original decision
• Appeal decisions final

Effects of Termination

Upon termination (voluntary or involuntary):

• You immediately lose access to your account and data
• Your public content may be removed from the platform
• Subscriptions and purchases are immediately cancelled (no refunds)
• Your data will be deleted per our deletion policy within 30 days
• These Terms remain in effect for any disputes or legal matters

Informal Resolution

Before pursuing formal dispute resolution, we encourage you to contact us:

• Email: contact@weavid.com
• Describe the issue and your desired resolution
• We will make good faith efforts to resolve disputes informally within 30 days

Governing Law

• European Users: Governed by the laws of Switzerland and EU regulations (GDPR)
• Non-European Users: Governed by the laws of Switzerland
• All disputes subject to jurisdiction of Swiss courts or your local courts where applicable under GDPR

Arbitration (Where Permitted)

If informal resolution fails, disputes may be resolved through binding arbitration:

• Arbitration conducted under Swiss Rules of International Arbitration
• Arbitration location: Zurich, Switzerland (or remote/online if agreed)
• Each party responsible for their own costs unless arbitrator decides otherwise
• Arbitration decision is final and binding

Exceptions to Arbitration:

• Small claims court cases (below jurisdictional threshold)
• Injunctive relief (e.g., to stop ongoing harm)
• Intellectual property disputes
• EU consumers retain right to bring claims in local courts per GDPR

Class Action Waiver

Where legally enforceable:

• You agree to resolve disputes individually, not as part of a class action
• You waive the right to participate in class-action lawsuits or class-wide arbitration
• Exception: This waiver does not apply where prohibited by law (e.g., many EU jurisdictions)

Limitation of Liability

• To the maximum extent permitted by law, Weavid's total liability shall not exceed the greater of: (a) €100, or (b) the amount you paid us in the past 12 months
• We are not liable for indirect, incidental, consequential, or punitive damages
• These limitations do not apply to liability that cannot be excluded by law (e.g., personal injury, fraud, gross negligence)

Indemnification

You agree to indemnify and hold Weavid harmless from:

• Your violations of these Terms or applicable law
• Your content or actions that infringe others' rights
• Claims by third parties arising from your use of the Service
• Any breach of your representations and warranties

Get in Touch

We're here to help with questions, concerns, or feedback:

Company Information

Legal Entity: [Company Name TBD]

Registered Address: [Switzerland or EU jurisdiction — to be finalized]

Company Registration: [Number TBD]

Data Protection Officer: [To be appointed]

Response Times

• General Inquiries: 2-3 business days
• Security/CSAM Reports: 1 hour (immediate review)
• GDPR Requests: 30 days (may extend to 60 days for complex requests)
• DMCA Notices: 2-3 business days
• Abuse Reports: 24-48 hours (CSAM: 1 hour)