Privacy Policy

reweave is operated by reweave Inc., a 501(c)(3) educational nonprofit registered in the United States (EIN 46-1877873). for privacy purposes, we are the data controller for personal information we collect from you on reweave, except for student data submitted by schools (see Schools and students).

for any privacy matter, email [email protected]. we do not yet have a formal Data Protection Officer given our size, but the privacy@ inbox is our designated contact for all privacy questions, requests, and incidents.

Account information. when you create an account: your email address, a hashed credential (or magic-link auth token), and the display name you choose.

Profile preferences. notification preferences, locale, accessibility settings.

Usage information. what searches you run, what films you view, what lessons you generate and save, when. tied to your account so we can serve your library back to you and enforce monthly caps.

Lesson content. the lessons you weave, titles, notes, and saves.

Notebook entries (encrypted blobs only). if you use the reflection notebook, your entries are encrypted on your device before they reach us. we store the encrypted blob, your encrypted key envelope, and metadata like dates and prompt types. we cannot read the contents. see the Security section for what this means in practice.

Technical information. IP address (kept briefly for security and abuse prevention), browser type, device type, approximate location from IP at city level, referrer.

Communications. if you email us, we keep that email so we can answer it and reference it later.

Payment information (paid subscribers only). Stripe handles your card. we receive a subscription identifier, status, and the last 4 digits, never the full card number.

• student personal information. we do not want or need this. teachers must not enter student names, photos, IDs, addresses, or other identifiers into the weaver.
• your contacts, calendar, files, photos. we don't request these browser permissions.
• biometric data. none.
• precise geolocation (lat/lon). only city-level from IP.
• third-party advertising or tracking IDs. none.
• special category data as defined under GDPR (race, religion, health, sexual orientation, etc.). we do not solicit, infer, or process special category data.

• operate the service: keep you logged in, run searches, generate lessons, serve films
• bill paid subscribers via Stripe
• answer your support emails
• improve the service by looking at aggregate, de-identified usage patterns
• send occasional product updates and newsletter emails if you opt in — we use EmailOctopus as our email platform. you can unsubscribe from any email we send, or update preferences in /account
• prevent abuse, fraud, and spam
• comply with legal obligations
• nonprofit research, only on aggregated and de-identified data, never on identifiable data

we do not use your personal information for advertising. we do not sell or rent it. we do not use AI to make automated decisions that produce legal or similarly significant effects on you.

under GDPR and UK GDPR, we process your personal data on these bases:

• contract: to provide the service you signed up for
• legitimate interests: site security, abuse prevention, basic cookieless analytics, service improvement, always weighed against your rights and freedoms
• consent: where you opt in to marketing emails or research participation
• legal obligation: when required by law (tax records, valid law enforcement requests)

you can withdraw consent at any time without affecting the lawfulness of prior processing.

we use a small set of trusted vendors. each is contractually bound to protect your data. each receives only what it needs to do its job.

• Cloudflare: hosting, CDN, bot protection, and cookieless edge web analytics. privacy policy
• Supabase — authentication and database. privacy policy
• Anthropic — Claude API powering the weaver and Pro Search. privacy policy
• Stripe — subscription payments. privacy policy
• Resend — transactional and auth emails. privacy policy
• Cloudflare Stream — film hosting and delivery. part of our existing Cloudflare infrastructure. no advertising or tracking cookies. Cloudflare privacy policy

we may also disclose data:

• to law enforcement when legally required (we will push back on overbroad requests when we can)
• in connection with a merger, acquisition, or sale of assets, with notice to you
• to protect rights, safety, or property of reweave, our users, or the public

we do not share your data with advertisers or data brokers, ever.

reweave Pro can be purchased as a team plan for a school, district, or organization. team plans change who can see what about your account, but the limits below are strict.

what your team admin can see. if you are a member of a reweave team, the person who administers that team can see your name, your email address, and the date you joined the team. that is all. they cannot see your journal entries, your film viewing history, your saved films, or any notes you have written. that data is private to you.

leaving a team. you can leave a team at any time from your account. when you leave, you are removed from the administrator's view immediately. your journal, notes, and viewing history stay yours and stay private.

PO and district plans. when a district or organization purchases a team plan via purchase order, we store the billing contact's name, email, and organization name to process payment and provision access. this information is used only for billing and account setup. it is not shared with third parties.

schools and COPPA / FERPA. we do not want or need student personal information. our school posture is set out in our terms: teachers and administrators are the account holders, and students do not need accounts. teachers must not enter student names, photos, or other identifying information into the weaver or search.

we are a US-based nonprofit. several of our vendors are also in the United States. if you are in the EU, UK, or another country with cross-border data protection rules, your data may be transferred to and processed in the US.

for EU and UK transfers we rely on Standard Contractual Clauses (SCCs) and the EU-US Data Privacy Framework where applicable, plus supplementary measures: TLS encryption for transfers, vendor selection that prefers EU-hosted options where reasonable, and access controls that limit what each vendor can see.

• account data: while your account is active, plus a short reconciliation window after deletion
• usage logs: 12 months rolling
• generated lessons: until you delete them
• email correspondence: 24 months
• payment records: as required by tax and accounting law (typically 7 years)
• backups: full purge within 90 days of a deletion request

if you have been completely inactive for 24 months, we may email you and then delete the account if you do not respond.

schools as controllers. when a school or district uses reweave, the school is the controller of any student-related data. reweave acts as a service provider on the school direction, in line with FERPA and applicable state student privacy laws.

COPPA. reweave is a teacher-and-learner platform. we do not knowingly collect personal information from children under 13 outside of a school context with verifiable parental consent. teachers must not enter student names, photos, IDs, or any identifier into the weaver. if we learn we have collected info from a child under 13 without proper consent, we delete it promptly. parents or schools can request deletion at [email protected].

FERPA. where reweave is used by US K-12 schools, we recognize that student records may constitute education records protected under FERPA. we treat any such records as confidential, do not disclose them except as directed by the school, and do not retain them beyond what the school directs.

Data Processing Agreements (DPAs). schools and districts that need a written DPA can email [email protected].

state laws. we comply with applicable state student privacy laws including SOPIPA (California) and similar regimes in other states.

everyone (regardless of where you live) has these rights with us:

• access: request a copy of your data
• correct: fix what is wrong
• delete: ask us to delete your account and content (or use the delete button in /account)
• export: download a structured copy of your data (available in /account)

to exercise any right, email [email protected]. we respond within 30 days, faster when we can.

EU and UK (GDPR and UK GDPR) — additional rights:

• portability: receive your data in a machine-readable format
• restrict processing
• object to processing based on legitimate interests
• lodge a complaint with your supervisory authority. in the UK that is the ICO (ico.org.uk); in the EU it is your country DPA.
• not be subject to solely automated decision-making with legal effects (we do not do this anyway)

California (CCPA / CPRA) — additional rights:

• right to know what personal information we have
• right to delete personal information
• right to correct inaccurate information
• right to limit use of sensitive personal information (we do not process sensitive PI for non-essential purposes)
• right to opt out of sale or sharing: we do not sell or share personal information as those terms are defined under CCPA, so there is nothing to opt out of, but the right exists if our practices ever change
• right to non-discrimination: we will not penalize you for exercising your privacy rights
• authorized agents: you can have someone act on your behalf; we will verify

we do not provide a "Do Not Sell My Personal Information" link because we do not sell. if that ever changes, we will add one and tell you first.

Brazil (LGPD), Canada (PIPEDA), Australia, India (DPDP), South Africa (POPIA) and similar regimes — we honor reasonable rights requests under any applicable law. email [email protected] and tell us your country of residence.

see our cookie notice for the full breakdown. very short version: cookieless edge web analytics (Cloudflare), strictly-necessary auth tokens (Supabase, in browser localStorage), Cloudflare bot management, and third-party cookies set when you check out via Stripe. no advertising, no cross-site tracking, no data brokers.

we use industry-standard practices:

• TLS encryption for all data in transit
• encrypted storage at rest where vendors offer it
• role-based access controls
• limited employee and contractor access on a need-to-know basis
• regular review of security practices

Your notebook gets a stronger guarantee. Notebook entries are encrypted on your device with a key derived from your password using PBKDF2 and AES-GCM. The unencrypted contents of your entries never reach our servers. We literally do not hold the key, and we cannot decrypt your notebook even if we wanted to or were asked to. This is sometimes called end-to-end encryption.

What that means in practice:

• If you forget your password, you can reset it with email like any other account.
• If you forget your password and lose your recovery phrase, your notebook contents are permanently unrecoverable. We cannot restore them. We don't have a backup of your unencrypted entries because they never existed on our side.
• If we receive a legal request for your notebook contents, we can only hand over encrypted blobs that are useless without your key.

This is the tradeoff. You get true privacy. The price is that you are responsible for your own recovery phrase. We strongly recommend writing it down somewhere physical and adding a verified backup email so you have a second path to reset your password.

your account credentials (email, password hash, profile info) are managed by Supabase Auth and protected with industry-standard hashing. session tokens are short-lived. you can sign out on every device at any time from your account settings.

no system is perfect. if you spot a vulnerability or suspect a breach, email [email protected]. we will respond fast. in the event of a personal data breach affecting you, we will notify you and applicable regulators in line with the law.

the weaver and Pro Search use Anthropic Claude API. your prompts and selected story content are sent to Anthropic over an encrypted connection so the model can generate output. Anthropic processes this data under their commercial API terms and does not use API inputs or outputs to train their models. we minimize identifying information in prompts. we do not use AI to profile you or to make automated decisions with legal effects.

the reweave app (listed on the App Store as "Reweave: Curiosity Journal") is a separate iOS app we make. it has a different privacy posture from the website because almost nothing leaves your phone. an Android version is planned but not yet released.

What stays on your device. the people you have met, the visit history we use to rotate stories over time, the reflections you write, any photos you save with the Pro photo feature, your subscription tier, and your onboarding flag. all of it lives in local app storage on your phone. we do not have a server that receives any of it. clearing the journal from in-app settings wipes that local data; uninstalling the app does the same.

What does leave your device. two things, both standard CDN traffic. story media (GIFs and short videos of the people featured) loads from assets.reweave.org and Cloudflare Stream. and purchase status is verified with the App Store and our subscription tooling, RevenueCat. that is the entire network footprint.

No analytics, no tracking. the app has no analytics SDK. no crash reporting in v1. no cross-app identifiers. we cannot tell who is using the app, how often, or which person they sat with. we built it that way on purpose.

Purchases. reweave Pro is an optional subscription or one-time purchase. Apple processes the payment; RevenueCat manages entitlement state for us. we receive only an anonymous purchase status, not your Apple ID, name, or card. before any in-app purchase, a parental gate (a single-digit math problem) appears, in line with App Store guidelines for content that may reach younger users.

Children. the app collects no personal data from anyone, children included. there is no sign-up, no email field, no profile. the parental gate exists to protect underage users from accidental purchases.

Contact. for anything about the reweave app, email [email protected]. general privacy requests still go to [email protected].

we may update this policy. material changes will be flagged at the top of this page with a new "Updated" date and emailed to active subscribers when we can. non-material changes are noted by the date alone. continued use of reweave after a change means you accept the updated policy.

real emails reach real people:

• privacy and data requests: [email protected]
• security incidents: [email protected]
• school agreements (DPA): [email protected]
• general support: [email protected]
• legal notices: [email protected]

for the agreement to use reweave, see our terms of use. for cookies, see our cookie notice.