Who We Are
WeaveRev ("we", "us", "our") is an AI-powered reputation management platform for local businesses. We operate at weavrev.com and provide tools that help business owners monitor Google reviews, analyse sentiment, draft AI-generated responses, and benchmark competitors.
For the purposes of applicable data protection law, WeaveRev is the data controller in respect of any personal data we process about you or your customers.
Data We Collect
We collect data in three ways: information you give us directly, information fetched from Google via our data partner Outscraper, and information generated by our AI systems.
| Category | What we store | Source |
|---|---|---|
| Account data | Email address, encrypted password | You, at signup |
| Business data | Business name, type, location, Google place ID, Google rating, total review count | You, during onboarding |
| Review data | Review text, reviewer display name, star rating, review date, AI-assigned sentiment | Google (via Outscraper) |
| Competitor data | Competitor business name, location, Google rating, competitor review text and ratings | Google (via Outscraper) |
| AI-generated data | Category clusters, business insights, intelligence reports, period comparison summaries, reputation scores | Generated by our system |
| Usage data | Pages visited, feature interactions, error logs, timestamps | Automatically, via your browser |
A note on reviewer data: When we fetch your Google reviews, we store the reviewer's display name and their written review text. These individuals are customers of your business who posted their reviews publicly on Google. They have not directly interacted with WeaveRev. We store this data solely to provide you with reputation analysis services.
How We Use Your Data
We use the data we collect for the following purposes:
-
Reputation analysis Your reviews are processed to calculate sentiment scores, reputation scores, category clusters, and trend analysis. This is the core service you signed up for.
-
AI-powered insights Review text is sent to Anthropic's Claude API to generate business insights, intelligence reports, review response drafts, and period comparison summaries. Review content is transmitted to Anthropic solely to fulfil your request and is governed by Anthropic's API terms.
-
Authentication & account management Your email is used to create and manage your account, send confirmation emails, and enable password recovery.
-
Product improvement Aggregated, anonymised usage data helps us understand which features are used most and where the product can be improved. We do not sell or share this data.
-
Service communications We may email you about significant changes to the service, security notices, or billing. We do not send marketing emails without explicit consent.
Third-Party Services
WeaveRev relies on the following third-party services to operate. Each acts as a data processor on our behalf, meaning they handle data only under our instructions and for the purposes described below.
Supabase
Database & Authentication
All user data, business data, and review data is stored in Supabase's hosted PostgreSQL database. Supabase also manages authentication. Data is stored on servers within the United States or EU depending on your project region. Supabase is SOC 2 compliant.
Anthropic / Claude
AI Analysis & Response Drafting
Review text and business context is sent to Anthropic's Claude API to generate insights, intelligence reports, and response drafts. Anthropic does not use API-submitted data to train models by default. Data is transmitted over TLS and subject to Anthropic's API data processing terms.
Outscraper
Google Review Data Collection
Outscraper fetches Google reviews on our behalf using your business's Google Place ID. Only publicly available review data is retrieved. Outscraper is the entity that interacts directly with Google's infrastructure. We pass your place ID to Outscraper; no personal account credentials are shared.
Vercel
Hosting & Serverless Functions
WeaveRev's frontend and API functions are hosted on Vercel's edge network. Vercel processes request data (IP addresses, headers) in the course of serving the application. Vercel is SOC 2 Type 2 compliant and GDPR-ready.
We do not use any advertising networks, data brokers, or analytics platforms that track you across the web. No third party receives your data for their own commercial purposes.
Data Retention
We retain data only for as long as it is necessary to provide you with the service or as required by law.
| Data type | Retention period |
|---|---|
| Account data (email, password hash) | Until account deletion |
| Business data | Until business or account deletion |
| Review data (including reviewer names) | 12 months from the date the review was fetched, or until account deletion |
| Competitor review data | 12 months from fetch date, or until account deletion |
| AI-generated reports & insights | Until account deletion |
| Usage logs | 90 days |
When you delete your account, we initiate a full data purge: competitor reviews, competitor records, intelligence reports, analysis snapshots, insights, review categories, reviews, and business records are deleted in dependency order. Your Supabase authentication record is then permanently removed. This process is irreversible.
Your Rights
Depending on where you are located, you may have the following rights regarding your personal data. We honour these requests regardless of your jurisdiction.
-
Right of access You can request a copy of the personal data we hold about you. Email us at privacy@weavrev.com and we will respond within 30 days.
-
Right to rectification If any data we hold about you is inaccurate, you can update your business details directly within the app, or contact us to correct account-level data.
-
Right to erasure You can delete your entire account and all associated data from Alert Settings → Danger Zone → Delete Account within the app. Deletion is permanent and immediate.
-
Right to data portability You can export your reviews as a CSV from the Dashboard at any time. For a full data export, contact us at privacy@weavrev.com.
-
Right to object You may object to our processing of your data for any purpose other than providing the core service. Contact us and we will assess and respond to your objection within 30 days.
-
Right to restriction You may request that we restrict processing of your data while a dispute or objection is being resolved.
EU/UK residents: If you are located in the European Economic Area or United Kingdom, the General Data Protection Regulation (GDPR / UK GDPR) applies to our processing of your data. Our lawful basis for processing is legitimate interests (providing the reputation management service you have requested) for review data, and contract performance for account data. If you believe we have not complied with your rights, you have the right to lodge a complaint with your local supervisory authority.
California residents: Under the California Consumer Privacy Act (CCPA), you have the right to know what personal information we collect, the right to delete it, and the right to opt out of sale (we do not sell personal information).
Security
We take reasonable technical and organisational measures to protect your data from unauthorised access, loss, or disclosure.
Specifically: all data is transmitted over TLS (HTTPS). Passwords are hashed by Supabase's authentication system and never stored in plain text. Database access is restricted by Row Level Security policies — meaning your data is only accessible to your authenticated account. API keys (Outscraper, Anthropic) are stored as server-side environment variables and never exposed to the browser.
No method of transmission over the internet is 100% secure. In the event of a data breach that affects your personal data, we will notify affected users within 72 hours of becoming aware, in accordance with applicable law.
Cookies & Local Storage
WeaveRev uses browser localStorage (not traditional cookies) to persist session state — specifically your active business selection and the last page you visited. This data never leaves your browser and is not transmitted to our servers.
Supabase sets a session cookie (sb-auth-token) to maintain your login session. This is a strictly necessary cookie required to operate the service. It contains a secure session token and expires when you sign out or after 7 days of inactivity.
We do not use analytics cookies, advertising cookies, or any third-party tracking cookies. We do not use Google Analytics, Facebook Pixel, or any equivalent tracking tools.
Children's Privacy
WeaveRev is a business tool intended for use by adults operating local businesses. We do not knowingly collect personal data from anyone under the age of 16. If you believe a minor has provided us with personal information, please contact us at privacy@weavrev.com and we will delete it promptly.
Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. For material changes that significantly affect how we use your data, we will notify you by email at least 14 days before the changes take effect.
Your continued use of WeaveRev after changes take effect constitutes acceptance of the updated policy. If you do not agree with changes, you may delete your account at any time from Alert Settings within the app.
Contact Us
If you have questions about this Privacy Policy, want to exercise your data rights, or have a privacy concern, please reach out: