1. Introduction

WeAlign is operated by Andrew Robinson trading as WeAlign ("we", "us", or "our"). We are committed to protecting your privacy and handling your personal data responsibly.

This Privacy Policy explains how we collect, use, and protect your personal data when you use our website and services at wealign.io and app.wealign.io.

We are the data controller for the personal data we process. If you have any questions about this policy or your data, please contact us at support@wealign.io.

2. Data We Collect

Account Information

When you create an account, we collect your email address and name. If you sign up using Google authentication, we receive your basic profile information from Google.

Brief Content

We store the project briefs you create, including project details, client information, timelines, budgets, and any files you upload (images, PDFs, documents).

Payment Information

We use Stripe to process payments. We do not store your full payment card details on our servers. Stripe handles all payment processing securely and provides us with limited information such as the last four digits of your card and billing address for invoice purposes.

Usage Data

We collect anonymous analytics data about how you use our service to improve the user experience. This includes pages visited and general usage patterns, but not personal identifiers.

Communications

If you contact us or subscribe to our newsletter, we store your email address and any messages you send us.

3. How We Use Your Data

We use your personal data to:

Provide and maintain our service, including AI-powered brief generation
Process your subscription payments
Send you transactional emails (account confirmations, brief notifications, client comments)
Send you marketing emails if you've opted in (you can unsubscribe anytime)
Respond to your support requests
Improve our service based on usage patterns
Comply with legal obligations

4. Legal Basis for Processing

Under UK GDPR, we process your data based on the following legal grounds:

Contract: Processing necessary to provide the service you've signed up for
Legitimate interests: Improving our service, preventing fraud, and ensuring security
Consent: Marketing emails and newsletter subscriptions (which you can withdraw at any time)
Legal obligation: Retaining certain records for tax and accounting purposes

5. Third-Party Services

We use the following trusted third-party services to operate WeAlign:

Supabase

Database hosting, user authentication, and file storage. Data is stored securely in the EU.

OpenAI

Powers our AI brief generation. Brief content is processed to generate suggestions but is not used to train AI models.

Stripe

Secure payment processing. Stripe is PCI-DSS compliant and handles all payment card data.

Resend

Transactional email delivery for account notifications and brief updates.

MailerLite

Newsletter and marketing email management. Only used if you opt in to marketing communications.

Umami

Privacy-focused website analytics. Does not use cookies or collect personal data.

6. Data Retention

We retain your data for as long as necessary to provide our service:

Account data: Retained while your account is active and for 30 days after deletion
Briefs and content: Retained while your account is active. You can delete individual briefs at any time
Payment records: Retained for 7 years to comply with UK tax regulations
Support communications: Retained for 2 years to help with ongoing support
Newsletter subscriptions: Until you unsubscribe

7. Your Rights

Under UK GDPR, you have the following rights:

Right of access: Request a copy of the personal data we hold about you
Right to rectification: Request correction of inaccurate data
Right to erasure: Request deletion of your data (subject to legal retention requirements)
Right to restrict processing: Request we limit how we use your data
Right to data portability: Request your data in a machine-readable format
Right to object: Object to processing based on legitimate interests
Right to withdraw consent: Withdraw consent for marketing at any time

To exercise any of these rights, please contact us at support@wealign.io. We will respond within one month.

8. Cookies & Analytics

We use minimal cookies that are essential for the service to function:

Authentication cookies: Keep you logged in to your account
Session cookies: Remember your preferences during a browsing session

We use Umami for website analytics, which is a privacy-focused solution that does not use cookies or collect personal data. It only provides anonymous, aggregated statistics about page views and general usage patterns.

9. International Transfers

Some of our third-party service providers are based outside the UK. When we transfer data internationally, we ensure appropriate safeguards are in place:

Standard Contractual Clauses approved by the UK ICO
Transfers to countries with adequate data protection laws
Service providers with appropriate security certifications

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by email or by posting a notice on our website. We encourage you to review this policy periodically.

11. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact us:

Email: support@wealign.io

Data Controller: Andrew Robinson trading as WeAlign

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.