Privacy Policy

1. Introduction

WEAVEONE LIMITED ("WeaveONE," "we," "our," or "us") provides a digital platform designed to connect children, parents, educators, and professionals with tools for communication, emotional expression, and collaborative support for neurodivergent children ("Services").

This Privacy Policy applies to information we collect when you use our Services, including our website, mobile applications, and related online services.

We take special precautions regarding children's data and comply with applicable children's privacy laws, including the UK Data Protection Act 2018, the EU General Data Protection Regulation (GDPR), and the Age Appropriate Design Code (Children's Code) established by the UK Information Commissioner's Office.

2. Information We Collect

2.1 Information You Provide

When you register for and use our Services, we may collect the following types of information:

• Account Information: Name, email address, password, and profile information.
• Child's Information: Name, age, developmental information, interests, and special needs.
• User Content: Information you input into the platform, such as journal entries, notes, documents, schedules, mood tracking data, and communication messages.
• Health Information: Information about specific conditions, therapies, medications, and other health-related information you choose to share.
• Visual Media: Photos or videos you upload to document events, behaviours, or progress.
• Communication Information: Messages, comments, and other information you provide when communicating with other users.
• Support Information: Information you provide when contacting our customer support.

2.2 Information Collected Automatically

When you use our Services, we may automatically collect certain information about your device and usage, including:

• Device Information: Hardware model, operating system, unique device identifiers, mobile network information.
• Log Information: Usage details, IP address, browser type, pages visited, time spent on pages, clickstream data.
• Usage Information: How you use our features, frequency of use, and patterns of interaction.
• Location Information: General location based on IP address (not precise GPS location unless explicitly permitted).
• Cookies and Similar Technologies: Information collected through cookies, web beacons, and similar technologies as described in our Cookie Policy.

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our Services.
• Create and update your account.
• Process transactions and send related information.
• Send notifications, updates, security alerts, and support messages.
• Respond to your comments, questions, and requests.
• Understand user preferences to enhance user experience.
• Develop new features and services.
• Monitor and analyse trends, usage, and activities in connection with our Services.
• Detect, investigate, and prevent fraudulent transactions and other illegal or unauthorised activities.
• Protect the rights, privacy, safety, and property of WeaveONE, our users, and others.
• Comply with legal obligations.

4. Legal Basis for Processing (EU/UK Users)

For users in the European Union and United Kingdom, we process your personal information on the following legal bases:

• Contractual Necessity: To fulfil our contractual obligations to you, including providing our Services.
• Consent: When you have given us specific consent to process your data, such as for sending marketing communications.
• Legitimate Interests: To further our legitimate interests in ways that are not overridden by your interests or fundamental rights and freedoms.
• Legal Obligation: To comply with legal requirements.

For children's data, we primarily rely on explicit parental consent as our legal basis for processing, in accordance with Article 8 of the GDPR and the UK Data Protection Act 2018.

5. Children's Privacy

Our Services are designed to be used by children under parental supervision. We take special precautions to protect the privacy of children under 16 years of age.

5.1 Parental Consent

We require verifiable parental consent before collecting personal information from children under 16. Methods for obtaining parental consent may include:

• Email verification linked to a payment method.
• Electronic signature on a consent form.
• Phone verification.
• Identity verification through government ID where appropriate.

5.2 Parental Controls and Access

Parents can review, edit, and delete their child's personal information at any time through their parent account. Parents can also control who has access to their child's information and which features their child can use.

5.3 Limited Collection Principle

We only collect as much information about a child as is reasonably necessary for the child to participate in our Services. We do not condition a child's participation on the collection of more personal information than is reasonably necessary.

6. Data Sharing and Disclosure

We may share your information in the following circumstances:

6.1 With Your Consent

We share your information with third parties when you give us consent to do so. For example, when you choose to share information with teachers, professionals, or other members of your child's care circle.

6.2 Service Providers

We share information with vendors, consultants, and other service providers who need access to such information to carry out work on our behalf. These service providers are contractually bound to protect your data and can only use it for specified purposes.

6.3 AI Sub-processors

For our AI-powered analysis features (such as EHCP Forensic Audits), we use Anthropic (Claude Sonnet) to process document text. We implement automated pre-processing to redact Personal Identifiable Information (PII) before it is sent to AI sub-processors. Anthropic is contractually prohibited from using your data to train their models.

6.4 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).

6.5 Business Transfers

In connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business, user information may be one of the transferred assets. You will be notified via email and/or a prominent notice on our website of any change in ownership or uses of your personal information.

6.6 Protection of Rights

We may disclose information where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, or violations of our Terms of Service.

7. Data Retention

We retain your personal information for as long as necessary to provide the Services you have requested, or for other essential purposes such as complying with our legal obligations, resolving disputes, and enforcing our policies.

If you delete your account, we will delete or anonymise your personal information within 30 days, except where we are required to retain it for legal purposes. Some information may remain in encrypted backups for up to 6 months, after which it is permanently deleted during our regular backup rotation.

8. Data Security

We implement appropriate technical and organisational measures to protect the security of your personal information, including:

• Encryption of data in transit and at rest.
• Regular security assessments and penetration testing.
• Access controls and authentication mechanisms.
• Staff training on data protection and security practices.
• Physical and environmental security measures for our servers.
• Regular backups and disaster recovery procedures.

While we strive to use commercially acceptable means to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. Therefore, we cannot guarantee its absolute security.

9. International Data Transfers

WeaveONE is based in the United Kingdom, and your information may be processed and stored in the UK and other countries where we or our service providers operate. If we transfer personal data from the European Economic Area, UK, or Switzerland to countries that have not been deemed to provide an adequate level of data protection, we use legal mechanisms such as Standard Contractual Clauses to protect your data.

10. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information. These may include:

• Access: You can request a copy of the personal information we hold about you.
• Rectification: You can request that we correct inaccurate or incomplete information.
• Deletion: You can request that we delete your personal information in certain circumstances.
• Restriction: You can request that we restrict the processing of your information in certain circumstances.
• Data Portability: You can request a copy of your data in a structured, commonly used, and machine-readable format.
• Objection: You can object to our processing of your information in certain circumstances.
• Withdrawal of Consent: You can withdraw consent you have previously given.
• Complaint: You have the right to lodge a complaint with a supervisory authority.

To exercise these rights, please contact us using the details provided in the "Contact Us" section below.

10.1 Parental Rights Regarding Children's Data

Parents or legal guardians can:

• Review their child's personal information.
• Request to have it deleted.
• Refuse further collection or use of their child's information.
• Update their child's information through the parent dashboard.
• Change consent settings at any time.

11. Cookies and Similar Technologies

We use cookies and similar technologies to collect information about how you interact with our Services and to help us improve your experience. You can control cookies through your browser settings and other tools.

12. Links to Other Websites and Services

Our Services may contain links to other websites or services that are not operated by us. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the privacy policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date at the top. For significant changes, we will provide a more prominent notice, which may include email notification. We encourage you to review this Privacy Policy periodically for any changes.

14. Data Protection Officer

We have appointed a Data Protection Officer (DPO) responsible for overseeing questions regarding this Privacy Policy. If you have any questions about this Privacy Policy, including any requests to exercise your legal rights, please contact our DPO using the details provided below.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at: