Privacy Policy

Weston AI, Inc.

meetweston.com
Last Updated: April 2026 · Version 1.0

Weston AI, Inc. (“we,” “us,” or “our”) operates the Weston platform available at meetweston.com (the “Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. Please read this policy carefully. By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

1. Information We Collect

1.1 Information You Provide Directly

Account information. When you sign in using Google OAuth, we receive your name, email address, and profile picture from your Google account. We do not receive or store your Google password.

Deal emails. When you forward deal emails to our processing address (weston@deal.meetweston.com), we receive and store the email content, attachments, sender information, and metadata to provide the Service.

WhatsApp messages. If you use our WhatsApp integration to submit deals or communicate with the Service, we receive and store the message content, media attachments, your WhatsApp phone number, and associated metadata. This information is processed in the same manner as deal emails to provide analysis and responses.

1.2 Information Collected Automatically

Usage data. We may collect information about how you access and use the Service, including your IP address, browser type, operating system, referring URLs, pages viewed, and timestamps.

Cookies and similar technologies. We use essential cookies to manage your authentication session. We do not use advertising or tracking cookies.

1.3 Information from Third-Party Services

Google OAuth. We use Google’s OAuth 2.0 protocol solely for authentication. We request access only to your basic profile information (name, email, profile picture). We do not request access to your Google Drive, Gmail, Calendar, or any other Google service beyond what is necessary for sign-in.

WhatsApp (Meta). Our WhatsApp integration is powered by the WhatsApp Business API provided by Meta Platforms, Inc. When you interact with us via WhatsApp, Meta processes your messages in accordance with their own privacy policy. We only receive the message content and metadata that Meta forwards to us through the API.

Property data providers. We may retrieve publicly available property information, market data, and comparable sales from third-party data providers to generate deal analysis reports.

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service.
  • Authenticate your identity and manage your account.
  • Process and analyze deal emails and WhatsApp messages you send to us, including verifying claims, running financial models, and generating reports.
  • Send you transactional emails and WhatsApp messages related to your deal analysis (e.g., report completion notifications). These communications are a core part of the Service and are not marketing messages.
  • Improve, personalize, and enhance the Service.
  • Monitor and analyze usage trends to improve user experience and performance.
  • Detect, prevent, and address technical issues or security threats.
  • Comply with legal obligations.

3. Artificial Intelligence and Automated Processing

The Service relies on artificial intelligence (“AI”) and automated machine-learning models to analyze the content you submit. By using the Service, you acknowledge and agree that:

  • AI processing. Your deal emails, WhatsApp messages, attachments, and related data are processed by AI models to generate analysis reports, financial projections, and investment summaries.
  • Third-party AI providers. We use third-party AI infrastructure providers to power our analysis. All AI inference is performed under enterprise API agreements. These providers do not use your data to train their own models. Data Processing Agreements (DPAs) are in place with each provider. We will update this policy if we make material changes to our AI provider relationships.
  • AI model training by Weston AI. We may use property photos you submit to improve our own visual AI models, but only with your explicit consent and in fully anonymized form (no franchise, operator, address, or deal identifier is retained). Your data is never shared with or used to benefit any third party or competitor. You may withdraw this consent at any time with 30 days’ written notice to privacy@meetweston.com.
  • No guarantee of accuracy. AI-generated outputs may contain errors, inaccuracies, hallucinations, or omissions. All analysis results should be independently verified before being relied upon for any investment or business decision.
  • Human review. AI-generated content is not routinely reviewed by a human before delivery. If you believe a report contains a significant error, please contact us so we can investigate.
  • Not professional advice. AI-generated analysis does not constitute financial, investment, legal, or tax advice. You should consult qualified professionals before making any investment decisions.

4. Email and WhatsApp Communications

As part of the Service, we send communications to the contact information associated with your account. These include:

  • Deal analysis replies. When you forward a deal email to weston@deal.meetweston.com or submit a deal via WhatsApp, we reply with the analysis results through the same channel.
  • Service notifications. Important updates about your account or the Service (e.g., changes to these terms, security alerts).

We do not send unsolicited marketing or promotional messages. We do not sell, rent, or share your contact information with third parties for their marketing purposes.

Transactional emails are delivered via a trusted third-party email delivery service. WhatsApp messages are delivered through the WhatsApp Business API operated by Meta Platforms, Inc.

5. Data Sharing, Sub-Processors, and Disclosure

We do not sell, trade, rent, or share your personal information with third parties for their own commercial purposes.

We engage trusted third-party service providers to operate the Service, including cloud infrastructure, AI inference, messaging delivery, and payment processing providers. All service providers are bound by data protection obligations equivalent to those in this policy and are prohibited from using your data for any purpose other than providing services on our behalf.

We will provide reasonable advance notice of any material changes to our third-party service provider relationships for enterprise clients operating under a Data Processing Agreement.

We may also share your information in the following circumstances:

  • Legal requirements. We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court order or government agency).
  • Business transfers. If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will provide notice before your information is subject to a different privacy policy.
  • With your consent. We may share your information for any other purpose with your explicit consent.

Do Not Sell. We do not sell personal information as defined under the California Consumer Privacy Act (CCPA) or any comparable state privacy law.

6. Data Retention and Deletion

We retain your personal information for as long as your account is active or as needed to provide the Service.

Data deletion is triggered by any of the following:

  • Account deletion or written deletion request from you
  • Contract or pilot termination without renewal
  • Expiry of the 12-month post-relationship retention period

Upon any deletion trigger, we will delete or anonymize your personal information within 30 days and provide written confirmation. Backup copies are purged on the same schedule. We may retain minimal records (invoices, contract metadata) as required for legal or tax compliance; these records do not include deal data, property photos, or financial inputs.

We cannot guarantee deletion of data you or your users exported from the platform prior to the deletion request.

To request deletion, contact privacy@meetweston.com. Written acknowledgment is provided within 24 hours; full deletion is completed within 30 days.

7. Data Security

We implement the following technical and organizational measures to protect your information:

  • AES-256 encryption of all data at rest via AWS Key Management Service (KMS)
  • TLS 1.2 minimum encryption for all data in transit
  • Secure authentication via Google OAuth 2.0 (we never store your password)
  • Multi-factor authentication (MFA) enforced on all production systems and company accounts
  • Role-based access control (RBAC) via AWS IAM; least-privilege model enforced
  • All access events logged via AWS CloudTrail with 90-day log retention
  • Production and development environments are fully isolated
  • No client deal data stored on local machines or outside of AWS infrastructure

Data residency. All client data is stored and processed in AWS US-East-1 (Northern Virginia), ensuring US data residency.

Security incident notification. In the event of a confirmed security breach affecting your data, we will notify you within 72 hours of discovery. Notification will include the nature of the incident, data categories affected, likely consequences, and remediation steps taken or planned.

While we strive to protect your information, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security.

8. Your Rights and Choices

Depending on your jurisdiction, you may have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate or incomplete personal information
  • Delete your personal information and account
  • Export your data in a portable format
  • Withdraw consent to AI model training at any time with 30 days’ written notice
  • Object to or restrict certain processing of your data

To exercise any of these rights, please contact us at privacy@meetweston.com.

9. Google OAuth and Limited Use Disclosure

Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We only request access to data necessary to provide the Service (authentication and basic profile information).
  • We do not use Google user data for serving advertisements.
  • We do not transfer Google user data to third parties unless necessary to provide or improve the Service, comply with applicable laws, or as part of a merger/acquisition.
  • We do not use Google user data for purposes unrelated to the Service.
  • Humans do not read Google user data unless we have your affirmative consent, it is necessary for security purposes, to comply with law, or the data is aggregated and anonymized for internal operations.

10. Children’s Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly.

11. Data Residency and International Transfers

All client data is stored and processed in the United States, in AWS US-East-1 (Northern Virginia). We do not transfer client deal data outside of the United States as part of our standard operations.

If you are accessing the Service from outside the United States, please be aware that your information will be transferred to, stored, and processed in the US. By using the Service, you consent to this transfer.

12. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read the privacy policies of any third-party services you access.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the “Last Updated” date above. Your continued use of the Service after any changes constitutes acceptance of the updated policy.

14. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

privacy@meetweston.com

Weston AI, Inc. · meetweston.com · Version 1.0 · April 2026

← Back to Weston