Privacy Policy
- Version
- 2.0
- Effective from
- 2026-05-23
- Last updated
- 2026-05-23
01General provisions and scope
This Privacy Policy describes how WEI LABS S.A.S., trading as WEIBOOK ("WEIBOOK", "we", "us"), collects, uses, stores, shares and protects personal information in connection with the use of the WEIBOOK platform and services (the "Platform"), including the Wanda AI artificial intelligence tool.
This Policy is governed by the laws of the State of Delaware, United States of America, specifically including the Delaware Personal Data Privacy Act ("DPDPA"), 6 Del. C. Cap. 12D (effective January 1, 2025), and the Delaware Computer Security Breaches Act, 6 Del. C. Cap. 12B.
Who this Policy applies to
- Merchants: Businesses and professionals in the beauty and wellness sector that contract WEIBOOK's services to manage their operations.
- End Users: Natural persons whose data is entered into the system by the Merchant (their own salon, barbershop, etc. customers).
- Website visitors: People who browse weibook.co without registering.
By using the Platform, the Merchant declares that they have read, understood and accepted this Privacy Policy in its entirety, including on behalf of the End Users whose data they upload into the system.
02Definitions
- Personal data: Any information that identifies or could identify a natural person.
- Data controller: WEIBOOK, which determines the purposes and means of data processing.
- Data processor: WEIBOOK, when processing End User data on behalf of the Merchant.
- Processing: Any operation performed on personal data (collection, storage, use, disclosure, deletion).
- Sensitive data: Under the DPDPA, includes biometric data, health data, children's data, detailed financial data, among others.
- DPDPA: Delaware Personal Data Privacy Act, 6 Del. C. Cap. 12D.
03Information we collect
3.1 Registration and account data
When creating a WEIBOOK account we collect:
- Full name and business name
- Email and password (encrypted)
- Phone number
- Business address
- Type of business (salon, barbershop, spa, etc.)
- Country and timezone
3.2 Business operations data
When using the Platform to manage your business, the following is generated and stored:
- Appointment records (date, time, service, assigned professional)
- Service catalog and pricing
- Transaction and revenue history
- Cash register records (income and expenses)
- Product inventory
- Professional commission information
- Communications sent through the Platform
3.3 End User data
Merchant customer data entered into the Platform may include, depending on what the Merchant provides:
- First and last name
- Phone number and/or email
- Visit and service history
- Personal notes entered by the professional
- Service preferences and observations
3.4 Payment data
Payments on the Platform are processed by Stripe, Inc. WEIBOOK does not store credit card numbers, debit card numbers, or full bank data. The only payment data we retain is the subscription identifier, transaction history and payment status, as necessary for providing the service.
3.5 Product usage and analytics data
We collect data about how the Platform is used, including:
- Pages and features visited
- Frequency and duration of use
- Interaction events (clicks, completed flows)
- Errors and performance events
- IP address and device data (device type, operating system, browser)
- Session identifiers
This data is processed with PostHog (PostHog, Inc.), a product analytics platform, in order to improve user experience and detect errors.
3.6 Communications with WEIBOOK
If you contact our support team, we keep a record of those communications to manage your request and improve our service.
04How we use your information
We use the collected data exclusively for the following purposes:
| Purpose | Legal basis (DPDPA) |
|---|---|
| Create and manage your account | Contract performance |
| Process payments and subscriptions | Contract performance |
| Provide appointment, cash and inventory management services | Contract performance |
| Send operational notifications (reminders, updates) | Contract performance |
| Provide the Wanda AI service | Contract performance / consent |
| Improve and develop the Platform | Legitimate interest |
| Detect and prevent fraud or abuse | Legitimate interest / legal obligation |
| Respond to technical support requests | Contract performance |
| Send marketing communications about WEIBOOK products | Consent (opt-in) |
| Comply with legal and regulatory obligations | Legal obligation |
| Anonymized statistical industry analysis | Legitimate interest |
WEIBOOK does not sell personal data of Merchants or End Users to third parties for advertising or commercial purposes unrelated to providing the service.
05Sharing with third parties
WEIBOOK may share data with the following third parties, only to the extent necessary to provide the service:
| Third party | Purpose | Type of data |
|---|---|---|
| Stripe, Inc. (USA) | Payment and subscription processing | Billing data, email, payment history |
| PostHog, Inc. (USA) | Product analytics, UX improvement | Anonymized/pseudonymized usage data |
| Meta Platforms (WhatsApp Business API) | Notifications and communication with Merchant customers | Phone number, notification messages |
| Cloud infrastructure provider (AWS/GCP/equivalent) | Platform hosting and data storage | All Platform data |
| Transactional email providers | Sending notifications, alerts and reminders | Email, name, notification content |
All listed providers are subject to data processing agreements requiring them to comply with security and privacy standards equivalent to those in this Policy.
WEIBOOK will not share personal data with third parties not listed without first notifying the Merchant and obtaining the necessary consent, except to comply with a legal obligation or the request of a competent authority.
06Cookies and tracking technologies
WEIBOOK uses cookies and similar technologies on its website and on the Platform.
Types of cookies we use:
- Strictly necessary cookies: Required for Platform operation (authentication, session security). Cannot be disabled.
- Analytics and performance cookies: Used through PostHog to understand how users interact with the Platform. They collect data in anonymized or pseudonymized form.
- Preference cookies: Save user settings (language, timezone, preferred view).
Cookie control: You can configure your browser to reject cookies, though this may affect some Platform functionality. When using the Platform for the first time, you will have the option to accept or reject non-essential cookies through our consent banner.
Analytics opt-out: To exclude yourself from PostHog tracking, you can send a request to [email protected] indicating "Analytics opt-out".
07Artificial intelligence — Wanda AI
7.1 What data Wanda uses
Wanda AI ("Wanda") uses Merchant business data stored on the Platform to generate responses and recommendations: appointment history, service catalog, customer preferences and operational data.
7.2 Data use for model improvement
WEIBOOK may use anonymized and aggregated data from Wanda usage to improve the underlying models. We will not use identifiable personal data of End Users to train AI models without the Merchant's explicit consent. The Merchant may request at any time the exclusion of their data from this process by writing to [email protected].
7.3 Automated decisions
Wanda's responses are informational and operationally supportive. WEIBOOK does not make decisions with significant legal effects on natural persons exclusively automatically. The Merchant is responsible for final decisions made based on Wanda's suggestions.
7.4 Accuracy limitations
AI models may produce inaccurate results. WEIBOOK does not warrant the accuracy, completeness or fitness for any particular purpose of Wanda's responses.
08Data retention
| Data category | Retention period |
|---|---|
| Active account and business data | While the subscription is active |
| Post-cancellation data | 30 days (Grace Period for export) |
| Backup copies | Up to 90 additional days after cancellation |
| Transaction and billing records | 7 years (tax and legal compliance) |
| Support communication records | 3 years |
| Anonymized analytics data | Up to 2 years |
| Security logs | 1 year |
After the indicated periods, data will be deleted securely and irrecoverably.
09International data transfers
WEIBOOK is incorporated in the State of Delaware, USA. Personal data collected from users located in Latin American countries and other regions is transferred to and processed on servers located in the United States.
By using the Platform, the Merchant acknowledges and accepts this international transfer. WEIBOOK implements contractual safeguards with its US service providers to ensure a level of protection equivalent to that required by applicable data protection laws.
10Your rights under the DPDPA
If you are a resident of the State of Delaware, or if WEIBOOK applies DPDPA rights to all its users, you have the following rights over your personal data, pursuant to 6 Del. C. § 12D-105:
| Right | Description |
|---|---|
| Access | Confirm whether we process your data and obtain a copy |
| Correction | Request correction of inaccurate data |
| Deletion | Request deletion of your personal data |
| Portability | Obtain a copy of your data in portable format (CSV) |
| Opt-out of sale | "Object to the \"sale\" of your data (WEIBOOK does not sell data, but the right exists)" |
| Opt-out of targeted advertising | Object to the use of your data for targeted advertising |
| Opt-out of profiling | Object to the use of your data for automated decisions with significant effects |
| Categories of third parties | Know which categories of third parties have access to your data |
How to exercise your rights
Send a written request to: [email protected]. Include: full name, account email, right you wish to exercise, and description of the request.
Response time: WEIBOOK will respond within 45 calendar days of receiving your request. If we need more time, we will notify you with an extension of up to 15 additional days, indicating the reason.
No discrimination: Exercising your rights will not result in denial of service or differential treatment by WEIBOOK.
Appeals: If you are not satisfied with our response, you may appeal by emailing [email protected] with subject "Privacy request appeal". WEIBOOK will respond within 60 days. If the appeal is not satisfactory, you may file a complaint with the Delaware Attorney General at: https://attorneygeneral.delaware.gov
11Children's data
The Platform is intended exclusively for persons over 18 years of age. WEIBOOK does not intentionally collect personal data of children under 13 for its own use of the Platform.
However, since Merchants may manage appointments for customers who are minors, the Merchant is responsible for obtaining the necessary parental consent for the processing of such minors' data, in accordance with the Children's Online Privacy Protection Act (COPPA), 15 U.S.C. § 6501 et seq., and the DPDPA.
If WEIBOOK discovers that it has collected data from a child under 13 without proper parental consent, it will delete such data immediately. To report this type of situation: [email protected].
12Data security
WEIBOOK implements reasonable technical and organizational measures to protect personal data, including:
- Encryption in transit: All communications between the user and the Platform use TLS/HTTPS protocols.
- Encryption at rest: Data stored in our databases is encrypted.
- Access control: Access to production data restricted by roles and multi-factor authentication (MFA) for the internal team.
- Security monitoring: Access logs and anomaly detection systems.
- Vulnerability management: Periodic security reviews and dependency updates.
No system is 100% secure. In the event of a security breach, WEIBOOK will act in accordance with Article 16 of the Terms and Conditions and applicable law (6 Del. C. § 12B-102), notifying those affected within 60 days of determining the incident.
13No sale or use for targeted advertising
WEIBOOK does not sell personal data of Merchants or End Users to third parties.
WEIBOOK does not use identifiable personal data of End Users for third-party targeted advertising.
Use of analytics tools such as PostHog is limited to internal product improvement. If WEIBOOK were to implement targeted advertising in the future, we will notify with at least 30 days' notice and provide a clear and easily accessible opt-out mechanism.
14Updates to this Policy
WEIBOOK may update this Privacy Policy at any time. When changes are material, we will notify the Merchant by:
- Email to the address registered on the account
- Visible notice on the Platform upon login
The "last updated" date at the beginning of this document will always reflect the current version. Continued use of the Platform after notification of changes constitutes acceptance of the new Policy.
15Contact — Privacy officer
For any inquiry, exercise of rights, or report related to this Policy:
- WEIBOOK — Privacy Team, WEI LABS S.A.S.
- Email: [email protected]
- Response time: 45 calendar days
- For urgent security incident reports: [email protected]
16Governing law
This Privacy Policy is governed by the laws of the State of Delaware, United States of America, including the Delaware Personal Data Privacy Act (6 Del. C. Cap. 12D) and the Delaware Computer Security Breaches Act (6 Del. C. Cap. 12B). Any dispute concerning this Policy shall be submitted to the jurisdiction of the courts of the State of Delaware.