Privacy Policy

Last updated: April 5, 2026

Weavify ("we", "us", or "our") operates the weavify.io website and the eatandrink.weavify.io supplier portal (collectively, the "Service"). This Privacy Policy explains how we collect, use, and protect your information.

1. Information We Collect

Account Information: When venue managers register on the Supplier Portal, we collect name, email address, and phone number.

Booking Information: When reservations are made through AI agents or the booking widget, we collect guest name, party size, date/time, and optionally email, phone number, and special requests.

Venue Data: Venue managers provide venue profiles, menus, pricing, availability, and location data for display to AI agents and users.

Usage Data: We automatically collect API usage logs including IP addresses, request timestamps, and endpoints accessed for rate limiting and security purposes.

2. How We Use Your Information

• To process and manage table reservations
• To display venue information to AI agents and website visitors
• To authenticate venue managers on the Supplier Portal
• To enforce API rate limits and prevent abuse
• To improve our Service and develop new features
• To communicate with venue managers about their accounts

3. Information Sharing

We share venue profile data (name, address, menu, availability) publicly with AI agents and website visitors — this is the core purpose of the Service.

Booking details (guest name, party size, date) are shared with the booked venue so they can honor the reservation.

We do not sell personal information to third parties. We do not share guest contact information with anyone other than the booked venue.

4. AI Agent Data

Weavify is designed to be accessed by AI agents (ChatGPT, Claude, Gemini, and others). When an AI agent makes API calls on behalf of a user:

• We process the booking request the same way as any other API client
• We do not receive or store the user's conversation with the AI agent
• The AI agent's API key is logged for rate limiting and auditing

5. Data Security

We implement industry-standard security measures:

• All data transmitted over HTTPS/TLS encryption
• Passwords hashed with bcrypt
• API keys stored as SHA-256 hashes (never in plaintext)
• Database access restricted to the application layer

6. Data Retention

Account data is retained for the duration of the account. Booking records are retained for 12 months after the booking date. API usage logs are retained for 90 days. You may request deletion of your account and associated data at any time.

7. Your Rights

You have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Withdraw consent for data processing

8. Cookies

The Supplier Portal uses localStorage to store authentication tokens. The public website does not use cookies for tracking. We do not use third-party analytics or advertising cookies.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date.

10. Contact

For privacy-related inquiries, contact us at: [email protected]

Weavify
Bangkok, Thailand