WePlen — Privacy Policy

WePlen

The operating system for events

LEGAL

Effective: May 23, 2026 · v1.0 — Beta · Dubai, UAE

🔒 The short version

We collect what's needed to run WePlen for you: your account info, your workspace activity, and basic technical data.

Your specific data stays confidential. Your company name, financial numbers, supplier names, chat messages, dispute details, and pricing are never sold, shared with other customers, or made identifiable outside your workspace.

Aggregated industry insights may be commercially used. We may produce and license anonymized benchmarks like "average security spend across UAE festivals" or "typical RFQ turnaround in F&B." These never identify specific companies, deals, or people.

You can export, edit, or delete your data at any time. Dispute evidence is retained for audit integrity.

Table of contents

1.Who we are
2.What we collect
3.How we use it
4.Who we share with
5.Storage & security
6.Retention
7.Cookies
8.Email communications
9.Your rights
10.International transfers
11.Children
12.Changes
13.Contact

1Who we are

WePlen is operated by WePlen FZ-LLC, registered in the United Arab Emirates. For the purposes of data protection law, we are the controller of personal data submitted directly by you (account info), and the processor of content you upload into your workspace.

This policy explains what data we collect, why we collect it, what we do with it, and your rights.

2What we collect

2.1 Account information

Category	Examples	Source
Identity	Full name, email address	You provide at signup
Credentials	Hashed password, auth tokens	Created by Supabase Auth
Profile	Role, company name, avatar (if uploaded)	You provide

2.2 Workspace content

Category	Examples
Event data	Event names, dates, venues, types, scale
Tasks & approvals	Task descriptions, statuses, approval requests
Chat messages	Text, attachments, timestamps, sender info
Suppliers & quotes	Supplier contacts, RFQ scopes, quote prices, attachments
Payment commitments	Amounts, statuses, supplier links — but no payment card or bank data during beta
Dispute records	Case descriptions, evidence snapshots, manager decisions

2.3 Technical data

Category	Examples	Why
Device	Browser, OS, screen size	Render UI correctly
Activity	Pages viewed, actions taken, timestamps	Audit log, debugging
IP address	Approximate location, ISP	Security, abuse prevention

We do not collect: payment card numbers, biometric data, government IDs (during beta), location data beyond approximate IP geo, or data from third-party social networks.

3How we use your data

We use data to:

Operate the Service — render your workspace, sync your data across devices, deliver notifications, generate AI blueprints and recommendations
Authenticate you — verify it's you signing in, recover access
Communicate — send transactional emails (account verification, password reset, workspace invites, dispute notifications)
Improve WePlen and its AI features — diagnose bugs, analyze feature usage, study patterns in how users plan and run events, refine AI prompts and outputs, evaluate model quality, and continuously enhance the AI Blueprint, WeGenie, and other intelligent features of the platform
Provide audit trails — record activity in workspace logs and preserve dispute evidence
Protect against abuse — detect and prevent spam, fraud, or violations of our Terms
Comply with law — respond to lawful requests from authorities
Produce aggregated industry insights — see section 3.2 below

3.1 Your specific data — confidential to your workspace

The following always stays inside your workspace and is never identifiable to anyone outside it:

Your name, email address, and account credentials
Your company name and workspace identity
Specific chat messages and discussion threads
Dispute evidence, case details, and resolution records
Specific BOQs, RFQs, quote amounts, supplier negotiations, and pricing
Individual financial commitments, event budgets, and payment timelines
Any content that could identify a specific company, event, or person

We do not sell, license, or share this information with other customers, advertisers, or third parties — except where required by law, where you have explicitly consented, or where strictly necessary to operate the platform (e.g., cloud hosting per section 4).

3.2 Aggregated industry insights — may be commercially used

WePlen may produce, publish, license, or sell aggregated and anonymized data products derived from platform-wide activity. Examples of what this looks like:

"Festivals over 5,000 guests in the UAE allocate on average X% of budget to security"
"Average time from RFQ issued to award in F&B is Y days across the region"
"Lighting supplier markups average Z% on corporate events"
"Top supplier categories disputed in Q3 2026 across the platform"

These outputs will never contain:

Identifiable company names or workspace identities
Specific deal values traceable to a customer
Individual chat messages, dispute details, or supplier negotiations
Any data point that could reasonably re-identify a specific workspace, user, supplier, or event

In plain English: we may help the events industry understand itself through aggregated benchmarks — but your company's specific numbers, conversations, suppliers, and relationships are yours alone.

What "improving AI features" means in practice. Analyzing which task categories appear most often in festival blueprints so the AI suggests them earlier; learning common patterns of supplier negotiation flow so WeGenie offers better mediation; refining how the AI Blueprint structures execution plans based on real-world feedback. We work with aggregated patterns and anonymized samples. We do not republish your specific content to other workspaces or train publicly-available AI models on your private workspace data.

4Who we share with

We share data only with service providers strictly necessary to operate WePlen:

Provider	Purpose	Location
Supabase	Database, authentication, file storage	Mumbai, India (ap-south-1)
Netlify	Application hosting, edge functions	Global CDN
Anthropic	AI Blueprint and WeGenie features (Claude API)	United States
Resend	Transactional email delivery (verification, invites, notifications)	United States
Google Workspace	WePlen team email (administrative contact only)	Global

Each provider is bound by contractual obligations to handle data only for the purposes we direct, with appropriate security measures.

What we do not do: we do not sell identifiable personal data; we do not share your specific chat content, dispute evidence, BOQs, supplier negotiations, or financial commitments with other customers or third parties; we do not build advertising profiles; we do not allow advertisers to target you within WePlen.

What we may do: as described in section 3.2, we may produce, publish, or commercially license aggregated and anonymized data products — industry benchmarks and statistical insights — derived from platform-wide activity. These outputs are designed never to identify a specific company, workspace, user, or event.

We may disclose data when required by law, court order, or lawful government request — and where permitted, we will notify the affected user beforehand.

5Storage & Security

Data is encrypted in transit (TLS 1.2+) and at rest (AES-256, managed by Supabase and the underlying AWS infrastructure). Passwords are hashed using industry-standard algorithms (bcrypt) — we never see or store your plain-text password.

Access to production data is limited to a small set of authorized WePlen personnel, subject to confidentiality obligations. We log access for audit purposes.

While we take reasonable measures, no system is impervious to breach. If we become aware of unauthorized access affecting your data, we will notify you without undue delay, typically within 72 hours.

6Data Retention

We retain data only as long as needed:

Active account data — retained while your account is active
Closed account data — most personal data deleted within 30 days of account closure; workspace content retained per workspace Owner's instructions
Dispute evidence — retained for at least 2 years after resolution, for audit and legal integrity
Activity logs — typically 12 months
Backups — rolling 30-day backups in case of disaster recovery
Legal holds — data subject to legal proceedings is retained until released

7Cookies & Local Storage

WePlen uses essential cookies and browser local storage to:

Keep you signed in (session tokens)
Remember your theme preference (dark/light)
Store draft messages and partial work to prevent data loss
Cache reference data to improve performance

We do not use advertising cookies, tracking pixels, or third-party analytics that profile users across the web.

8Email Communications

By creating an account, you consent to receive transactional emails essential to the Service:

Email verification when you sign up
Password reset links when requested
Workspace invitations sent on your behalf
Dispute notifications when you're a party to a case
Critical security alerts (suspicious sign-ins, etc.)

These are not promotional and cannot be unsubscribed from while you have an active account. We may occasionally send product update emails — you can opt out of those without affecting your account.

9Your Rights

Depending on your jurisdiction, you may have the right to:

Access — request a copy of your personal data
Rectify — correct inaccurate or incomplete data
Delete — request deletion of your account and data (subject to retention rules above)
Restrict processing — limit what we do with your data
Portability — receive a structured export of your data
Object — to certain types of processing
Withdraw consent — where processing is based on consent

To exercise any right, email privacy@weplen.com. We respond within 30 days. If we can't grant a request (e.g., due to legal retention obligations), we'll explain why.

10International Data Transfers

WePlen is operated from the UAE, with data stored primarily in Mumbai (Supabase ap-south-1). Some service providers (Anthropic, Resend, Netlify edge) operate from the US and EU. By using WePlen, you consent to your data being processed in these locations, subject to appropriate safeguards.

Where required by applicable law, we use Standard Contractual Clauses or equivalent mechanisms to protect cross-border transfers.

11Children

WePlen is not intended for individuals under 18 years of age. We do not knowingly collect data from minors. If you become aware that a minor has provided us with personal data, please contact us at privacy@weplen.com and we will delete it.

12Changes to this Policy

We may update this Privacy Policy as the Service evolves. Material changes will be communicated via email and/or a prominent notice in the Service at least 14 days before they take effect. The "Effective" date at the top reflects the most recent revision.

13Contact & Data Protection Officer

For privacy questions, requests, or complaints:

WePlen FZ-LLC — Privacy Team
Dubai, United Arab Emirates
privacy@weplen.com

If you're unsatisfied with our response, you have the right to lodge a complaint with the data protection authority in your jurisdiction.