Privacy, in plain English.

What we collect

Three buckets, and that is the whole list.

Account data: the email you sign in with, the Google OAuth identifier and display name if you use Google, your chosen display handle, and your preferred interface locale. We never see or store a password — sign-in is one-time code or Google.

Review data: the products you add, the review text you publish, your verdict (positive, mixed, negative), every edit you make within the 15-minute window, and the timestamps on each. Reviews are public by design and attributed to your handle.

Reading signal: when someone opens a published review, we record an event row — review id, coarse time bucket, and a hashed visitor token that lets us count distinct readers without identifying them. This is the signal that drives reviewer tiering and earnings. We do not record IP addresses, mouse movement, scroll depth, or referrer chains.

What we do with it

Run the platform you signed up for. Specifically: authenticate you, publish your reviews, moderate new and edited drafts, count readers so the tier signal is honest, pay reviewers their share of revenue when payouts go live, and translate your review into other languages at our cost so it earns where readers are.

We do not profile you for advertising, sell or rent the data, or share it with data brokers. There is no behavioral retargeting on this site, ever.

Who else touches it

We use a small number of specialist vendors as subprocessors. Each one only sees the data it needs to do its job.

Supabase — hosts the database, authentication, and file storage. All review data lives here.

Google — when you choose to sign in with Google, Google verifies your identity and returns your profile basics to us.

Anthropic — runs the Claude model that screens new and edited reviews for the rules listed in our standard, and that resolves ambiguous product-match cases during ingest. Review text is sent for the duration of the moderation call. Anthropic does not train models on it.

Jina AI — generates the small numeric fingerprints we use to detect when two product pages describe the same thing. Only the product title and brand are sent, never review text or user identity.

A product search vendor — when you add a new product, we query a web search API to surface candidates. Only the search term you typed is sent.

If we ever add or change a subprocessor, this page is updated before the change is live.

Cookies and local state

Two cookies, both first-party. A session cookie that keeps you signed in, and a locale cookie that remembers your chosen interface language. No analytics cookies, no advertising cookies, no third-party trackers. We do not use Google Analytics, Meta Pixel, or anything in the same category.

Your rights

You can read, export, correct, or delete your account and reviews at any time from your profile. Deletion is real: account row, drafts, version history, paired moderation events, embedding rows, and reader-event rows tied to your account are removed within thirty days. Published review text on products you reviewed is retained in anonymized form unless you also ask us to remove the content — write to us and we will.

If you are in the EU, UK, or another jurisdiction with similar law, you also have the right to object to processing, to lodge a complaint with your data protection authority, and to ask for a copy of the data we hold in a portable format.

Where data lives

Production data is stored in Supabase regions inside the EU. Moderation calls and embedding calls reach vendors whose endpoints may sit outside the EU; those transfers rely on the vendor's Standard Contractual Clauses. We do not knowingly send your data to jurisdictions that lack an adequate legal basis for it.

How long we keep things

Account and review data: as long as your account exists, then through the deletion window above.

Reader-event rows: rolled into monthly partitions and retained for 24 months in identifiable form, then aggregated.

Auth logs and security records: 12 months.

Payout records (once payouts begin): retained for the period tax law requires, which is typically seven years.

Children

Weiver is not for anyone under 16. We do not knowingly collect data from children. If you believe a child has signed up, contact us and we will remove the account.

Changes to this policy

If we change anything material, you will see a banner in the reviewer app the next time you sign in, and the effective date above will move.