accessibility.skipToMainContent
Back to Home

DWEVE PRIVACY POLICY

Your Data Rights, Respected and Protected

Version 1.0 | Effective Date: September 25, 2025 | GDPR & EU AI Act Compliant

OUR PRIVACY COMMITMENT

At Dweve, privacy isn't an afterthought. It's foundational to our architecture. We're building AI that serves you, not surveillance systems that exploit you. This Privacy Policy explains how we collect, use, protect, and respect your personal data in full compliance with GDPR, the Dutch Data Protection Act, and the EU AI Act.

🇪🇺 European Data Sovereignty: Your data stays in Europe, under European law, protected by European values.

Key Principles:

Data Minimization: We collect only what we need, nothing more

Purpose Limitation: Your data is used only for stated purposes

Transparency: Clear, honest communication about data use

User Control: You decide how your data is used

Security by Design: Advanced encryption and protection

TABLE OF CONTENTS

PART I: DATA COLLECTION

1. INFORMATION WE COLLECT

1.1 Account Information

  • • Name and professional title
  • • Email address (primary contact)
  • • Company name and industry
  • • Country/region (for compliance)
  • • Phone number (optional, for support)

1.2 Usage Data

  • • Platform interactions and feature usage
  • • API calls and response times
  • • Model performance metrics
  • • Error logs and debugging information
  • • Session duration and frequency

1.3 Technical Data

  • • IP address (for security and localization)
  • • Browser type and version
  • • Device information and OS
  • • Network performance data
  • • Security event logs

⚠️ We do NOT collect: Biometric data, location tracking, social media monitoring, or any data not directly related to our AI services.

2. HOW WE COLLECT DATA

2.1 Direct Collection

  • • Account registration forms
  • • Contact and support requests
  • • Voluntary surveys and feedback
  • • Platform configuration settings

2.2 Automatic Collection

  • • Platform usage analytics
  • • Performance monitoring
  • • Security logging
  • • Error tracking and diagnostics

3. LEGAL BASIS FOR PROCESSING

Contractual Necessity

To provide our AI services:

  • • Account management
  • • Service delivery
  • • Technical support
  • • Billing and payments

Legitimate Interest

For business operations:

  • • Platform improvement
  • • Security monitoring
  • • Performance optimization
  • • Fraud prevention

Legal Compliance

To meet regulatory requirements:

  • • EU AI Act compliance
  • • Tax and financial records
  • • Security breach reporting
  • • Law enforcement requests

Consent

Only when you choose:

  • • Marketing communications
  • • Optional cookies
  • • Newsletter subscriptions
  • • Beta program participation

PART II: DATA USE

4. HOW WE USE YOUR DATA

4.1 Service Delivery

  • • Provide access to Dweve platform and APIs
  • • Process your AI workloads only when you explicitly instruct us (via prompts, training requests, fine-tuning)
  • • Temporarily store data in quantum-safe encrypted form during active service usage
  • • Deliver technical support and assistance
  • • Manage your account and billing
  • • Send service-related notifications

🔒 Privacy Guarantee: We never use your personal data to train our AI models. Your data is processed only when you explicitly put it into our system for your own purposes.

4.2 Technical Advancement

  • • Extract and store binary constraints discovered during AI processing (no personal data)
  • • Analyze platform performance patterns to enhance reliability
  • • Develop new AI capabilities through constraint discovery
  • • Optimize our binary neural network architecture
  • • Conduct aggregated research on AI efficiency (fully anonymized)

🧠 Innovation Note: We improve our AI by learning mathematical constraints and patterns, not by storing or analyzing your personal information.

4.3 Security & Compliance

  • • Detect and prevent fraudulent activity
  • • Monitor for security threats
  • • Ensure compliance with terms of service
  • • Respond to legal requests and obligations
  • • Protect intellectual property rights

5. DATA STORAGE & PROCESSING

🔒 We do NOT sell, rent, or trade your personal data. We store data ONLY when you actively use our services.

When We Store Your Data

  • • During Active Service Usage: When you use our platform through the Dweve Mesh
  • • Quantum-Safe Encryption: All stored data uses post-quantum cryptographic protection
  • • Customer-Controlled Processing: Your data is processed by AI only when you explicitly put it into prompts, training, or fine-tuning
  • • Automatic Deletion: Automated systems remove personal data when service usage ends

5.1 Limited Sharing (When Required)

  • • Service Providers: Trusted EU-based partners (hosting, payment processing)
  • • Legal Compliance: When required by European law or court order
  • • Business Transfers: In case of merger/acquisition (with same protections)
  • • Consent: When you explicitly authorize sharing

5.2 Binary Constraints & Technical Insights

We store and may share mathematical constraints and patterns discovered during AI processing:

  • • Binary constraints: Mathematical rules and patterns that improve AI efficiency
  • • Performance optimization insights (anonymized)
  • • AI architecture improvements for research
  • • Platform usage statistics (no personal data)

🔧 Technical Separation: These constraints contain zero personal information. They're pure mathematical discoveries that make AI more efficient.

6. INTERNATIONAL TRANSFERS

🇪🇺 Your data stays in Europe. Period.

6.1 European Data Residency

  • • All data processing occurs within the European Union
  • • Primary data centers: Netherlands, Germany, France
  • • Backup facilities: Ireland, Sweden
  • • No data transfers to countries without adequate protection
  • • Full compliance with Schrems II requirements

6.2 Third-Country Transfers

In the rare case where international transfer is necessary (e.g., global enterprise clients):

  • • Standard Contractual Clauses (SCCs) are mandatory
  • • Transfer Impact Assessments conducted
  • • Additional safeguards implemented
  • • Explicit consent obtained
  • • Right to object always available

6.3 Prohibited Transfers

We explicitly prohibit:

  • • Data transfers to countries without adequacy decisions
  • • Sharing with entities subject to foreign surveillance laws
  • • Processing by non-EU subprocessors without guarantees
  • • Any transfer that compromises European sovereignty

PART III: YOUR RIGHTS

7. YOUR GDPR RIGHTS

As a European data subject, you have comprehensive rights over your personal data.

Right of Access

Download all your personal data in a portable format. Request details about how we process your information.

Right to Rectification

Correct any inaccurate or incomplete personal data. Update your information at any time.

Right to Erasure

Request deletion of your personal data ("right to be forgotten"). Some data may be retained for legal compliance.

Right to Restrict Processing

Limit how we process your data while maintaining your account and service access.

Right to Data Portability

Export your data in machine-readable formats. Transfer your information to other services.

Right to Object

Object to processing based on legitimate interests. Opt-out of marketing communications anytime.

How to Exercise Your Rights

  • • Email: privacy@dweve.com
  • • Response Time: Within 30 days (1 month)
  • • Verification: We may verify your identity for security
  • • No Cost: Exercising rights is free (excessive requests may incur fees)

8. COOKIE POLICY

8.1 Essential Cookies

Required for platform functionality:

  • • Session management and authentication
  • • Security tokens and CSRF protection
  • • Language and accessibility preferences
  • • Load balancing and performance

8.2 Analytics Cookies

Optional, privacy-preserving analytics:

  • • Self-hosted Plausible Analytics (GDPR-compliant)
  • • No personal data collection
  • • No cross-site tracking
  • • 24-hour data retention only
  • • Can be disabled in settings

8.3 What We DON'T Use

  • ❌ No third-party advertising cookies
  • ❌ No social media tracking pixels
  • ❌ No Google Analytics or similar
  • ❌ No fingerprinting or supercookies
  • ❌ No cross-site tracking

8.4 Cookie Management

  • • Manage preferences in Account Settings
  • • Browser controls always respected
  • • Clear cookies anytime without losing account data
  • • Detailed cookie list available on request

9. DATA RETENTION

We keep data only as long as necessary, then securely delete it.

9.1 Active Account Data

  • • Account information: Duration of account + 30 days
  • • Usage logs: 90 days rolling window
  • • API logs: 30 days for debugging
  • • Model outputs: 24 hours (unless saved by user)
  • • Training data: Never stored after processing

9.2 After Account Deletion

  • • Immediate deletion: Personal data, preferences, saved models
  • • 30-day grace period: Account recovery possible
  • • Legal retention: Billing records (7 years, encrypted)
  • • Anonymized data: May be retained for research
  • • Backup deletion: Within 90 days across all systems

9.3 Special Cases

  • • Legal holds: Extended per court orders
  • • Fraud investigation: Up to 5 years
  • • Signed agreements: Contract duration + 10 years
  • • Intellectual property: As required by law

9.4 Deletion Process

Our secure deletion ensures data is unrecoverable:

  • • Cryptographic overwriting of storage
  • • Removal from all backups within 90 days
  • • Certificate of deletion available on request
  • • Third-party verification available for enterprise

PART IV: PROTECTION

10. SECURITY MEASURES

10.1 Technical Safeguards

Quantum-Safe Encryption

  • • Post-quantum cryptographic algorithms for future-proof security
  • • TLS 1.3 with quantum-resistant ciphers for data in transit
  • • End-to-end encryption for all AI processing
  • • Hardware security modules (HSM) with PQC support

Automated Data Management

  • • Automated personal data removal systems
  • • Multi-factor authentication (MFA)
  • • Zero-trust architecture with constraint separation
  • • Continuous automated access reviews

10.2 Operational Security

  • • 24/7 security monitoring and incident response
  • • Regular penetration testing and vulnerability assessments
  • • Employee security training and background checks
  • • EU compliance frameworks (GDPR, NIS2, DORA, CRA)
  • • Secure development lifecycle (SDLC)

11. AI-SPECIFIC PROTECTIONS

11.1 EU AI Act Compliance

  • • Transparency in AI decision-making processes
  • • Human oversight for high-risk AI applications
  • • Bias monitoring and fairness assessments
  • • Documentation of AI system capabilities and limitations
  • • Regular AI impact assessments

11.2 Privacy-First Architecture

  • • No Training on Personal Data: We never use your data to train our AI models
  • • Binary Constraint Discovery: We learn mathematical patterns, not personal information
  • • Customer-Controlled AI Processing: Your data is processed only when you explicitly instruct us
  • • European Data Sovereignty: All processing within European boundaries
  • • Quantum-Safe Edge Deployment: Local processing options with post-quantum security

✨ The Dweve Difference: Our AI learns from mathematical constraints, not your personal data. This architectural choice ensures your privacy while advancing AI capabilities.

12. DATA BREACH PROCEDURES

⚠️ In the unlikely event of a data breach, we have robust procedures to protect you.

12.1 Detection & Response

  • • 24/7 automated security monitoring
  • • Immediate incident response team activation
  • • Containment within 4 hours of detection
  • • Forensic analysis and scope determination
  • • Law enforcement cooperation when required

12.2 Notification Timeline

  • • Authorities: Within 72 hours (GDPR requirement)
  • • Affected users: Without undue delay
  • • Public disclosure: If high risk to individuals
  • • Partners: Per contractual obligations

12.3 What We'll Tell You

  • • Nature of the breach and data affected
  • • Likely consequences and risks
  • • Measures taken to address the breach
  • • Recommendations for protective actions
  • • Contact information for questions

12.4 Post-Breach Support

  • • Free credit monitoring (if applicable)
  • • Dedicated support hotline
  • • Regular updates on investigation
  • • Compensation per applicable law
  • • Transparent reporting on improvements

PART V: GOVERNANCE

13. CHILDREN'S PRIVACY

👶 Dweve services are designed for professional use by adults (18+).

13.1 Age Requirements

  • • Minimum age: 18 years old
  • • Business accounts require legal capacity
  • • Educational accounts require institution verification
  • • No marketing to minors

13.2 If We Discover a Minor's Data

  • • Immediate account suspension
  • • Parent/guardian notification
  • • Data deletion within 48 hours
  • • No data retention or processing

13.3 Educational Exceptions

For approved educational institutions:

  • • Institution manages student accounts
  • • Parental consent via institution
  • • Limited data collection
  • • Enhanced privacy controls
  • • No behavioral profiling

14. POLICY UPDATES

14.1 When We Update

  • • Legal or regulatory changes
  • • New features or services
  • • Security enhancements
  • • User feedback integration
  • • Annual review minimum

14.2 How We'll Notify You

  • • Minor changes: Dashboard notification
  • • Material changes: Email 30 days before
  • • Critical changes: Explicit consent required
  • • Version history: Always available online

14.3 Your Options

  • • Review changes before effective date
  • • Object to specific changes
  • • Export your data
  • • Close account without penalty
  • • Grandfathering for existing agreements

15. CONTACT & COMPLAINTS

15.1 How to Reach Us

Data Protection Officer
  • Email: dpo@dweve.com
  • Phone: +31 (0)85 0041 022
Company Address

Dweve B.V.
Meander 251
6825 MC Arnhem, Netherlands
KVK: 98215043

15.2 Specialized Contacts

  • • Privacy Rights: privacy@dweve.com
  • • Data Breaches: security@dweve.com
  • • GDPR Compliance: compliance@dweve.com
  • • Legal Matters: legal@dweve.com
  • • General Support: support@dweve.com

15.3 Complaint Process

  1. Contact us first at privacy@dweve.com
  2. We'll acknowledge within 48 hours
  3. Investigation completed within 30 days
  4. Written response with resolution
  5. Appeal process if unsatisfied

15.4 Supervisory Authority

You have the right to lodge a complaint with the supervisory authority:

Dutch Data Protection Authority (Autoriteit Persoonsgegevens)

  • Website: autoriteitpersoonsgegevens.nl autoriteitpersoonsgegevens.nl
  • Privacy questions: +31 88 1805 250 (Mon-Thu, 10am-12pm)
  • General: +31 70 888 8500 (Weekdays, 9am-1pm)
  • Address: Postbus 93374, 2509 AJ Den Haag

This Privacy Policy reflects our unwavering commitment to European digital sovereignty and your fundamental right to privacy. We believe technology should empower individuals, not exploit them.

Your data. Your rights. Your digital sovereignty.