Privacy, terms, and cookies — written so you can actually read them.
We're an EU company, GDPR-compliant by default, and we believe
legal documents shouldn't be a wall of fear.
You own your data
Export, delete, self-host any time.
Cancel anytime
No long-term contracts on Cloud plans.
EU-hosted
Germany and Sweeden. No US transfers without SCCs.
No dark patterns
Reject all is one click — same as accept.
Section 1.1Who we are
WEnterprise, Lda. ("Weezzi", "we", "us") is a software company
registered in Portugal, headquartered in Aveiro. We are the data controller for
personal data processed through weezzibuilder.com,
the Weezzi Builder platform, and any deployed customer applications hosted on our infrastructure.
For applications you self-host on your own Docker or Kubernetes infrastructure,
you are the data controller — Weezzi has no access to or processing role for that data.
Entity
WEnterprise, Lda.
Sociedade por quotas — Portugal
Registered office
Aveiro, Portugal
Full address available on request
Supervisory authority
CNPD
Comissão Nacional de Proteção de Dados (PT)
Section 1.2What personal data we collect
We collect only what we need to operate the Service. Categories below.
Account & identity data
Name, email address, password (stored as bcrypt hash)
Company name, role, and country (for tax and invoicing)
Billing details processed by Stripe — we never store full card numbers
API logs, build logs, error traces, AI generation history
Feature usage events (which parts of the Builder you use, in aggregate)
Technical data
IP address, browser type, device class, OS, referrer URL
Session identifiers, performance metrics
Customer application data (when we host)
If you use Weezzi Cloud Hosting, end-user data flowing through your deployed
application sits in our infrastructure under a data-processing relationship
governed by our DPA. See section 04.
What we don't collect
We don't sell personal data. We don't run advertising trackers on weezzibuilder.com.
We don't profile end users of your deployed applications for our own purposes.
Section 1.3How we process your data
We use your data to: provide the Service (run the Builder, generate code,
host applications), secure it (detect abuse, fraud, attacks),
improve it (aggregate usage analysis, never on your prompts or code without
opt-in), and communicate with you (transactional emails, support replies,
and — only if you opt in — product news).
AI training — never on your code
We do not use your prompts, projects, or generated code to train our models or anyone
else's. All our AI inference providers operate under zero-retention contracts
with explicit no-training clauses. See the full list in
Section 4.2.
Section 1.4Legal basis (GDPR Art. 6)
We rely on the following lawful bases under the General Data Protection Regulation:
Contract performance (Art. 6(1)(b)) — to provide the Service you signed up for: account, builds, hosting, support.
Legitimate interests (Art. 6(1)(f)) — security, fraud prevention, network logging, aggregate product analytics, and direct B2B communication to existing customers.
Legal obligation (Art. 6(1)(c)) — invoicing, tax records (10 years under Portuguese law), responding to lawful requests.
Consent (Art. 6(1)(a)) — non-essential cookies, marketing emails, product newsletters. Consent can be withdrawn at any time.
We do not engage in automated decision-making with legal or similarly significant effects on you (Art. 22).
Section 1.5Who we share data with
We share data only with vetted sub-processors who are contractually bound to GDPR-grade
protections. The full live list is available in
Section 04 — DPA & Sub-processors.
We will notify customers at least 30 days in advance of adding a new sub-processor that
handles personal data.
We do not sell or rent personal data to anyone, ever. We may disclose data when legally
compelled by a court or competent authority — we will notify you unless legally prohibited.
Section 1.6How long we keep your data
We keep personal data only as long as we need it for the purposes above.
// retention windows
Account & project data While your account is active
∞until deletion
Deleted account & projects Hard-deleted from primary systems
30days
Backups containing your data Rolling encrypted backups
90days
Build & access logs Operational debugging
90days
Security audit logs SOC 2 / ISO 27001 evidence
365days
Invoices & tax records PT legal obligation
3650days
Section 1.7Your rights under GDPR
You have the following rights over your personal data. To exercise any of them,
email privacy@weezzi.com —
we'll respond within 30 days, and most requests are resolved in under a week.
Right of access
Get a copy of all data we hold about you. Art. 15.
Right to rectification
Correct inaccurate or incomplete data. Art. 16.
Right to erasure
"Right to be forgotten" — delete your data. Art. 17.
Right to restriction
Pause processing while issues are resolved. Art. 18.
Right to portability
Export your data in JSON or open formats. Art. 20.
Right to object
Object to processing based on legitimate interest. Art. 21.
Withdraw consent
Where processing relies on consent, you can withdraw it.
Lodge a complaint
With your local DPA. In Portugal: CNPD.
We won't penalize you for exercising your rights. Account remains active, prices don't change,
features don't get throttled.
Section 1.8International transfers
Your data is stored primarily in the European Union — Hetzner Frankfurt (Germany) and OVH
Gravelines (France). Some sub-processors operate outside the EU, in which case we rely on:
EU adequacy decisions where they exist
Standard Contractual Clauses (2021/914) for US-based providers
Supplementary technical measures — encryption in transit and at rest, key separation
For our AI inference providers (Deepinfra, Fireworks, AKI.io), we use SCCs and operate
under zero-retention contracts that prohibit training on customer prompts
or generated code. Customers on our Enterprise edition can opt for
BYOK (bring your own keys) to route inference through their own provider
account.
Section 1.9Children
Weezzi Builder is a B2B development platform and is not directed at children under 16.
We do not knowingly collect personal data from children. If you believe a child has
provided us with data, contact us and we will delete it.
Section 1.10Get in touch
For privacy questions, data requests, or concerns about how we handle your data, reach out directly. We don't hide behind ticket forms.
These Terms govern your use of Weezzi Builder. By creating an account or using the
Service, you agree to them. They form a binding contract between you (or your company)
and WEnterprise, Lda.
You own
Your code & data
Forever, no exceptions
We provide
The platform
"As a service" or "as software"
Cancellation
Anytime
Cloud plans · Enterprise per contract
We've worked hard to make these Terms readable. Where lawyers required specific language
(warranty disclaimers, limitations of liability), we've kept them as concise as possible
and explained them in plain English.
Section 2.2Your account
To use Weezzi Builder, you create an account. You're responsible for keeping your
credentials secure and for everything that happens under your account. Notify us at
security@weezzi.com the moment
you suspect compromise.
You must be at least 16 years old (or the age of digital consent in your country)
to use the Service. If you're using Weezzi on behalf of a company, you confirm you're
authorized to bind that company to these Terms.
One account, one human or one organizational unit. Account sharing across teams isn't
permitted on Cloud plans — Studios and Enterprise plans support multi-seat workspaces
with per-user access controls.
Section 2.3License & ownership
What we license to you
We grant you a non-exclusive, worldwide, revocable license to use Weezzi Builder for
your own business purposes during the term of your subscription. Reverse-engineering
of proprietary infrastructure components is not permitted.
What you own
Everything you build. The application model, your prompts, your data, the
generated source code — Java, Python, JavaScript — are yours. You can export them at any
time, run them on your own infrastructure, modify them freely, even after you cancel.
We claim no ownership and no royalty over generated code.
Trademarks
"Weezzi" and the Weezzi logo are trademarks of WEnterprise, Lda. You may refer to us
("built with Weezzi", "powered by Weezzi") in marketing materials, but you may not use
our marks in a way that suggests endorsement or partnership we haven't agreed to.
Open-source components
Weezzi Builder includes open-source components (Java, Python, Node.js, React, PostgreSQL,
etc.) used under their respective licenses. A full list is available at
/oss-attributions.
Generated code includes only OSI-approved licenses.
Section 2.4Acceptable use
You agree not to use Weezzi to build, host, or distribute:
Anything illegal under EU, US, or applicable national law
Malware, ransomware, phishing infrastructure, or stalkerware
Content that sexually exploits minors (immediate termination, reported to authorities)
Content that incites violence, terrorism, or genocide
Spam, mass unsolicited email, or services that violate CAN-SPAM / GDPR marketing rules
Cryptocurrency mining workloads on shared Cloud infrastructure
High-risk applications under the EU AI Act without proper conformity assessment
Anything that intentionally degrades the Service for other customers
We reserve the right to suspend access — with notice when possible, immediately when the
harm is ongoing — and to cooperate with law enforcement when legally required.
Section 2.5Billing & refunds
Subscription fees
Cloud plans are billed monthly or annually in advance. Hosting is billed per app, per
month. Prices are in EUR and exclude VAT — VAT is added at the rate applicable to your
location. We may change prices with at least 30 days' notice; changes apply at your
next renewal.
Refunds
Within the EU, you have the statutory 14-day right of withdrawal for digital services,
unless you've started using the Service (started a build, generated code, deployed
an app), in which case you waive that right per Directive 2011/83/EU Article 16(m).
Beyond statutory rights: we offer a no-questions-asked refund within 7 days of your first
paid charge. After that, fees are non-refundable, but you can cancel at any time and
won't be billed for the next cycle.
Failed payments
If a payment fails, we'll retry over 7 days and notify you. After 14 days of non-payment,
access is suspended. After 60 days, the account is scheduled for deletion (data is
preserved for 30 more days for recovery).
Section 2.6Uptime & service level
Cloud plans
99.5% monthly
Best effort · No financial credits
Hosting · Scale+
99.9% monthly
Service credits per SLA
Enterprise · On-premises
N/A
Runs on your infrastructure — uptime is yours to define
Excludes scheduled maintenance (announced 7 days in advance), force-majeure events, and
issues caused by customer code, customer-controlled integrations, or DDoS attacks.
Status page: status.weezzi.com.
Enterprise (On-Premises) deployments run inside your own infrastructure,
so we don't commit to an uptime SLA — that's under your operational control. What we do
offer is a support SLA (response time and coverage hours) under the
Standard, Extended, or Mission Critical tiers in your Enterprise contract.
Section 2.7Suspension
We may suspend access if:
Your payment is more than 14 days overdue
We reasonably believe you're violating Acceptable Use
Your usage threatens platform stability or security
We're legally compelled to suspend (court order, regulator)
We'll notify you before suspension when feasible. Suspension doesn't end your subscription —
once the issue is resolved, access is restored. If suspension lasts more than 14 days, you
may cancel and we'll refund any unused, prepaid period.
Section 2.8Termination
By you
Cancel at any time from your account settings. Your subscription remains active until the
end of the paid period. You can export everything — projects, generated
code, data — for 30 days after cancellation, then it's permanently deleted (with the
backup tail described in Section 1.6).
By us
We may terminate for material breach of these Terms — typically with 14 days' notice and
an opportunity to cure. We may terminate immediately for severe violations: illegal content,
fraud, security threats, or repeated breach after warning.
What survives
Sections on intellectual property, confidentiality, warranty disclaimers, limitation of
liability, and governing law survive termination.
Section 2.9Warranties & limitation of liability
Liability is capped at fees paid in the prior 1 month
We provide the Service "as is" and "as available". To the maximum extent permitted by
law, we disclaim implied warranties of merchantability, fitness for a particular purpose,
and non-infringement. Our total liability for any claim is limited to the fees you
paid us in the 1 month preceding the claim.
We are not liable for indirect, consequential, incidental, or punitive damages — lost
profits, lost data (where data could have been backed up by you or restored from our 90-day
backup window), loss of business opportunity. Nothing in these Terms limits liability that
cannot be limited under EU consumer protection law.
Indemnity
We'll defend you against third-party IP claims that the Service itself (not your use of it,
not your inputs) infringes their rights. You'll defend us against claims arising from your
content, your code, or your customers' use of your applications.
Section 2.10Governing law & disputes
These Terms are governed by Portuguese law. Disputes will be resolved by the courts of
Aveiro, Portugal — except that EU consumers retain the right to bring
proceedings in the courts of their habitual residence under Regulation (EU) No 1215/2012.
Before going to court, we ask you to email
legal@weezzi.com so we can try to resolve
the issue directly. Most disputes get sorted in a couple of emails.
Cookies are small text files placed on your device by the websites you visit. They let
sites remember things — like that you're logged in, or which language you prefer.
Similar technologies (local storage, pixels, fingerprinting) work the same way for the
purposes of this policy.
Under the ePrivacy Directive and GDPR, we ask for your consent before setting any cookie
that isn't strictly necessary for the Service to function. "Reject all" is one
click — exactly the same as "Accept all".
Section 3.2Cookie categories
Toggle each category to see what we use it for and what would change if you turned it off.
Strictly necessary always on
Required for login, security, fraud prevention, and load-balancing.
Without these, the site doesn't work.
weezzi_session · csrf_token · cf_clearance
Functional
Remember your preferences — interface language, theme, last-opened project.
Optional but make the experience smoother.
weezzi_locale · ui_theme · last_project
Analytics
Help us understand which features are used and where people get stuck.
We use Plausible — privacy-friendly, EU-hosted, no cross-site tracking.
_pa · plausible_ignore
Marketing
Measure the effectiveness of our content and ads, and remember if you've already
seen our newsletter prompt. We don't run retargeting ads — these are limited to
attribution.
utm_source · _mkto_trk
Section 3.3Your preferences are stored locally
Your cookie choices are saved in a single cookie (weezzi_consent) that we
read on every visit. You can change them at any time — open this page, toggle, save.
Choices expire after 12 months, after which we'll ask again.
Section 3.4Third-party cookies
We don't use them. Every cookie set on weezzibuilder.com is first-party,
served from our own domain, and used only for the purposes listed in
Section 3.2.
That means no advertising trackers, no cross-site profiling, no social-network buttons that
phone home before you click them, and no data brokers. If you've seen "Reject all" pages
with thirty vendors hiding behind a "Legitimate Interest" tab — this isn't one of them.
Embedded videos & payment widgets
On rare pages where we embed third-party content (e.g. a Stripe checkout iframe), the
third party may set its own cookies inside its own iframe. Those cookies belong to that
third party, not to us — they're governed by the embedded provider's privacy policy.
We avoid such embeds wherever a first-party alternative exists.
Section 3.5Browser controls
On top of our consent banner, all major browsers let you block, delete, or be notified
about cookies:
Chrome — Settings → Privacy and security → Cookies
Firefox — Preferences → Privacy & Security
Safari — Preferences → Privacy
Edge — Settings → Cookies and site permissions
We also honor the Global Privacy Control (Sec-GPC: 1)
header — if your browser sends it, we treat it as a "reject all optional" signal.
Section 3.6Changes to this policy
When we add or remove a cookie category, we'll update this page and re-trigger the
consent banner. We don't change cookie behavior silently.
Section 4.1Data Processing Agreement
When you use Weezzi to host applications that process personal data of your end users,
you are the data controller and Weezzi is the data processor
(or sub-processor, depending on your relationship with the data subjects).
Our standard DPA — incorporating EU Standard Contractual Clauses where applicable — is
available at /dpa.pdf and is automatically incorporated
into your subscription on Business, Studios, and Enterprise plans. Free and Pro plans:
request a signed DPA at
dpa@weezzi.com.
Section 4.2Sub-processor list
Live as of April 28, 2026. We notify customers 30 days before any addition.
Sentry (Functional Software)Error tracking · self-hosted EU instanceFrankfurt, DEEU/EEA
Section 4.3How we notify of changes
Subscribe to our RSS feed or email
dpa@weezzi.com
with subject "Subscribe" to be notified of new sub-processors. You'll receive 30 days'
notice before any change takes effect, and you may object — in which case we'll work
with you to find an alternative or, if none works, allow you to terminate without penalty.
Section 4.4Technical & organizational measures
Encryption — TLS 1.3 in transit, AES-256 at rest, KMS-managed keys
Access control — RBAC, MFA mandatory for staff, principle of least privilege
Network — VPC isolation per environment, no public Postgres endpoints
Certifications — SOC 2 Type I in progress (Q3 2026), ISO 27001 in flight
Section 4.5Personal data breach notification
If we become aware of a personal data breach affecting your data, we will notify you
within 48 hours, well within the 72-hour window required by GDPR Art. 33.
Notification will include the nature of the breach, categories and approximate number of
records affected, contact point for further information, and the measures taken or proposed.
Report a suspected breach to
security@weezzi.com —
PGP key on the security page.