Legal

Terms of Service and Privacy Policy

This page is Wehaven's complete legal document, including Terms of Service and Privacy Policy in one place.

Last updated and effective date: March 29, 2026

Terms of Service

These Terms of Service govern your use of Wehaven websites, applications, and related services. By using Wehaven, you agree to these terms.

You must be at least 18 years old or the legal age of majority in your jurisdiction to use Wehaven.

Rules and conduct

  • Do not use Wehaven in violation of law or third-party rights.
  • Do not upload abusive, exploitative, fraudulent, or unlawful content.
  • Do not bypass security, scrape restricted data, or reverse engineer protected systems.
  • Do not use Wehaven as a substitute for emergency or clinical mental health care.

AI-assisted outputs

Wehaven may provide AI-assisted drafts and suggestions. Outputs may contain mistakes and may not fit your context. You remain responsible for reviewing and deciding what to share.

Fees, suspension, and termination

Paid features, if offered, are billed under the terms shown at checkout. Unless required by law, fees are generally non-refundable after service access starts.

Wehaven may suspend or terminate access for legal, safety, abuse, or security reasons.

Limitation of liability and disclaimers

The service is provided on an "as is" and "as available" basis. To the maximum extent permitted by law, Wehaven disclaims implied warranties and limits liability for indirect, incidental, and consequential damages.

Disputes and governing law

  • These terms are governed by the laws of Singapore, excluding conflict-of-laws rules.
  • Before arbitration, each side must first attempt informal resolution for 30 days.
  • If unresolved, disputes are settled by confidential, binding arbitration seated in Singapore, in English, before one arbitrator.
  • Each side brings claims only on an individual basis, not class or representative basis.
  • Either side may seek interim injunctive relief in courts of competent jurisdiction to protect rights pending arbitration.

Privacy Policy

This Privacy Policy describes how Wehaven collects, uses, stores, shares, and protects personal information across our website, app, and support channels.

Privacy boundary

Private reflections are not shown to your partner by default. Partner-visible content is shared only when you explicitly approve it for sharing.

AI processing and model training

  • We do not use your content to train Wehaven models.
  • Third-party AI providers may process submitted content only to generate requested outputs for Wehaven, under contractual data-protection restrictions.
  • We do not use human reviewers to manually review private reflection content.

Data controller and contact details

The data controller is the legal entity operating Wehaven on this domain ("Wehaven Operator"). For controller identity details, legal notices, and privacy questions, use our contact page.

If you need identity verification for a privacy request, we may ask you to confirm control of the email address associated with your Wehaven interaction.

Information we collect

  • Identity and contact data: email and related support metadata.
  • User-submitted data: form messages, feedback, and support content.
  • Usage data: events, page views, browser/device details, and IP logs.
  • Operational data: diagnostics, abuse-prevention signals, and security logs.
  • Payment metadata: processor event IDs and billing status when paid plans are used.

How we use information

  • Provide and maintain the service and requested features.
  • Respond to support requests and service inquiries.
  • Detect abuse, prevent fraud, and maintain security.
  • Measure performance, reliability, and product quality.
  • Comply with legal obligations and enforce terms.

Lawful bases for processing

  • Contract: to provide requested features and support.
  • Legitimate interests: to secure, improve, and analyze service operations.
  • Consent: where required for optional communications or consent-driven tracking.
  • Legal obligation: to satisfy compliance and lawful requests.

Processors and third parties

We share data only when needed to operate Wehaven, subject to contractual safeguards.

  • Infrastructure and database providers.
  • Analytics and telemetry providers.
  • Payment processors for billing transactions.
  • Customer support and communication tooling.
  • Legal and compliance services when required.

A current processor inventory can be requested through our contact page.

Retention schedule

We delete or de-identify personal data on fixed schedules unless longer retention is required by law.

  • Contact form submissions: deleted within 24 months after last user interaction.
  • Support correspondence: deleted within 24 months after case closure.
  • Analytics event data: deleted within 14 months.
  • Security and access logs: deleted within 12 months.
  • Billing and tax records: retained for 7 years only where legally required.
  • Suppression and opt-out records: retained only as needed to honor preferences.
  • Backups: overwritten or deleted within 90 days of production deletion events.
  • User deletion requests: completed within 30 days, unless law requires retention.

Cross-border transfers

Data may be processed outside your country. Where required, Wehaven relies on recognized safeguards that may include Standard Contractual Clauses, adequacy decisions, or equivalent legal mechanisms.

Rights request workflow and timelines

  • Submit requests through our contact page.
  • We aim to acknowledge requests within 10 calendar days.
  • We verify identity using account or request-linked email controls.
  • We support access, correction, and deletion requests through this workflow.
  • We support portability requests where data can be exported in a technically feasible format.
  • We aim to respond within statutory timelines (for example 30 days GDPR, 45 days CCPA).
  • Where permitted by law, we may extend response windows with notice.
  • If we deny a request, we explain the reason and available appeal options.

Cookies and tracking controls

We use cookies and similar technologies for essential service operation, performance analytics, and abuse prevention.

  • Essential cookies support core site and security functions.
  • Analytics cookies help us understand feature usage and reliability.
  • You can control cookies through browser settings and consent tools where available.

California notice and Global Privacy Control

Wehaven does not sell personal information for money. We also do not intentionally enable cross-context behavioral advertising using personal information in ways that are treated as a "sale" or "share" under California law.

Where technically supported and legally applicable in production, Wehaven will treat Global Privacy Control (GPC) signals as opt-out preference signals for relevant browser/session contexts.

We support California rights requests through our contact workflow, including access, correction, deletion, and non-discrimination rights, subject to legal verification and exceptions.

Children's privacy

Wehaven is not directed to children under 13 and does not knowingly collect personal information from children under 13.

Regulator complaint options

You may lodge complaints with your local data protection authority. For EEA users, this may be your country supervisory authority. For UK users, this may be the ICO.

California residents may also contact the California Privacy Protection Agency or California Attorney General as appropriate.

Changes to this legal document

We may update this legal document from time to time. Material changes are reflected by updated effective date and version entry below.

Version history

  • Version 2.0, March 29, 2026: Expanded privacy disclosures, rights workflow, and retention schedule.
  • Version 1.0, March 28, 2026: Initial combined legal page for Wehaven.

Contact us

For legal and privacy requests, submit through our contact page.