Wetips Privacy Policy

Last Updated: April 21, 2025

Introduction

BauhiniaAI (“we”, “us”, or “our”) values your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use Wetips, our AI-powered desktop software that assists with chat replies. It also describes your rights and choices regarding your personal information.

Wetips is designed with privacy in mind. We want to be transparent about our data practices. In summary, Wetips does not store the content of your chats on our servers, and we do not use your data for advertising or user profiling purposes . The chat content that Wetips processes is transmitted securely to our AI partner (e.g., OpenAI) solely to generate reply suggestions, and neither we nor our partners use that content to train machine learning models without your consent . Only RAG files are stored on clouds. We collect only the information needed to provide the service (such as your email for account registration and data required for the AI to function) and to comply with legal or billing obligations.

This Privacy Policy applies to the Wetips application and any related services provided by BauhiniaAI. It does not cover any third-party services (like messaging platforms or AI providers) except to explain how Wetips interacts with them. For information on those services’ data practices, please refer to their respective privacy policies.

Data Controller: For the purposes of data protection laws (like the GDPR), BauhiniaAI is the “data controller” of your personal data processed through Wetips. BauhiniaAI is a company based in Hong Kong. Our contact information is provided at the end of this policy. If you have any questions about this Privacy Policy or our data practices, you can reach out to us.

By using Wetips, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Service. We may update this Privacy Policy from time to time (see the “Changes to this Privacy Policy” section below), and we will notify you of any significant changes.

Information We Collect

When you use Wetips, we may collect or process the following categories of information:

  1. Account Information: When you register for Wetips, we collect your email address. We use this to create and manage your account, send you verification codes for login, and communicate with you about the service. We do not require you to create a password – authentication is done via codes sent to your email, so keeping your email secure is important. We also assign an internal user ID to your account for technical purposes. If you subscribe to a premium plan, we will record your subscription status, the type of plan, and billing details such as the start and end date of your subscription, and transaction IDs. Note: Payment information (like credit card numbers or billing addresses) is handled by our payment processor and generally not stored by BauhiniaAI (see Payment Information below).
  2. Contacts or Identifiers in Chats: Wetips may temporarily access identifiers like the display name or username of the person you are chatting with, as part of reading the chat context. For instance, knowing that you are talking to “Mom” versus a work client might influence the tone of a suggestion. We do not store your contact names to our servers. We do not have a contacts database – any such identifier is used in the moment to generate a personalized reply and then discarded.
  3. Chat Content (Transient Processing): The core function of Wetips is to read the content of your ongoing chat conversations to generate relevant replies. This means Wetips will process the text of messages you receive and (in some cases) the text you type as a draft. This processing is done locally to identify context, and then relevant excerpts or the entire message content might be sent to the AI language model API (e.g., OpenAI) to produce a suggestion. We do not record or store the content of your messages on BauhiniaAI servers. The chat data is held in memory long enough to form a request to the AI and receive a response, and then it is not retained by us. For clarity: if your friend messages you “Hey, are we still meeting tomorrow?”, Wetips might send that text to the AI service to craft a reply, but BauhiniaAI’s servers do not keep a copy of that message or the reply. The AI service (OpenAI) also does not use it to train their model and retains it only short-term for abuse monitoring . (More on data sharing in a later section.)
  4. User-Provided Documents (RAG feature): Wetips allows you to upload or select documents to improve reply suggestions via retrieval-augmented generation. These documents could be files like PDFs, Word docs, text notes, or other resources you provide. Wetips will process the content of these documents to create an internal knowledge base (for example, converting them into text and generating embeddings or indexes for quick search). By default, document processing is done on clouds to optimize experience. If Wetips finds relevant information in your documents to help answer a question, it may include a snippet of that information in the prompt that is sent to the AI model (so the model can craft a more informed reply). That means small excerpts of your document could be sent to the AI API when necessary, treated the same way as chat content (transient processing). You have control – you can add or remove documents in Wetips at any time.
  5. Usage Data: We collect certain information about how you use Wetips to help us run the service and improve it, but we limit this to what is necessary and we do not use invasive tracking. Usage data may include: the number of suggestions you request, the features or modes of Wetips you use (e.g., if you frequently use the “polish my draft” feature), performance metrics (like response time, or if a request failed due to an error), and aggregate statistics (e.g., daily active users). We might also log events like login times, subscription status changes, or crashes. Importantly, our usage logs do not include the actual text of your chats or suggestions — they may contain metadata such as “user requested a suggestion at 3:00 PM and it succeeded (took X seconds)” but not “the suggestion content was ”. We do not record which specific words you typed or which suggestion you chose, only high-level events. We do not run any third-party analytics scripts, and we do not allow third-party tracking cookies or beacons in the app.
  6. Device and Technical Information: To ensure Wetips works correctly on your device, we may collect basic technical info, such as your device type (e.g., “Windows 10 PC” or “macOS 12.0”), device hardware identifiers (non-personal, such as model or chipset info), OS version, and Wetips app version. We might also collect your system’s locale or language setting (to better tailor suggestions or UI language). We do not collect precise geolocation data, phone number, contact lists, or other applications’ data. Wetips might detect whether certain permissions (like screen capture or accessibility access) are granted, since it can’t function without them, but that’s a binary setting (yes/no) and not personal data. We also may receive an IP address whenever Wetips communicates with our server (as is standard with any internet communication). We do not use IP addresses to determine your exact location, but we might infer a general region (e.g., country) to understand our user base distribution or for compliance (for example, applying EU data standards for EU IP addresses).
  7. Support and Correspondence: If you contact us for support, provide feedback, or otherwise communicate with us (via email or other channels), we will collect the information you choose to provide in that correspondence. This may include your email address, the content of your message, and any attachments or diagnostic information you send. We use this information solely to assist you and improve Wetips. For example, if you email us saying “Wetips isn’t working on Telegram chats,” we might ask you for more info and you might send a screenshot. Such information will be used to troubleshoot and will not be shared outside our support team except as necessary to resolve your issue.
  8. Payment Information: If you purchase a subscription, the payment is processed by a third-party (such as Stripe, PayPal, or an app store). BauhiniaAI itself does not collect your full payment card details. We might receive limited information from the payment processor indicating the status of a payment. For instance, we’ll know if a transaction succeeded or failed, the amount paid, and maybe a transaction/reference ID. We may also know the type of payment (e.g., Visa ending in 1234, expiration date, billing country) for record-keeping. We keep records of your purchases (date, amount, product) for accounting and support (like if you say “I was charged twice”), but we do not store sensitive financial information like credit card numbers or bank account numbers on our servers. Those are handled by the secure payment provider. If you require invoices, we might collect your billing contact information (like a name and address for the invoice), but that would be provided by you voluntarily for that purpose.

In all cases, we strive to minimize the personal data we collect. For example, we don’t ask for your name, phone number, or physical address just to use Wetips (only an email). We don’t access your contacts or calendars. We don’t snoop on unrelated information on your device — only the content relevant to providing the reply suggestions, and only with your permission.

How We Use Your Information

We use the information we collect for the following purposes:

  1. Providing and Operating the Service: The primary use of your information is to deliver the functionality of Wetips. This includes using your chat content to generate AI suggestions (we take the message content and feed it to the AI model to get a reply), using your email to authenticate you and let you log in, and using your documents (if provided) to retrieve relevant context for better suggestions. Essentially, without processing your data in these ways, Wetips cannot fulfill its purpose. We also use your information to maintain the Service’s performance – for instance, your usage data helps us ensure the service is running within capacity and to apply your usage limits or subscription benefits appropriately.
  2. Service Improvements and Development: We may use aggregated and anonymized usage data to understand how Wetips is used and where we can improve. For example, if we see that a particular feature is rarely used, we might investigate why, or if the system logs show frequent failures or errors, we will work on fixes. We might analyze common usage times to optimize our systems for load. Importantly, when we look at usage data for improvements, we do not focus on individual user behavior except in troubleshooting specific support issues – rather, we look at broad trends. If we ever want to analyze individual chat content to improve our AI (for example, learning common phrases or corrections), we would only do so after anonymizing the data or with explicit user consent, because our policy is not to retain or review your message content as a general practice.
  3. Customer Support: If you contact us, we will use your information (like your email and any info you provide about a problem) to help resolve your issue. We may keep a record of support communications to help with ongoing issues or future inquiries (for example, to recall previous troubleshooting steps). Support-related information will be kept confidential and only used to assist you and improve our support processes.
  4. Account Management and Communication: We use your email to send you important account-related messages. This includes the verification code emails for login, notifications about subscription status (e.g., reminders of an upcoming renewal or an expiration), and important security or privacy updates (for instance, if we update our terms or if there’s a security advisory). We might also send onboarding tips or announcements of major new features. However, we do not send promotional or marketing emails unrelated to the product without your opt-in. All communications will be in accordance with applicable law (for example, certain emails may be required as transactional or service announcements, and you may not be able to opt out of those if you maintain an account, aside from stopping use of the service).
  5. Enforcement and Security: We may use data (including usage logs and technical information) to monitor for fraudulent, abusive, or unlawful activity. For example, we keep an eye on our systems to detect if someone is attempting to circumvent quotas or if there are repeated failed login attempts (which could indicate a hacking attempt). If we detect possible Terms of Service violations or security risks, we may use relevant data to investigate and take appropriate action (such as logging the IP addresses involved in a DDoS attack or the sequence of actions leading to a bug or exploit). We also reserve the right to use data to enforce our User Agreement, such as using evidence of misuse in order to suspend an account.
  6. Billing and Administrative Purposes: For users with subscriptions, we use your information to manage billing (e.g., to know which features to enable for you, when to charge renewal fees, etc.). We may send receipts or invoice information to your email. If there’s an issue with your payment (like a failed charge), we’ll use your account info to notify you. We keep transaction records for accounting, auditing, and tax purposes as required by law.
  7. Legal Compliance: We may process and retain your information as necessary to comply with our legal obligations. For instance, if required by applicable law, we might retain certain financial records for a number of years, or we might have to respond to lawful requests by public authorities (such as to comply with national security or law enforcement requirements). If we receive a subpoena or court order affecting a user, we may need to use the data we have to comply (after verifying the legitimacy of the request). Additionally, under data protection laws, we may keep records of consents or requests (e.g., to document that you agreed to this Privacy Policy, or to log a request you made to delete your data and our compliance with it).
  8. Personalization (Limited): Wetips might use some information to personalize your experience. For example, it might use your system language or region to choose the language of suggestions or the writing style (e.g., British English vs. American English spelling). If you frequently correct suggestions in certain ways, Wetips might learn to adapt (though currently most learning is on the AI provider’s side, which, for the API, typically does not learn per user). We do not build marketing profiles, but we do want Wetips to feel tailored to you in benign ways, like remembering your preferences or usage history (stored locally or in your account settings) to serve you better.

Crucially, we do not use your data for any form of targeted advertising or selling of data. We do not have advertising in the app, and we do not rent or sell lists of user information. We do not profile you across other services. The data you provide stays within the scope of Wetips’ functionality and our service operations.

Additionally, if we ever want to use your information for a purpose that is materially different from those listed in this policy, we will update this Privacy Policy and, if required, request your consent.

If you are located in the European Economic Area (EEA), United Kingdom, or another jurisdiction that requires a legal justification for processing personal data, our legal bases for collecting and using your personal information described above are typically:

  1. Performance of a Contract: Most of our processing is necessary to perform the contract we have with you (the User Agreement) or to take steps at your request prior to entering into such a contract. For example, we need to process your chat content to provide the core Wetips service (generating replies), and we need your email to create your account and allow you to log in. When you subscribe, processing your subscription and providing premium features is part of our contractual obligation to you.
  2. Consent: In certain cases, we rely on your consent. For instance, by allowing Wetips access to your screen and chats, you consent to that processing of data, which is necessary for the service. If we ever request to send you optional communications (like a newsletter) or to use your data in a new way, we would ask for your consent and you can withdraw it at any time. Also, on first installation, Wetips may ask for your consent to this Privacy Policy and the data processing it entails (consistent with the concept of “by using the service you agree…”).
  3. Legitimate Interests: We process some data under the basis of legitimate interests pursued by us or a third party, balanced against your data protection rights. Our legitimate interests include improving our product, ensuring the security of our service, preventing abuse, and understanding how our service is used. For example, it’s in our legitimate interest to keep minimal logs to detect fraud or attacks. When we rely on legitimate interests, we consider and balance any potential impact on you (both positive and negative) and your rights. We do not use your data for activities where our interests are overridden by the impact on you (for example, we wouldn’t do extensive tracking of your behavior or sell your data, as that would not align with your interests or expectations).
  4. Legal Obligation: Where applicable, we process or retain data as necessary to comply with a legal obligation. For example, accounting regulations might require us to keep records of transactions; data protection laws require us to honor requests (like erasure) and keep a record that we did so; if a law enforcement request is properly issued, we may process data to comply.

If you have questions about the legal bases or want more detail on how we assess legitimate interests, you can contact us (details at the end of this policy).

How We Share Your Information

BauhiniaAI understands that your personal information is important, and we are careful about how and with whom we share it. We do not sell your personal data to third parties for their own marketing or advertising purposes . We only share information in the following circumstances:

  1. With AI Processing Service Providers: As described, the content of your chats and any relevant context must be shared with our AI partner (e.g., OpenAI) to generate a response. We send the minimum necessary data (usually the text of recent messages, your draft if any, and instructions for the model). The AI provider acts as a data processor on our behalf for this content. We have terms in place with them to ensure your data is handled securely and only for providing the service. For instance, OpenAI’s API terms commit that they will not use data sent via the API to train their general models and that they will retain it only for a short period to monitor for abuse . We may occasionally include a bit of metadata in the prompt to the AI (like “User is responding to their boss” to set tone), but similarly, that data is transient. We do not share your account identity (like your email or name) with the AI service; the AI service processes your content anonymously with regard to your personal identity (though technically IP addresses may be seen by them when our server or your app calls their API). Important: The AI provider is a separate entity – while they are obligated to protect your data per our contract and their policies, any data you submit is momentarily out of our hands and in theirs for processing. If they have a data breach or misuse (which we have no indication will happen, but hypothetically), that is something we would work with them and possibly authorities to address, but it’s not under BauhiniaAI’s direct control. We choose reputable providers to mitigate this risk.
  2. With Cloud Service Providers (Hosting): Wetips has backend components (such as servers that handle authentication, subscription management, sending emails, etc.). We may host these on third-party cloud infrastructure (for example, Amazon Web Services, Microsoft Azure, or Google Cloud). These providers essentially store data on our behalf (like our user database) or provide processing power. They are not allowed to access or use your data except as needed to run our services. We employ security measures (encryption at rest, etc.) to protect data on cloud servers. We also might use cloud functions or services to perform certain operations (like a content moderation service to filter out disallowed content from the AI, if any – currently not extensive, but if used, that might also involve sending data to that service in a controlled way).
  3. With Email Delivery Services: We use an email service to send verification codes and notifications (for instance, services like SendGrid, Mailgun, or similar). That means your email address and the content of the email (e.g., “Your Wetips code is 123456”) passes through that service. We limit these emails to necessary communications. Our email service providers are bound to handle that data securely and not to use it for their own marketing. We do not share your email with them for anything beyond sending our messages.
  4. With Payment Processors: If you enter payment information, you do so through our payment processor’s secure forms. The payment processor (e.g., Stripe, PayPal, App Store) receives your payment details directly. They may share some information back with us (like a confirmation of payment, last four digits of a card for reference, etc.). We will share with them information needed to process the payment, such as the charge amount, a description of the product (subscription type), and your email or user ID to correlate the payment. These payment companies are PCI-DSS compliant and authorized to process your financial data. They do not have the right to use your personal information for anything other than facilitating payment transactions and related compliance (e.g., fraud screening).
  5. With Service Providers and Contractors: BauhiniaAI may engage certain trusted third parties as service providers or independent contractors to perform functions and provide services to us (for example, software development contractors, analytics or error monitoring services, or customer support tools). These parties may have limited access to certain data, strictly for performing tasks on our behalf and under obligations similar to this Privacy Policy. For instance, we might use a crash reporting service that collects crash logs (which could include device info and anonymized user IDs when a crash happens). Or we might use a customer support platform to manage support tickets, which would naturally see the information you provide in a support request. In all cases, such providers are contractually bound to safeguard your data and only use it for the purposes of delivering their services to us.
  6. Business Transfers: If BauhiniaAI is involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, your information may be disclosed to an acquiring entity or other third-party as part of that transaction. We would ensure that any such entity is bound by confidentiality obligations and this Privacy Policy’s principles. If a transaction results in a material change in how your personal data will be handled, we will notify you and/or obtain any required consents.
  7. Legal Compliance and Protection: We may disclose your information when we believe in good faith that such disclosure is necessary to (a) comply with a legal obligation or a request from governmental authorities; (b) protect and defend the rights, property, or safety of BauhiniaAI, our users, or others; (c) investigate and defend ourselves against any third-party claims or allegations; or (d) stop or mitigate any illegal, unethical, or legally actionable activity. For example, if we receive a subpoena for user data and it’s legally valid, we might have to comply (after ensuring it’s properly handled). Or if someone’s actions are endangering our network (like a cyberattack), we might share relevant info with law enforcement. We will try to notify you about legal demands for your data, when allowed, so long as we have a way to contact you (email) and unless we are prohibited by law or it’s an emergency situation.
  8. Your Explicit Consent: Apart from the above, if we ever need to share your information for any other purpose, we will describe it to you and ask for your consent. For instance, if an opportunity arises for you to integrate Wetips with another service (and that requires sharing some data with that service), we would only do so if you opt-in to that integration.

Sharing with Safeguards: Whenever we share information with service providers or partners, we ensure via contracts that they provide at least the same level of privacy protection as we commit to here. We limit what they can do with the data — typically, they can only use it to perform services for us and cannot use it for their own purposes (especially not for advertising or selling data). We also require them to notify us and cooperate in the event of any security incident affecting your data.

We also want to emphasize that BauhiniaAI does not sell or rent your personal information. “Selling” in the context of privacy laws like the CCPA involves exchanging personal information for money or other value. We do not do this. We also do not share your personal information for cross-context behavioral advertising (the CCPA’s concept of “sharing”). Therefore, we do not include a “Do Not Sell or Share My Personal Information” link, because we don’t engage in those practices by default.

No Advertising or Tracking Services

Wetips does not use third-party analytics or tracking services that follow you across apps or websites. We do not display ads, and we do not share your data with advertisers. There are no advertising SDKs, no social media pixels, and no profiling cookies in Wetips. Any usage analytics we perform is done using first-party tools or open-source libraries and is focused on improving Wetips itself, not on marketing to you. We do not create marketing profiles of users or segment users by behavior for sale or ad targeting. In short, your data is used to serve you within Wetips, not to target you outside of it.

Data Security

We take reasonable and appropriate measures to protect the confidentiality, integrity, and availability of your personal information. These measures include:

  1. Encryption: Data in transit is protected by encryption. When Wetips communicates with our servers or with the AI provider, it uses HTTPS (TLS encryption) to encrypt the payload. Similarly, any sensitive data handled by our systems (like your email, or tokens for connecting to the AI API) are transmitted and stored in encrypted form. We follow industry standards to ensure data is encrypted both in transit and, where applicable, at rest.
  2. Access Controls: Access to personal data within our organization is restricted on a need-to-know basis. Only authorized personnel or contractors who require access to operate, develop, or improve the Service are given such access. For example, our developers may have access to anonymized logs for debugging, but not to raw personal data. Administrative access to databases and systems that store user data is limited and protected by strong authentication (e.g., multi-factor authentication).
  3. Employee and Contractor Obligations: All BauhiniaAI employees and any contractors with access to personal data are bound by confidentiality obligations. They are trained in data protection best practices and understand the importance of safeguarding user data. We take disciplinary measures (including termination and legal action) if any personnel are found violating user privacy.
  4. Security Testing and Updates: We regularly update Wetips and our backend systems to address security issues. We keep libraries and dependencies up-to-date. We may conduct periodic security audits, code reviews, and penetration testing (sometimes via third-party specialists) to identify and fix vulnerabilities. Our infrastructure is monitored for suspicious activities.
  5. Network and System Security: We deploy firewalls, intrusion detection systems, and other security technologies to prevent unauthorized network access. Our servers are kept in secure data centers that have their own physical and environmental security controls. We also segment our network and apply the principle of least privilege in system design.
  6. Backups and Recovery: We maintain secure backups of critical data (such as the user account database, minus ephemeral content which we do not store) to ensure we can recover from software errors or disasters. These backups are encrypted and stored in a secure manner. Backup data is subject to retention policies (not kept indefinitely) and is protected just like live data.
  7. Anonymization & Pseudonymization: Where possible, we anonymize or pseudonymize data to reduce privacy risk. For example, analytical data may be stored without direct personal identifiers. If we analyze patterns of suggestions, we might strip away any user-identifiable details first.
  8. No Unnecessary Collection: A security best practice is to not have what you don’t need. By not storing chat content and not collecting extraneous data, we inherently reduce the risk of a major data breach compromising that data. An attacker cannot steal what isn’t there. We focus on keeping secure the data we do need to store (like account info).
  9. Third-Party Security: We vet our key third-party providers for their security practices as well. For example, we choose reputable cloud providers with strong security track records and compliance certifications. We require that any service provider handling user data on our behalf also implements robust security measures.

Despite all these efforts, it’s important to note that no system is 100% secure. The internet by its nature carries risks, and even well-secured systems can potentially be compromised by unforeseen vulnerabilities or sophisticated attacks. While we strive to protect your personal data, we cannot guarantee absolute security. You should also play a part in protecting your data: for instance, keep your device secure, don’t share your verification codes, and be cautious of phishing attempts (BauhiniaAI will never ask for your login code or password via email – since we don’t use passwords – so treat any such request as suspicious).

In the unlikely event of a data breach that affects your personal information, BauhiniaAI will promptly notify the affected users and relevant authorities as required by law. We have an incident response plan in place to handle such situations, which includes identifying and fixing the vulnerability, determining the scope of impact, and communicating clearly with users on steps they should take to protect themselves.

Data Retention

We keep your personal data only for as long as necessary to fulfill the purposes for which it was collected, as described in this policy, and to comply with applicable laws. Different types of data are retained for different periods:

  1. Chat Content: As a rule, we do not retain the content of your chats. When Wetips processes a message to generate a suggestion, that message content is used in real time and not stored in our databases. Any transient copies residing in memory or logs are promptly discarded. We do not have an archive of your conversations on our servers. This means if you stop using Wetips or log out, we don’t have stored chat histories to delete – they were never saved. (Note: As mentioned earlier, the AI provider may temporarily retain the content it processed for a short window – e.g., OpenAI retains API data up to 30 days – but that retention is governed by their policy and is solely for trust and safety monitoring, not for training or long-term storage.)
  2. User Documents (RAG): Documents you provide to Wetips are stored on the clouds. Wetips might create an index or vector embedding of the documents to enable quick retrieval of info – these indexes are also stored on the clouds.
  3. Account Information: We retain your account information (like email and profile info) for as long as you have an active account with us. If you decide to delete your Wetips account, we will delete or anonymize your personal information (such as your email) within a reasonable time after your request, except for information we are required or permitted to retain by law. For instance, when you delete your account, we will remove your email from our active user database, but we might keep a record in a suppression list to make sure we don’t accidentally send you emails in the future, or keep log entries that mention your account ID for security/audit reasons (disassociated from personal details). If an account is simply inactive (not deleted), we might retain the data in case you return, unless we choose to purge it as part of routine maintenance after a very long period. We generally consider deleting accounts that have been completely inactive for an extended period (e.g., a few years) to minimize data retention, after attempting to reach out to the email on file.
  4. Subscription and Transaction Data: We retain financial transaction records and subscription history as long as required for financial reporting and audits, typically 7 years (as common in many jurisdictions for accounting records) unless local law requires a different period. This is to comply with tax laws and be able to address any billing disputes or refunds. However, these records would contain minimal personal data – usually just your email (or an internal user ID) and the transaction details (date, amount, product). Payment details like credit card info are not stored by us.
  5. Usage Logs: Basic server and application logs are generally kept for a short period. For example, logs that record each time you request a suggestion might be kept for a few weeks or months for troubleshooting and then automatically deleted or overwritten. Security-related logs (such as records of access to our systems, or logs of errors and crashes) may be retained longer, in some cases up to a year, to investigate incidents and ensure reliability. We aim not to keep detailed logs indefinitely. In many cases, log data is aggregated or summarized after a period, and raw logs are deleted.
  6. Backups: Our system backups might incidentally contain some of your data (like a backup of the user database with your email in it, or a log backup) and those might be retained for longer purely for disaster recovery. Backup files are typically retained for a set duration (for example, backups rotated on a 3-month cycle) and then older ones are deleted. We ensure backups are stored securely. If we restore from a backup, any user data that had been deleted in the interim and then resurrected by accident would be re-deleted as appropriate.
  7. Support Communications: If you communicated with us via support or feedback emails, we may retain those communications for as long as necessary to address your issue and maintain records of our support interactions. Typically, support emails don’t get systematically deleted unless requested; we might keep them for a couple of years in case you reach out again (for context). If you want your support emails deleted, you can request that specifically.
  8. Legal Retention: If we are under a legal obligation to retain data (for example, due to a hold in anticipation of litigation, government order, or an investigation), or if retention is advisable to protect our legal rights (e.g., keeping evidence of our Terms acceptance, or of a specific transaction), we will retain the data as needed despite the general retention schedules. We’ll ensure it’s securely protected and only used for the intended legal purpose.

Once the retention period expires or the purpose of processing has been fulfilled, we will securely dispose of or anonymize your personal data. For example, deletion may involve erasing data from our databases and instructing service providers to do the same. Anonymization might involve removing personally identifying fields (like replacing an email with a random ID) so the remaining data can’t be linked to you.

If you request deletion of your data, we will expedite the removal of your personal info from active systems and, where feasible, from backups (or ensure backups are not restored in a way that would reinstate your data). There may be a slight delay in deleting data from our servers and those of our providers until the request propagates and backups expire.

Your Rights and Choices

Depending on your jurisdiction, you have certain rights regarding your personal data. BauhiniaAI is committed to upholding these rights and has processes in place to enable you to exercise them. Below, we outline the rights of users in various regions:

Rights for Users in the European Union/EEA, UK, and Similar Jurisdictions (GDPR)

If you are located in the European Union, European Economic Area, United Kingdom, or other jurisdiction with similar data protection laws, you have specific rights under the GDPR and related laws. The GDPR grants data subjects the following rights :

  1. Right to Be Informed: You have the right to be informed about the collection and use of your personal data. This Privacy Policy is intended to provide you with that information, explaining what data we collect, why, how it’s used, and with whom it’s shared.
  2. Right of Access: You can request confirmation of whether we are processing your personal data, and if so, request a copy of that personal data, as well as additional information about how we process it. This is commonly known as a “Data Subject Access Request.” We will provide you with a copy of your data, usually free of charge (except if requests are manifestly unfounded or excessive, in which case a reasonable fee may be charged as allowed by law). Contact support@wetips.ai to process.
  3. Right to Rectification: If any personal data we hold about you is inaccurate or incomplete, you have the right to request its correction or completion. For instance, if your email address has changed or you notice a typo in the information we have on file, you can ask us to update it. Contact support@wetips.ai to process.
  4. Right to Erasure: You have the right to request deletion of your personal data in certain circumstances (this is also known as the “right to be forgotten”). You can request erasure, for example, if the data is no longer necessary for the purpose it was collected, if you withdraw consent (and no other legal basis for processing applies), or if you object to processing (and we have no overriding legitimate grounds), or if you believe we are processing your data unlawfully. Note that this right is not absolute – sometimes we may have legal grounds to retain data (e.g., for legal compliance). We will inform you if that is the case. Contact support@wetips.ai to process.
  5. Right to Restrict Processing: You can ask us to restrict (temporarily halt) the processing of your personal data in certain scenarios – for example, if you contest the accuracy of the data, during the period we are verifying its accuracy; or if you have objected to processing (see below) and we are considering whether our legitimate grounds override yours. When processing is restricted, we will still store your data, but not use it further until the restriction is lifted (unless for legal claims or protection of rights). Contact support@wetips.ai to process.
  6. Right to Data Portability: You have the right, in certain circumstances, to receive your personal data that you provided to us in a structured, commonly used, and machine-readable format, and to have that data transmitted to another controller, if technically feasible. This right applies when the processing is based on your consent or a contract and is carried out by automated means. For example, you could request a copy of data you provided (like all your account info and perhaps aggregated usage) to port to another service.
  7. Right to Object: You have the right to object to our processing of your personal data when that processing is based on legitimate interests (or public interest/exercise of official authority). If you object, we must stop processing unless we demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or if the processing is for the establishment, exercise, or defense of legal claims. You also have the absolute right to object to personal data processing for direct marketing purposes – however, note that BauhiniaAI does not use your data for direct marketing. Regarding profiling or automated decision-making: Wetips does not perform any automated decision making that produces legal or similarly significant effects on you (the AI suggestions are not decisions about you, they are content for you to consider sending).
  8. Right not to be subject to Automated Decision-Making: As noted, we do not subject users to decisions based solely on automated processing (including profiling) that have legal or similarly significant effects. The AI might profile the text you give it to some extent to generate a reply, but it’s not profiling you in a way that affects your legal rights or service access – it’s just generating content for you. If in the future we considered such automated decisions, we would inform you and ensure your rights to human review as per GDPR.
  9. Right to Withdraw Consent: In cases where we process your data based on consent, you have the right to withdraw that consent at any time. For example, if you consented to optional data collection or communications, you can change your mind. Withdrawing consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, and it won’t affect processing under other legal bases (like performance of contract). If you withdraw consent for something like screen access (by disabling permissions) or for sending data to the AI (by not using the feature), note that the functionality may no longer work.
  10. Right to Lodge a Complaint: If you believe we have infringed your privacy rights or processed your data unlawfully, you have the right to lodge a complaint with a supervisory authority in the EU/EEA (for EU users, typically your country’s Data Protection Authority) or the UK (the Information Commissioner’s Office, ICO) or other applicable regulator. We would appreciate the chance to address your concerns first by contacting us directly, but you are within your rights to contact the authorities at any time.

To exercise your rights, you may contact us at our designated contact (see Contact Information below). We may need to verify your identity before fulfilling certain requests, to ensure that we don’t disclose data to the wrong person or delete the wrong account. Typically, we will ask you to send the request from the email associated with your Wetips account or provide proof of identity. We will respond to your request within one month, as required by GDPR, though we may extend that period by an additional two months for complex requests (we will inform you if an extension is needed and why).

Please note that these rights are not absolute – there are conditions and exceptions in the law. If we cannot comply with a request in whole or in part, we will explain why (for instance, if you ask to delete data which we are legally required to keep, we’ll let you know that and what we can/cannot delete).

Rights for Users in California (CCPA/CPRA)

If you are a resident of California, you have rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). These include :

  1. Right to Know: You have the right to request that we disclose the personal information we have collected about you in the 12-month period preceding your request. This includes the categories of personal information collected, the categories of sources, the business or commercial purpose for collecting (or selling/sharing, if applicable) the information, the categories of third parties to whom we disclose personal information, and the specific pieces of personal information we have collected about you. Essentially, it’s similar to the access right – you can ask, “What do you know about me?” and we will provide the information, covering at least the last 12 months as mandated.
  2. Right to Delete: You have the right to request that we delete personal information we have collected from you (and direct our service providers to do the same), subject to certain exceptions. For example, we may not delete information needed to complete a transaction or provide a service you requested, to detect security incidents, to comply with legal obligations, or other reasons allowed by CCPA. In practice, if you request deletion, we will delete your account and associated personal data (email, etc.) unless an exception applies. If an exception applies, we will let you know (and will limit the data to that which we must keep).
  3. Right to Correct: Under CPRA, you have the right to request correction of inaccurate personal information that we maintain about you. If you believe any of your information is incorrect, let us know and we will rectify it (taking into account the nature of the information and purpose of processing).
  4. Right to Opt-Out of Sale or Sharing: You have the right to opt-out of the sale of your personal information or the sharing of your personal information for cross-context behavioral advertising. As mentioned, we do not sell personal information, nor do we share it for behavioral advertising, so there is no need to opt out in our case – we treat all users as already opted-out by default. We do honor signals like the Global Privacy Control (GPC) – if we detect such a signal from your browser, we interpret it as a general opt-out of sale/sharing, though again, we don’t engage in those practices currently.
  5. Right to Limit Use of Sensitive Personal Information: CPRA gives California residents the right to direct businesses to limit the use of “sensitive personal information” to certain permitted purposes. Sensitive PI under CPRA includes things like precise geolocation, account passwords, racial or ethnic origin, contents of mail/email unless the business is the intended recipient, etc. In Wetips, we do not collect much (if any) sensitive personal info as defined by CPRA. We do not collect government IDs, financial info (beyond facilitating payments externally), health or biometric data, or precise geolocation. The content of your chats could potentially include sensitive info (like if you discuss health or finances in a message) – but we treat all such content as private and only use it to provide the service, not for any secondary purpose. If you still wish to limit any theoretical use of sensitive personal info, you can contact us. By default, we do not use sensitive info except as allowed (to provide the service you requested, ensuring security, etc.), which is already in line with what CPRA permits without needing a special limitation request.
  6. Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights. This means we won’t deny you the Service, charge you different prices, or provide a lesser quality of service just because you exercised your privacy rights. However, do note that if you request deletion of data that is essential for the Service (like your account email or necessary usage data), that may result in us not being able to provide the Service (for instance, deletion of your account data means you can’t log in). This is not discrimination; it’s a consequence of the request. We will not do things like refuse to let free users exercise rights or throttle their service as punishment or anything of that sort.

Submitting Requests: If you are a California resident and want to exercise the Right to Know, Delete, or Correct, you (or your authorized agent) can contact us (see the Contact Information below) with your request. We will need to verify your identity to a “reasonable degree of certainty” (for Know/Correct) or a “reasonably high degree of certainty” (for Delete, which often requires stricter verification since deletion is sensitive). This often means verifying information we have on file (like responding from your registered email, or providing some other identifier we can match). If an authorized agent is making the request on your behalf, we may require proof of the agent’s authorization (e.g., a signed permission from you) and also verify your identity directly.

Once we receive a verifiable consumer request, we will respond within 45 days as required by CCPA. If needed, we may take an additional 45 days (90 days total) but if so, we will inform you of the reason for the delay. Our response will cover the preceding 12 months from the date of your request, as required. For deletion requests, we will specify what we have deleted or if we retained anything under an exception.

We do not charge a fee for these requests unless they are excessive or manifestly unfounded/repetitive. Typically, you are allowed two free requests to Know in a 12-month period under CCPA; beyond that, we might charge a small fee or refuse if repetitive, but we have not had such issues to date.

Other International Rights

Wetips is a global service, and we aim to respect privacy rights internationally. If you reside in a jurisdiction not explicitly mentioned above, you may still have rights under local law. For example, individuals in some countries have rights similar to GDPR rights (like in Brazil under the LGPD, or in Canada under PIPEDA you have rights to access and correction, etc.). We will honor legitimate requests to the extent required by applicable law. Even if not legally required, you can contact us with any privacy-related request or question, and we will try to accommodate it in the spirit of transparency and control.

For example, if you’re in Australia, you have rights to access and correction under the Privacy Act 1988 – you can request your data and correction, and we will provide it. If you’re in a country with data localization laws, note that our service operates in the cloud (with servers possibly in the US or elsewhere), but we always strive to comply with cross-border rules (see the next section on International Data Transfers).

We will not provide personal data to any government or law enforcement except in response to valid legal process. If any government (including authorities where we operate or where you live) directly requests user data, we either refuse or require them to go through proper legal channels (e.g., international treaty process if appropriate). Our policy is to be protective of user data and ensure any disclosure is legally compelled and narrowly tailored.

International Data Transfers

BauhiniaAI is based in Hong Kong, and we use servers and service providers that may be located in various countries (notably the United States and possibly others). This means that your personal data may be transferred to and processed in countries other than your own. These countries may have data protection laws that are different from (and potentially less protective than) the laws of your jurisdiction.

By using Wetips or providing information to us, you understand that your personal data may be transferred to our facilities and to those third parties with whom we share it as described in this policy, which may be in countries different from your own. We will take measures to ensure that your data is treated securely and in accordance with this Privacy Policy and applicable law. This can include seeking your explicit consent for the transfer in certain cases, or de-identifying data before transfer.

If you are in a country like Canada or Australia, your data will likely be stored outside of your country (e.g., in the U.S. or Asia). We comply with legal requirements for these transfers (for instance, Canadian data may be subject to lawful access by foreign courts/governments under their laws, but we protect it under contract and by choosing responsible partners).

We recognize that the landscape of international data transfers is evolving (with new regulations, adequacy decisions, etc.), and we monitor and adapt to remain compliant. If needed, we are prepared to suspend transfers or adjust practices to ensure data is protected (for instance, if a particular service provider could not meet EU standards, we would switch to one that can, or store/process EU data in the EU if required).

If you would like more information about our transfer mechanisms or have questions about cross-border data, you can contact us.

Children’s Privacy

Wetips is not intended for use by children. We do not knowingly collect personal information from individuals under the age of 13 (or the minimum age required by local law, if higher). Children under 13 (or under 16 in certain jurisdictions like the EU without parental consent) should not use Wetips, and we do not knowingly allow such individuals to register an account.

If you are a parent or guardian and you learn that your child under the applicable age has created a Wetips account or otherwise provided us with personal information, please contact us immediately. We will take steps to delete the account and any associated information as soon as possible. When deleting an account of a child, we may retain certain information insofar as it is necessary for legal purposes (for instance, keeping a record of the request or a hash of the deleted data to avoid re-collection).

We do not target any content or features of Wetips toward children. The service is designed for adult users (or teens with parental guidance) who are using messaging apps in personal or professional contexts.

If we ever decide to tailor a version of our service for a younger audience, we will do so with the necessary parental consent and protections and update this policy accordingly. But as of now, we avoid any data collection from minors.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make changes, we will update the “Last Updated” date at the top of this Privacy Policy. If the changes are significant, we will provide a more prominent notice (such as via the Wetips app or by email notification to registered users) explaining the changes.

Examples of significant changes might include: if we start collecting additional personal data not previously collected, if we change how we use data in a way that you might not expect, if we start sharing data with new types of third parties, etc. Minor changes that don’t materially affect your privacy (e.g., clarifying language, updating contact info) may be posted without specific notice, but still reflected in the Last Updated date.

We encourage you to review this Privacy Policy periodically. If you continue to use Wetips after a revised Privacy Policy has become effective, you are deemed to have accepted the current policy. Where required by law, we will seek your explicit consent to material changes that broaden how we use or share personal data (for instance, if a new law requires opt-in consent or if our changes effectively amount to processing beyond what you originally agreed to).

For historical reference, we may keep prior versions of this Privacy Policy and make them available upon request, so you can see what changed.

If you have any questions about any changes or need clarification, please reach out to us via the contact information below.

Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, you can contact us as follows:

  1. Email: support@wetips.ai
  2. Address: Bauhinia AI Ltd., ROOM 1505, 15/F., YU SUNG BOON BUILDING, 107-111 DES VOEUX ROAD, Central, Hong Kong SAR.

We will address your inquiries as promptly as possible. If you are contacting us to exercise a privacy right (such as accessing or deleting your data), please clearly state your request and provide sufficient information for us to verify your identity (e.g., the email associated with your Wetips account). For security and privacy, we might need to ask for additional verification info.

Your privacy is important to us, and we welcome your feedback. If you have suggestions on how we can improve our privacy practices or this policy, please let us know.

Thank you for trusting Wetips with your communication assistance. We are committed to keeping that trust by respecting and protecting your personal information.