Privacy policy

1) Who we are

WEM ("we", "us") operates the wem3.ai website and related services. The data controller for personal data described here is the entity operating the service; for questions, use the contact details on our contact page. For privacy-specific requests, email the same channel and include "Privacy request" in the subject.

2) Data we may collect

Depending on which features you use, we may process:

• Account and profile: identifiers and settings you provide (e.g. email, display name) when you sign in or use support.
• Wallet and on-chain data: public wallet addresses and transaction metadata when you connect a wallet or use on-chain features. Blockchains are public; we cannot erase data that is already recorded on chain.
• Product and shopping activity: searches, product views, cart and wishlist data stored in your browser, clicks on outbound retailer links, and technical metadata needed to attribute affiliate or native rewards where programs exist.
• Referral and campaign data: creator codes, UTM parameters, and cookies or local storage we use to remember attribution you requested (e.g. from a shared link).
• Support and communications: content you send to us (including contact forms and email) and related metadata.
• Security and device data: IP address, user agent, approximate region (derived), timestamps, and diagnostic data for fraud prevention, security, and service reliability.
• Payment data: when you use card or other payment methods, our payment providers process card and transaction data under their own terms; we do not store full card numbers on our servers.

3) How we use data (purposes)

We use personal data to:

• Provide, maintain, and improve the site and features you request.
• Authenticate sessions, protect accounts, and prevent abuse and fraud.
• Operate reward, referral, and creator programs where applicable, including accounting and disputes.
• Measure product usage in aggregate, fix bugs, and develop new functionality.
• Comply with law, respond to lawful requests, and enforce our terms.
• Communicate with you about the service, security, and (where allowed) product updates.

Where required by law (for example in the EEA, UK, or Switzerland), we rely on appropriate legal bases such as performance of a contract, legitimate interests that are not overridden by your rights, compliance with legal obligations, or consent for optional activities (e.g. certain non-essential cookies or marketing where you have opted in).

4) Optional affiliate and Sovrn / VigLink

We may participate in affiliate and link-partner programs. On deployments where the Sovrn Commerce (VigLink) script is enabled, that script helps identify or monetize eligible outbound product links in line with Sovrn’s terms. We only load that script after you opt in through our cookie choices (where available). Sovrn’s technology may set or read cookies and similar identifiers on your device; see our cookie notice and affiliate disclosure. For how Sovrn processes data, see Sovrn’s public policies.

Even without that script, retailers and affiliate networks you interact with may process data on their own sites when you leave WEM; we do not control their privacy practices.

5) Sharing and sub-processors

We may share data with:

• Infrastructure and hosting (e.g. cloud providers, CDNs) that store or process data on our instructions.
• Authentication and wallet providers (e.g. when you use third-party sign-in or wallet connect flows).
• Payment processors for card and alternative payment methods.
• Affiliate networks and retailers to attribute qualifying clicks or orders under program rules.
• Analytics and product tooling (only where enabled for your account or environment).
• Advisors, auditors, and authorities when required for compliance or legal process.

We use contractual and technical measures we reasonably can to require service providers to protect data.

6) International transfers

We may process data in the United States and other countries. Where the law requires safeguards for transfers out of your country, we use appropriate mechanisms (e.g. standard contractual clauses) where applicable.

7) Retention

We keep personal data only as long as needed for the purposes above, including legal, tax, and accounting obligations, fraud prevention, and dispute resolution. Retention periods vary by data type: for example, raw server logs may be kept for a shorter rolling window, while order or reward records may be kept longer where required. When we no longer need data, we delete or anonymize it where feasible.

8) Your rights and choices

Depending on your location, you may have rights to access, correct, delete, or port your personal data, to object to or restrict certain processing, and to withdraw consent where processing is based on consent. California residents may have additional rights under the CCPA/CPRA (e.g. to know categories of data collected, to delete, and to opt out of "sale" or "sharing" of personal information as those terms are defined in California law). We do not "sell" personal information in the conventional sense; some cookie-based or affiliate technology may be treated as a "share" under U.S. state law — use browser controls and our cookie options where provided.

To exercise rights, contact us via the contact page. We may need to verify your request. You may also lodge a complaint with your local data protection authority.

9) Children

The service is not directed at children under 16 (or the age required in your region). We do not knowingly collect personal data from children. If you believe we have, contact us and we will take appropriate steps.

10) Security

We use administrative, technical, and organizational measures designed to protect data. No method of transmission or storage is completely secure; we cannot guarantee absolute security.

11) Changes to this policy

We may update this page from time to time. The "Last updated" date at the top will change when we make material edits. Continued use of the service after changes means you acknowledge the updated policy where the law allows.