PocketIntel

Privacy Policy

Effective Date: March 24, 2026

Last Updated: March 24, 2026

WeaveHub ("we," "us," or "our") operates the PocketIntel mobile application and website (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use PocketIntel.

By using PocketIntel, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please do not use the Service.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Name — provided through Apple Sign-In, Google Sign-In, or email registration
  • Email address — provided through Apple Sign-In, Google Sign-In, or email registration

We support Apple Sign-In (including the "Hide My Email" option), Google Sign-In, and email registration. When you use Apple's "Hide My Email" feature, we only receive the relay email address Apple provides.

1.2 Preferences

You may customize your intelligence feed by selecting:

  • Industry sectors of interest
  • Vendors and technologies to track
  • Threat types to monitor

These preferences are stored to personalize your feed and are associated with your account.

1.3 Device Information

We collect the following device-related information to operate the Service:

  • Push notification token — to deliver push notifications via Apple Push Notification service (APNs)
  • Device identifier — to associate your device with your account
  • API key — automatically generated for authenticating API requests

1.4 Usage Data

We collect information about how you interact with the Service:

  • Read status — which feed items you have viewed
  • Bookmarks — which feed items you have bookmarked

1.5 Analytics and Crash Reporting

We use the following third-party services for analytics and stability monitoring:

  • Firebase Analytics (Google LLC) — collects anonymous usage data such as screen views, session duration, and feature engagement. Firebase Analytics does not collect personally identifiable information. See Google's Privacy Policy.
  • Firebase Crashlytics (Google LLC) — collects crash reports including device state, stack traces, and device identifiers to help us diagnose and fix app issues. See Firebase Crashlytics Data Collection.

1.6 Information We Do NOT Collect

We do not collect:

  • Location data or GPS coordinates
  • Contacts or address book information
  • Browsing history outside the app
  • Financial or payment card information (payments are processed entirely by Apple and Google)
  • Health or biometric data
  • Photos, videos, or media files

2. How We Use Your Information

We use the information we collect to:

  • Provide the Service — deliver personalized cybersecurity threat intelligence based on your preferences
  • Send notifications — alert you to relevant threats and intelligence updates via push notifications
  • Improve the Service — analyze anonymous usage patterns to improve features and user experience
  • Maintain stability — diagnose and fix crashes and technical issues
  • Manage your account — authenticate you and maintain your subscription status
  • Process subscriptions — verify subscription status through the Apple App Store and Google Play Store

We do not use your information for advertising. We do not sell, rent, or trade your personal information to third parties.

3. AI-Generated Content

PocketIntel uses artificial intelligence (OpenAI GPT-4o-mini and Meta Llama 3.1, hosted via Cloudflare AI Gateway and Cloudflare Workers AI) to:

  • Summarize cybersecurity articles from public sources
  • Extract structured data including CVE identifiers, indicators of compromise (IOCs), severity ratings, and affected vendors
  • Classify threat types and affected sectors

Important disclaimer: AI-generated summaries and extracted data may contain inaccuracies. Always verify critical information against the original source articles linked within each intel item. PocketIntel does not fabricate data — the AI extracts and summarizes only what is present in the source material. However, AI processing may occasionally misinterpret or omit information.

4. Data Sources

PocketIntel aggregates cybersecurity intelligence from over 70 publicly available sources including RSS feeds, public APIs, and Mastodon feeds. All intelligence content is derived from publicly available information and is not considered user data.

5. How We Share Your Information

We do not sell your personal information. We may share information only in the following circumstances:

5.1 Service Providers

We use the following service providers to operate PocketIntel:

  • Cloudflare, Inc. — API hosting, AI Gateway, database (D1). Data shared: account data, preferences, usage data.
  • Apple Inc. — App distribution, subscription processing, push notifications. Data shared: subscription verification, push tokens.
  • Google LLC — App distribution (future), Firebase Analytics, Crashlytics. Data shared: anonymous analytics, crash reports.
  • OpenAI — AI content summarization (via Cloudflare AI Gateway). Data shared: none — only public source content is processed, no user data is sent to AI models.
  • Meta (Llama) — AI content tagging and extraction (via Cloudflare Workers AI). Data shared: none — only public source content is processed.

5.2 Legal Requirements

We may disclose your information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of WeaveHub, our users, or the public.

5.3 Business Transfers

If WeaveHub is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via the app or email before your information becomes subject to a different privacy policy.

6. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service:

  • Account information — retained until account deletion
  • Preferences — retained until account deletion
  • Device information — retained until account deletion or device deregistration
  • Usage data — retained until account deletion
  • Analytics data — as governed by Firebase's retention policies (typically 14 months)
  • Crash reports — as governed by Crashlytics' retention policies (typically 90 days)

7. Account Deletion

You may delete your account at any time through Settings > Account > Delete Account.

When you delete your account, we permanently delete:

  • Your account information (name, email)
  • Your preferences
  • Your device registrations and push tokens
  • Your usage data (read status, bookmarks)
  • Your API keys

Account deletion is irreversible. Some anonymized, aggregated data that cannot be used to identify you may be retained for analytics purposes.

8. Data Security

We implement appropriate technical and organizational measures to protect your information, including:

  • All data is transmitted over HTTPS/TLS encryption
  • API keys are generated per-device and can be rotated
  • Authentication tokens are securely managed
  • Data is stored in Cloudflare's infrastructure with enterprise-grade security
  • We follow the principle of data minimization — we only collect what is necessary to provide the Service

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

9. Your Rights and Choices

9.1 All Users

All users may:

  • Access your data — view your account information and preferences within the app
  • Update your data — modify your name, preferences, and notification settings
  • Delete your account — permanently delete all associated data (Settings > Account > Delete Account)
  • Control notifications — enable or disable push notifications through your device settings or within the app
  • Control analytics — disable Firebase Analytics through your device settings

9.2 California Residents (CCPA)

If you are a California resident, you have the following additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know — request information about the categories and specific pieces of personal information we have collected
  • Right to Delete — request deletion of your personal information
  • Right to Opt-Out — we do not sell personal information, so this right does not apply
  • Right to Non-Discrimination — we will not discriminate against you for exercising your privacy rights

To exercise these rights, contact us at privacy@weavehub.app or use the account deletion feature in the app.

9.3 European Economic Area Residents (GDPR)

If you are located in the European Economic Area, you have the following rights under the General Data Protection Regulation (GDPR):

  • Right of Access — request a copy of your personal data
  • Right to Rectification — request correction of inaccurate personal data
  • Right to Erasure — request deletion of your personal data
  • Right to Restrict Processing — request limitation of processing
  • Right to Data Portability — receive your personal data in a structured, machine-readable format
  • Right to Object — object to processing based on legitimate interests
  • Right to Withdraw Consent — withdraw consent at any time where processing is based on consent

Our legal basis for processing personal data is:

  • Contract performance — to provide the Service you have requested
  • Legitimate interests — to improve the Service and maintain security
  • Consent — where you have opted in to optional features such as push notifications

To exercise these rights, contact us at privacy@weavehub.app. We will respond within 30 days.

10. International Data Transfers

PocketIntel is operated from the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate.

By using PocketIntel, you consent to the transfer of your information to the United States and other jurisdictions that may not provide the same level of data protection as your home country.

For EEA users, data transfers are conducted in compliance with GDPR requirements, including the use of Standard Contractual Clauses where applicable.

11. Children's Privacy

PocketIntel is not directed to children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child, we will take steps to delete that information promptly.

If you believe a child has provided us with personal information, please contact us at privacy@weavehub.app.

12. Third-Party Links

PocketIntel may contain links to third-party websites and services (such as the original source articles for intelligence items). We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies before providing any information.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated policy in the app and on our website
  • Updating the "Last Updated" date at the top of this policy
  • Sending a push notification for significant changes (if you have notifications enabled)

Your continued use of PocketIntel after changes are posted constitutes your acceptance of the updated Privacy Policy.

14. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us:

WeaveHub

Email: privacy@weavehub.app

Website: https://weavehub.app

For GDPR-related inquiries, you may also contact our data protection representative at privacy@weavehub.app.

15. DMCA Agent

WeaveHub's designated agent for receiving DMCA takedown notices is registered with the U.S. Copyright Office under registration number DMCA-1070757.

To submit a DMCA takedown notice, contact: dmca@weavehub.app