← Back to WovenBytes

Privacy Policy

Last updated: 7 July 2026

WovenBytes (“WovenBytes”, “we”, “us”, or “our”) operates wovenbytes.com and its associated products and services, including ethermem.ai and shebang.run (collectively, the “Services”). This policy explains what personal data we collect, why, how we use it, and the rights you have over it. We are the data controller for personal data processed through the Services.

1. Information we collect

2. How we use your information

Our legal bases under the GDPR are: performance of a contract (providing the Services you request), our legitimate interests (security and improvement), your consent (non-essential cookies), and legal obligation where applicable.

3. Cookies

We use only strictly necessary cookies required for the Services to function — for example, the session cookie set when you sign in. These are exempt from consent under the ePrivacy Directive. We do not set analytics, advertising, or tracking cookies. If we introduce any non-essential cookies in future, they will load only after you explicitly accept them via our cookie banner; you may decline and continue using the Services with essential cookies only. Your consent choice is stored locally in your browser.

4. Google user data

Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including its Limited Use requirements. We use your Google profile and email solely to authenticate you and identify your account. We do not sell this data, do not use it for advertising, and do not share it with third parties except as needed to provide the Services or as required by law.

5. Sharing & processors

We do not sell your personal data. We share it only with service providers who process data on our behalf to run the Services (for example, identity, hosting, storage, and content-delivery providers), under contracts that require appropriate safeguards. Some providers may process data outside your country; where required, we rely on lawful transfer mechanisms such as the EU Standard Contractual Clauses.

6. Data retention

We retain personal data only as long as necessary for the purposes above. Sign-in identifiers are kept while your account is active; server logs are retained for a limited period for security and diagnostics, then deleted or anonymised. You may request deletion at any time (see below).

7. Your rights

Depending on your location, you may have the right to access, correct, delete, restrict, or object to processing of your personal data, to data portability, and to withdraw consent. To exercise any of these rights, or to revoke the app’s access to your Google account, contact us at the address below (you can also revoke access directly in your Google Account permissions). You have the right to lodge a complaint with your local data protection authority.

8. Security

We apply technical and organisational measures appropriate to the risk, including encryption in transit, least-privilege access, and scoped credentials. No system is perfectly secure, but we work to protect your data and to respond promptly to any incident.

9. Children

The Services are not directed to children under 16, and we do not knowingly collect their personal data.

10. Changes

We may update this policy from time to time. Material changes will be reflected by the “Last updated” date above, and where appropriate we will provide additional notice.

11. Contact

Questions or requests regarding this policy or your data: [email protected].