Privacy Policy (GDPR)
Last updated: June 5, 2026
This policy describes data processing performed on the website weesperneonflow.ai (the "Site") and in the Weesper Neon Flow desktop application for macOS and Windows, including distribution via the Site and the Microsoft Store.
1. Data Controller
- THE BLUE HOUSE (SASU) – 7, rue d'Arsonval, 75015 Paris (France)
- Contact: support@weesperneonflow.ai
- (Data Protection Officer "DPO": Cyril Guilleminot)
2. Data Processed via the Site and Desktop Application
- Navigation and security: minimal technical data provided by your browser and network (e.g., truncated/masked IP address if implemented, user-agent, URL and referrer, timestamp) that may appear in our host's technical logs.
- Audience measurement: we use Simple Analytics, a cookie-free tool without personal data, which provides only aggregated statistics (e.g., page views, traffic sources, UTM, timezone as country proxy, browser type). No data allowing identification is collected by this tool.
- Contact: if you write to us at support@weesperneonflow.ai, we process your email address and message content to respond to your request.
- Advertising/retargeting (optional): with your consent, we may enable advertising tags (e.g., LinkedIn Insight Tag, Meta Pixel, X Ads). These tags may set/access trackers and enable advertising retargeting.
- Local voice processing: the desktop application records audio only when you intentionally use the dictation shortcut. Speech recognition runs locally/offline on your device; audio, transcripts, dictated text and clipboard contents are not sent to Weesper servers for transcription.
- Activation, trial and licensing: the email address entered in the application is validated, stored locally and sent to our licensing service to start the 15-day trial, verify subscription or lifetime access, and prevent abuse. Payment and billing data are handled by Stripe when you subscribe or buy a license.
- Optional product analytics: when enabled in the application, we may process an app-scoped random identifier, platform, operating system, app version, architecture, language, feature usage and performance events. We do not include audio, transcripts or dictated text in analytics events.
- Optional crash diagnostics: when enabled or where necessary to maintain the service, we may process sanitized error metadata such as app version, operating system, stack trace and technical context. We avoid collecting audio, transcripts, dictated text, email addresses and file contents.
3. Purposes and Legal Bases
| Purpose | Legal Basis | Details |
|---|---|---|
| Site security and maintenance (anomaly detection, anti-abuse) | Legitimate interest (art. 6-1-f GDPR) | Host technical logs and service protection. |
| Essential audience measurement (Simple Analytics, without cookies or identifiers) | Outside scope art. 82 LIL (no reading/writing on device) and no personal data (according to provider) | Aggregated statistics to improve the Site without individually tracking visitors. |
| Advertising/retargeting (LinkedIn, Meta, X) | Consent (art. 6-1-a GDPR) + art. 82 LIL | Loaded only after consent. You can refuse without impact on Site access. |
| Request management (email) | Legitimate interest (art. 6-1-f) or pre-contractual (art. 6-1-b) | Processing received messages and follow-up. |
| Local voice dictation and text insertion | Performance of the contract or legitimate interest in providing the requested feature | Audio and transcription are processed locally on your device; Weesper does not receive audio or dictated text for transcription. |
| Activation, 15-day trial, subscription and license checks | Performance of the contract or pre-contractual measures | Email-based access verification, trial status, subscription/lifetime entitlement and anti-abuse checks. |
| Optional product analytics | Consent or user choice in application settings | Product quality and reliability metrics without audio, transcripts or dictated text. |
| Crash diagnostics and service security | Legitimate interest in securing and maintaining the application, with user controls where available | Sanitized technical diagnostics used to detect crashes, regressions and abuse. |
4. Trackers and Similar Technologies
We display a consent banner allowing accept all / reject all and configure by purpose. You can withdraw your consent at any time via the "Cookie preferences" link displayed at the bottom of the page.
| Service | Provider | Purpose | Type | Duration | Active by default |
|---|---|---|---|---|---|
Important: as long as you do not accept the "Advertising" purpose, no advertising tag is loaded.
5. Recipients / Subprocessors
- Hosting: Netlify, Inc. (United States) – provides hosting and may log technical visit metadata (e.g., IP, user-agent) for security and Site operation.
- Audience measurement: Simple Analytics B.V. (Netherlands, EU).
- Advertising (if consented): LinkedIn Ireland Unlimited Company, Meta Platforms Ireland Ltd, X Corp./Twitter International Unlimited Company (depending on activated tags).
- Licensing infrastructure: Cloudflare, Inc. – hosts the licensing worker and related storage used to verify trial and license status.
- Payments: Stripe, Inc. and Stripe Payments Europe, Ltd. – process subscription, one-time purchase, customer portal and invoice data.
- Product analytics: PostHog, where enabled, for privacy-conscious product and reliability analytics.
- Crash diagnostics: Sentry, where enabled or necessary, for sanitized crash and error diagnostics.
- Application updates: GitHub, Inc. and related release hosting may serve public update metadata and downloadable installers.
6. Non-EU Transfers
- As Netlify is a US company, some technical data related to hosting may be transferred to the United States. Standard contractual clauses (SCC) and complementary measures are used by the host.
- Advertising solutions (LinkedIn/Meta/X), if activated, may involve international transfers according to their policies. These transfers are based on your consent and guarantees implemented by these providers (SCC, etc.).
- Cloudflare, Stripe, GitHub, PostHog and Sentry may involve international transfers depending on their infrastructure and your location. Where required, these transfers rely on appropriate safeguards such as standard contractual clauses, adequacy decisions or equivalent provider commitments.
7. Retention Periods
- Technical logs: retained for a limited period necessary for security/diagnostics (short duration).
- Received emails: time to process the request, then according to legal obligations/dispute management.
- Statistics (Simple Analytics): aggregated data without identifier.
- Advertising: according to each platform's settings and until withdrawal of your consent.
- Local application data: retained on your device until you delete it, reset the application or uninstall it, subject to operating system behavior.
- License and trial data: retained for the duration necessary to provide access, prevent abuse, manage subscriptions and comply with accounting or legal obligations.
- Product analytics: retained for a limited period needed to monitor product quality and reliability, then aggregated or deleted.
- Crash diagnostics: retained for a limited diagnostic period, then deleted or aggregated.
8. Your Rights
You have rights of access, rectification, erasure, limitation, objection, and portability when applicable. You can also withdraw your consent at any time for "Advertising" purposes and disable optional analytics or crash diagnostics from the application settings where available.
To exercise your rights: support@weesperneonflow.ai. You can also file a complaint with your data protection authority.
9. Security
We implement reasonable technical and organizational measures to protect the Site and the application (access controls, TLS, anomaly monitoring, regular updates, tag minimization, local-first speech processing, and minimization of diagnostics).
10. Minors
The Site and application are not intended for children under 15.
11. Modifications
This policy may evolve. Any update will be published on this page with the last modification date.
Annex – Transparency by Provider
- Simple Analytics: Privacy policy / compliance, EU location (NL), no cookies and no personal data.
- LinkedIn Insight Tag: Cookie policy and marketing documentation.
- Meta (Facebook) Pixel: Consent requirements, privacy policy.
- X (Twitter) for Business: GDPR pages, privacy policy.
- Cloudflare: licensing worker and technical infrastructure used to verify trial and license status.
- Stripe: payment, subscription, customer portal and invoicing processor.
- PostHog: optional product analytics without audio, transcripts or dictated text.
- Sentry: optional or necessary crash/error diagnostics with sanitized technical metadata.
- GitHub Releases: public update metadata and installer hosting where applicable.