Privacy Policy

The controller for Weakpoint is Solemax, the Dutch Eenmanszaak (sole proprietorship) that operates the product from Rotterdam, Netherlands. Privacy contact: privacy@weakpoint.ai.

Last updated: 21 April 2026.

• Account, authentication, and session data needed to sign users in and secure access.
• Workspace activity, such as saved weakpoints and entitlement state.
• Billing and subscription records needed to process payments, manage renewals, and handle refunds or disputes.
• Operational and security logs used to keep the service stable and prevent abuse.
• Contact details and message contents if someone emails us.
• Publicly available source material and citation metadata used to build weakpoints and briefs.

• To provide the map, briefs, saves, and account-linked product features.
• To authenticate users, enforce access controls, and prevent abuse or fraud.
• To process subscriptions, payments, billing administration, and customer support.
• To operate, debug, improve, and secure the service.
• To respond to support, legal, or privacy requests.
• To organize publicly spoken pain into cited, legible weakpoints.

• Contract: where processing is necessary to provide the service a user asks for, such as account access, saved items, and entitlement checks.
• Legitimate interests: for security, abuse prevention, service reliability, product maintenance, and communicating with users.
• Consent: only where consent is legally required, for example if non-essential cookies or similar tracking technologies are introduced later.

Weakpoint may process data from publicly available online sources to identify, cluster, summarize, and cite voiced problems. This can include URLs, excerpts, publication metadata, and source context.

Where personal data was not collected directly from the person concerned, Weakpoint may rely on the transparency framework in Article 14 GDPR, including the disproportionate-effort exception where applicable. In those cases, this public privacy notice is one of the measures used to make the processing transparent.

Weakpoint shares data only where needed to run the service, secure it, or comply with law.

• Clerk: authentication, session management, and account security
• Vercel: frontend hosting and delivery
• Railway: backend hosting, database infrastructure, storage, and operational logging
• Stripe: payment processing, billing, and related financial transaction records
• Cloudflare: DNS, email routing, and edge/network security services

Some service providers may process data outside the European Economic Area. Where that happens, Weakpoint expects appropriate safeguards to be used, such as adequacy decisions or standard contractual clauses, as applicable.

• Account and workspace data are kept for as long as the account remains active, unless longer retention is legally required.
• Operational logs are kept only for as long as they are needed for security, troubleshooting, and audit purposes.
• Support correspondence may be retained for follow-up, recordkeeping, and legal defense.
• Public-source evidence records may be retained while they remain relevant to the service, citation integrity, or legal obligations.

Depending on the circumstances, people may have the right to request access, correction, deletion, restriction, objection, and data portability, and to withdraw consent where processing is based on consent.

Privacy requests can be sent to privacy@weakpoint.ai. People also have the right to lodge a complaint with the Autoriteit Persoonsgegevens.