Privacy Policy

Last updated: August 26, 2025

This Privacy Policy explains how Airweave (“Airweave,” “we,” “us,” or “our”) collects, uses, and shares information when you visit our website, use our services, or otherwise interact with us. We are a U.S.-registered company and operate primarily in the United States and the Netherlands, and our SaaS is accessible globally. This Policy applies to www.airweave.ai, our hosted application(s), APIs, SDKs, documentation, and related services (collectively, the “Services”).

By using the Services, you agree to this Privacy Policy. If you do not agree, please do not use the Services.

What We Do

Airweave provides an open-source and hosted platform that makes apps and data sources searchable for AI agents by syncing and transforming data from third-party tools and customer environments. Features include multi-tenant support, OAuth2 and API key integrations, automated and on-demand syncs, and a unified search layer. We also support Bring Your Own Data Stores configurations where customers retain control of storage. See our website for an overview of features and connectors at airweave.ai.

Roles and Responsibilities

  • Customer as Controller: For content and data you connect to the Services (e.g., data pulled from your third-party apps, databases, or file stores), you are typically the “data controller” (or equivalent) and Airweave acts as a “data processor” (or equivalent), processing personal data on your instructions to provide the Services.

  • Airweave as Controller: For our own business operations (e.g., account, billing, security logs, product analytics, marketing site), Airweave acts as an independent controller.

We make a data processing addendum (DPA) available on request for customers who require GDPR- or similar-compliant processor terms, including standard contractual clauses for international transfers where applicable.

Information We Collect

a) Information you provide

  • Account information (e.g., name, email, organization, role).

  • Workspace configuration (e.g., connected data sources, sync schedules, preferences).

  • Communications (e.g., support inquiries, feedback).

  • Billing information if you purchase paid Services.

b) Information we process on your behalf (Customer Data)

  • Data from integrated sources you connect via OAuth2, API keys, database credentials, or file connectors (e.g., documents, tickets, issues, messages, records, metadata).

  • Derived data and indexes generated to power search and agentic workflows.

c) Information we collect automatically

  • Usage and diagnostics (e.g., device, browser, IP address, timestamps, page views, API calls, performance metrics).

  • Cookies and similar technologies for sign-in, session management, and measuring usage.

d) Information from third parties

  • Identity providers (e.g., authentication assertions).

  • Payment processors (e.g., payment status, limited billing details).

  • Partners and service providers supporting the Services.

How We Use Information

To provide, operate, maintain, and secure the Services.

  • To sync, transform, and index Customer Data per your configuration and instructions.

  • To improve and develop features, performance, and usability.

  • To send transactional communications (e.g., security, updates) and—with consent or as permitted—product and marketing communications.

  • To comply with law, enforce terms, and protect rights and safety.

Legal Bases (EEA/UK)

Where GDPR or similar law applies, our legal bases include: performance of a contract (to provide the Services), legitimate interests (to improve, secure, and support the Services), consent (where required, e.g., certain cookies/marketing), and legal obligations.

Data Sharing

We share information with:

  • Service providers and subprocessors that help deliver the Services (e.g., hosting, storage, authentication, observability, billing).

  • Third-party tools you choose to connect (we act on your instructions).

  • Professional advisors (e.g., legal, accounting) under confidentiality.

  • Authorities where required by law or to protect rights and safety.

  • In connection with corporate transactions (e.g., merger, financing), subject to appropriate safeguards.

A list of material subprocessors is available upon request and will be updated as our service evolves.

International Data Transfers

We operate in the U.S. and the Netherlands and may process data in these and other jurisdictions. Where required, we use appropriate safeguards for cross-border transfers (e.g., EU Standard Contractual Clauses). We will implement supplementary measures where necessary.

Security

We employ administrative, technical, and organizational measures designed to protect personal data, including access controls, encryption-in-transit (and at-rest where applicable), key management, monitoring, and secure development practices. No system is perfectly secure; please use strong credentials and keep integration credentials confidential.

Data Retention

We retain personal data for as long as necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce our agreements. For processor data, retention follows your configuration and instructions, including deletion upon termination or your request, subject to legal requirements.

Your Rights

Depending on your location, you may have rights to access, correct, delete, restrict, object, or port your personal data, and to withdraw consent where processing is based on consent.

  • EEA/UK: You may also lodge a complaint with your local supervisory authority.

  • California: You may have rights under the CCPA/CPRA, including to know, delete, correct, and opt out of certain “sales”/“sharing” (we do not sell personal information in the conventional sense). Requests: contact hello@airweave.ai. We may verify your identity and, for processor data, direct you to your organization’s administrator.

Cookies

We use cookies and similar technologies for authentication, session management, security, and to understand product usage. You can control cookies via your browser settings. Some cookies are essential for the Services to function.

Children’s Privacy

The Services are not directed to children under 16 (or as defined by local law), and we do not knowingly collect personal data from them.

Third-Party Services

Your use of third-party services (e.g., connectors, identity providers) is subject to their own privacy policies. We are not responsible for their practices.

Changes to This Policy

We may update this Policy from time to time. When we do, we will revise the “Last updated” date and, where appropriate, provide additional notice. Continued use indicates acceptance of the updated Policy.

Contact

For privacy questions or requests: hello@airweave.ai