Privacy Policy

WheellsVerse  |  Effective date: April 15, 2026  |  Last updated: April 15, 2026

WheellsVerse ("we", "our", or "us"), operated by Jhon Kevens D Wheeler, provides an AI-powered platform including market signal alerts, content automation, e-commerce, and the NEXORA creator platform. This Privacy Policy explains what data we collect, how we use it, and your rights regarding your data.

1. Data We Collect

Category	What We Collect	Why
Account data	Name, email address, username	Account creation and authentication
Payment data	Subscription status, billing period (card details handled by Stripe — we never see them)	Processing subscriptions and purchases
Platform tokens	OAuth tokens for connected platforms (TikTok, Twitter/X, etc.)	Publishing content on your behalf
Purchase data	Shopify order history and product data	Order fulfillment and support
Usage data	Bot run history, publish logs, signal views, dashboard activity	Service operation and analytics
Content data	AI-generated text and media you create on the platform	Serving your content back to you
Technical data	IP address, browser type, device type, session data, cookies	Security, fraud prevention, analytics
Email engagement	Email open rates and click data (via ConvertKit)	Improving our newsletters and alerts

2. How We Use Your Data

• To operate, maintain, and improve the WheellsVerse platform.
• To process payments and manage your subscription (via Stripe).
• To authenticate and publish content to connected social platforms on your behalf.
• To send AI-generated market alerts and newsletters you have subscribed to (via ConvertKit).
• To fulfill physical product orders (via Shopify and Printify).
• To display your dashboard, analytics, and publishing history.
• To detect and prevent fraud, abuse, and security incidents.
• To communicate service updates, security notices, and billing information.

We do not sell, rent, or share your personal data with third parties for advertising purposes.

3. Cookies

WheellsVerse uses cookies and similar tracking technologies for:

• Essential cookies — required for authentication and platform operation (cannot be disabled).
• Analytics cookies — help us understand how the platform is used (anonymous, aggregated).
• Preference cookies — remember your dashboard settings and preferences.

You can control non-essential cookies through your browser settings. Disabling cookies may affect platform functionality.

4. Third-Party Services

Our platform shares limited data with the following third-party services to operate:

• Stripe (stripe.com) — payment processing. Handles card data directly; we receive only payment status and subscription info.
• OpenAI (openai.com) — AI content and signal generation. Prompts may include content context but not your personal identifiers.
• Anthropic (anthropic.com) — AI content generation (Claude models). Same as OpenAI above.
• Shopify (shopify.com) — e-commerce. Receives order and shipping data to fulfill purchases.
• Printify (printify.com) — print-on-demand fulfillment. Receives order and shipping address for physical product orders.
• ConvertKit (convertkit.com) — email marketing. Receives your email address and name when you subscribe to alerts or newsletters.
• TikTok, Twitter/X, Instagram — content publishing. Receive only the content you authorize us to post and the OAuth tokens you grant.
• Railway (railway.app) — cloud hosting. Your data is processed on Railway's infrastructure in the United States.

5. Data Retention

• Account data — retained for the life of your account plus 90 days after deletion request.
• Payment records — retained for 7 years to comply with tax and accounting requirements.
• OAuth tokens — retained until you disconnect a platform or close your account.
• Usage logs — retained for 12 months on a rolling basis.
• Email subscription data — retained until you unsubscribe or request deletion.
• Content outputs — retained for 12 months; you may request earlier deletion.

6. Data Security

We implement industry-standard security measures including:

• Encrypted data transport (HTTPS/TLS) for all connections.
• Environment-variable-based secret storage (API keys, tokens never in code).
• Access controls limiting who can access production systems.
• Payment card data handled exclusively by Stripe (PCI-DSS Level 1 compliant).

No method of internet transmission is 100% secure. We cannot guarantee absolute security of data transmitted to or stored by our platform.

7. GDPR — Your Rights (EU/EEA Residents)

If you are located in the European Union or European Economic Area, you have the following rights under the General Data Protection Regulation (GDPR):

• Right of access (Art. 15) — request a copy of the personal data we hold about you.
• Right to rectification (Art. 16) — request correction of inaccurate or incomplete data.
• Right to erasure (Art. 17) — request deletion of your personal data ("right to be forgotten").
• Right to data portability (Art. 20) — receive your data in a structured, machine-readable format.
• Right to restriction of processing (Art. 18) — request we limit how we use your data in certain circumstances.
• Right to object (Art. 21) — object to processing based on legitimate interests.
• Right to withdraw consent — withdraw consent for any processing based on consent at any time.

Our lawful basis for processing is: contract performance (subscriptions/orders), legitimate interests (fraud prevention, security, analytics), and consent (email marketing). To exercise any right, contact us at the address below. We will respond within 30 days.

8. CCPA — Your Rights (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

• Right to know — request disclosure of what personal data we collect, use, disclose, and sell.
• Right to delete — request deletion of your personal information.
• Right to opt-out of sale — we do not sell your personal data. No opt-out is needed.
• Right to non-discrimination — exercising your CCPA rights will not result in discriminatory treatment.

To submit a CCPA data request, contact us using the information below. We will respond within 45 days.

9. Social Platform Integrations

When you connect TikTok, Twitter/X, Instagram, or other social platforms:

• We request only the OAuth scopes necessary to publish content on your behalf.
• We do not read your private messages, follower lists, or data beyond what is required to post.
• OAuth tokens are stored securely and are never shared with third parties.
• You can revoke access at any time from your platform's account settings or from your WheellsVerse dashboard.

10. Children's Privacy

WheellsVerse is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us immediately and we will delete it promptly.

11. International Data Transfers

WheellsVerse operates from the United States. If you are accessing our platform from outside the US (including the EU/EEA), your data will be transferred to and processed in the United States. We take steps to ensure that such transfers comply with applicable law, including through standard contractual clauses where required.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the effective date at the top of this page. For significant changes, we will notify active users via email. Continued use of the platform after changes constitutes acceptance of the revised Policy.

13. Contact & Data Requests

For privacy questions, data access requests, or to exercise any of your rights, please contact:

• Business: WheellsVerse
• Owner: Jhon Kevens D Wheeler
• Website: app.wheellsverse.com

Data subject requests (GDPR Art. 15–21 / CCPA) will be acknowledged within 5 business days and fulfilled within 30 days.