NOTE! This is a draft privacy policy that has not yet been legally reviewed. The content describes our intentions regarding the handling of personal data and will be updated following legal review. For questions, contact privacy@wehwan.com.
Last updated: 2026-05-17
1. Data Controller
Wehwan’s world is operated by JOJO STHLM TRIBE,
Address provided upon request.
Contact: privacy@wehwan.com
2. What Data We Collect and Why
2.1 Account Data
When you create an account, we collect your email address and a cryptographically hashed password. For applications for industry access, we additionally collect your name, company name, title, phone number, and a motivation letter. We also store the IP address from which the application was submitted.
Legal basis: Performance of a contract (Art. 6(1)(b) GDPR) — necessary to provide the service you have requested. Storage of the registration IP is based on legitimate interests (Art. 6(1)(f) GDPR) — protection against misuse and verification of the origin of applications.
2.2 Activity Logs
We maintain security and activity logs that record authentication events (login attempts, password resets), access events (content delivery), and administrative events (account changes, application decisions). Logs contain IP address, user agent, timestamp, and a brief event description.
Legal basis: Legitimate interests (Art. 6(1)(f) GDPR) — detection of misuse and protection of the service and its users.
Retention periods:
| Log type | Retention period |
|---|---|
| Authentication logs | 60 days |
| Access logs | 90 days |
| Administrative logs | 60 days |
| Rejected industry applications | 730 days (2 years) |
Rejected industry applications are retained longer to fulfil our accountability obligations under Art. 5(2) GDPR.
2.3 Ongoing Email Changes
If you request a change of email address, we temporarily store both the old and the new address for the duration of the change process (up to 24 hours).
Legal basis: Performance of a contract (Art. 6(1)(b) GDPR).
3. Email Infrastructure
Emails sent from Wehwan’s world — such as verification links, account confirmations, and administrative notifications — are sent and processed via services whose servers are located within the EU/EEA. No email data is transferred to third countries.
4. Your Rights
4.1 Right of Access (Art. 15)
You have the right to request a copy of the personal data we process about you. We support this right via WordPress’s built-in privacy export, which includes your ongoing email changes, verification token history, and activity logs.
To request an export: contact us at privacy@wehwan.com.
4.2 Right to Erasure (Art. 17)
You may request that your account and personal data be deleted. There are two ways to do this:
Self-service deletion (via account settings): Following password verification and email confirmation, the account is deleted immediately. All personal data is anonymised at the time of deletion.
Formal erasure request (via our privacy process): Submit a request to privacy@wehwan.com. Upon receipt, your personal data is anonymised immediately — activity log entries are de-identified (user_id, IP address, and user agent are set to null; email addresses are replaced with [erased]). Your WordPress account is then permanently deleted by our administrator within 30 days, in accordance with Art. 17’s requirement for erasure ”without undue delay”.
Exception: Entries recording rejected industry applications are anonymised but not deleted, as we are obliged to retain records for these decisions for accountability reasons (Art. 5(2) GDPR).
4.3 Right to Rectification (Art. 16)
You may change your email address at any time via your account settings.
4.4 Right to Restriction and Right to Object (Art. 18, 21)
To request restriction of processing or to object to processing based on legitimate interests, contact us at privacy@wehwan.com.
4.5 Right to Data Portability (Art. 20)
Where processing is based on consent or a contract and is carried out by automated means, you have the right to receive your data in a structured, commonly used, and machine-readable format.
5. Security
Access to content requires authentication. Passwords are stored as cryptographic hashes. All connections in production are made via HTTPS. Login attempts are rate-limited and monitored.
At registration, passwords are partially checked against external databases of leaked passwords using a technique that does not expose the password in plaintext. This protects you from using passwords that are already present in known data breaches.
6. Changes to This Policy
We may update this policy as the service evolves. Material changes will be communicated via the site or by email. The ”Last updated” date at the top reflects the most recent revision.
7. Contact
For privacy-related questions or requests:
- General enquiries: info@wehwan.com
- Privacy matters: privacy@wehwan.com
- Industry enquiries: partnerships@wehwan.com
JOJO STHLM TRIBE, Address provided upon request
8. Copyright and Intellectual Property
All content on Wehwan’s world — including text, images, moving image, conceptual material, and visual design — is protected by copyright and owned by the collective JOJO STHLM TRIBE, unless otherwise stated.
The content may not be copied, distributed, modified, republished, or otherwise used without written permission from JOJO STHLM TRIBE. This applies regardless of whether the use is commercial or private, and regardless of medium.
Infringement of these rights may be subject to legal action.
For permissions: partnerships@wehwan.com