Privacy Policy
Last updated: June 2026
This policy explains how Webdec ("Webdec") processes personal data when you use webdec.ai (the "Service"). For the purposes of the GDPR, Webdec is the data controller for your account data. Contact: [email protected].
1. Data we collect
- Account data: email, name, password (hashed by our auth provider), and authentication identifiers.
- Billing data: subscription/plan, and payment details processed by Stripe — we do not store full card numbers.
- Content data: the prompts you submit and the websites/projects you generate and host.
- Usage & technical data: log data, device/browser info, IP address, and error diagnostics.
- Support communications you send us.
2. How we use it
- To provide, operate, secure, and improve the Service (incl. generating and hosting your sites).
- To process payments and manage subscriptions.
- To send transactional emails (account, billing, security) and, with consent where required, product updates.
- To prevent abuse, fraud, and misuse, and to comply with legal obligations.
3. Legal bases (GDPR)
We process data to perform our contract with you (provide the Service), for our legitimate interests (security, improvement, abuse prevention), to comply with legal obligations, and based on your consent where required (e.g. non-essential cookies, marketing).
4. Sub-processors
We share data with service providers who process it on our behalf, including:
- Supabase — authentication & database
- Stripe — payments & subscriptions
- Google (Gemini API) — AI generation
- Cloudflare & name.com — DNS & domain registration
- Amazon Web Services (S3) — asset storage; Hetzner / hosting providers — site hosting
- Resend — transactional email
- Sentry — error monitoring
We maintain data-processing agreements with these providers where applicable.
5. Retention
We keep personal data for as long as your account is active and as needed to provide the Service, then delete or anonymise it within a reasonable period, subject to legal retention requirements (e.g. tax/accounting records).
6. Your rights
Subject to applicable law, you may request access, correction, deletion, portability, restriction, or objection, and may withdraw consent. You can delete your account and associated data from account settings, or contact us at [email protected]. You may also lodge a complaint with your local data-protection authority.
7. International transfers
Some providers are located outside your country. Where we transfer data internationally, we rely on appropriate safeguards (e.g. Standard Contractual Clauses).
8. Security
We use technical and organisational measures (encryption in transit, access controls, monitoring) to protect your data. No system is perfectly secure.
9. Children
The Service is not directed to children under 16, and we do not knowingly collect their data.
10. Changes
We may update this policy; material changes will be notified. Continued use constitutes acceptance.
11. Contact
Webdec. Privacy contact: [email protected].