Weblooks

Privacy Policy

Draft — pending admin review

Privacy Policy

Effective Date: [Insert Date] Last Updated: [Insert Date] Controller: [Insert Legal Entity Name] Address: [Insert Registered Address] Contact Email: [Insert Privacy Contact Email]

1. Introduction

This Privacy Policy explains how Weblooks collects, uses, stores, shares, and otherwise processes personal data in connection with the Weblooks website, applications, platform, staging environments, support channels, integrations, and related services.

This Policy also explains your privacy rights and choices.

If you do not agree with this Policy, do not use the Service.

2. Scope

This Policy applies to personal data we process as a controller in connection with:

  • visitors to our website
  • users of our platform
  • administrators and collaborators invited to workspaces or projects
  • client reviewers invited through review links
  • people who contact support, request demos, or otherwise interact with us
  • recipients of our communications

This Policy does not govern third-party services that you connect to or use through Weblooks. Those services have their own privacy notices and practices.

3. Categories of personal data we collect

Depending on how you use Weblooks, we may collect the following categories of personal data.

Account and profile information

  • name
  • email address
  • authentication identifiers
  • account role
  • organization or workspace information
  • language and region preferences

Authentication and security data

  • sign-in events
  • passkey or authentication metadata
  • device or browser-related security signals
  • IP address
  • session identifiers
  • MFA status and related security settings
  • audit logs and security event logs

Project and usage data

  • project names and settings
  • collaboration events
  • comments and review actions
  • deployment events
  • staging access events
  • metadata and governance settings
  • issue and checklist states
  • interaction events within the Service

Content and files

  • content, files, images, assets, comments, metadata, structured data, or materials you upload, create, sync, or connect
  • support materials you submit to us
  • legal or CMS text you create or manage within the platform

Integration data

If you connect third-party services, we may process:

  • access tokens or credentials through approved secret handling systems
  • integration identifiers
  • selected scopes and permissions
  • sync metadata
  • webhook and API event data
  • content or files made available through connected services, as instructed by you

Communications data

  • support messages
  • survey responses
  • request history
  • onboarding or operational emails
  • transactional message logs

Billing and transaction data

If and when billing is enabled, we or our payment providers may process:

  • billing contact details
  • subscription status
  • payment-related metadata
  • invoices and tax-related information
  • limited payment transaction records

We do not intentionally store full payment card details unless expressly stated and lawfully required. Payment processing may be handled by third-party payment providers.

Website, device, and analytics data

  • browser type
  • device type
  • operating system
  • approximate location inferred from IP
  • referral URLs
  • page views and feature events
  • cookie identifiers or similar technology identifiers, where permitted

4. Sources of personal data

We collect personal data:

  • directly from you
  • from users or admins who invite you
  • from your use of the Service
  • from integrated third-party services you connect
  • from payment providers and communications providers
  • from analytics and security tools
  • from cookies and similar technologies, subject to applicable law

5. Purposes of processing

We process personal data for the following purposes:

  • providing and operating the Service
  • authenticating users and securing accounts
  • enabling collaboration, invitations, comments, and staging access
  • syncing with connected services
  • processing deployments and deployment-related checks
  • providing support and responding to inquiries
  • maintaining logs, audit trails, and incident records
  • detecting, preventing, and investigating fraud, abuse, and security incidents
  • monitoring performance, reliability, and service health
  • improving the Service and user experience
  • sending transactional and service-related communications
  • managing subscriptions, billing, invoices, and payments when enabled
  • complying with legal obligations
  • enforcing our terms, policies, and rights

6. Legal bases for processing

Where the GDPR or similar laws apply, we process personal data under one or more of the following legal bases:

  • performance of a contract or steps taken at your request before entering into a contract
  • compliance with a legal obligation
  • our legitimate interests, where not overridden by your interests or fundamental rights and freedoms
  • your consent, where required

Our legitimate interests may include:

  • operating and improving the Service
  • securing the Service
  • preventing abuse and fraud
  • maintaining logs and records
  • communicating with users about operational matters
  • understanding how the Service is used
  • defending legal claims

Where we rely on consent, you may withdraw it at any time, without affecting the lawfulness of processing before withdrawal.

7. Cookies and similar technologies

We may use cookies and similar technologies to:

  • keep the Service operational
  • remember preferences
  • support authentication and security
  • understand usage and performance
  • support analytics and related measurement
  • support marketing or advertising activities, if enabled

Where required by law, we will request consent before placing or accessing non-essential cookies or similar technologies on your device.

You can manage your preferences using our cookie settings or similar controls. Essential cookies or similar technologies used for security, login, or requested functionality may remain active because they are necessary for the Service.

8. Communications

We may send:

  • transactional emails
  • sign-in links
  • account and security notices
  • billing notices
  • support communications
  • service announcements

Where permitted by law, we may also send product updates or marketing communications. You can opt out of marketing communications at any time. You cannot opt out of essential service or security communications.

9. Sharing of personal data

We may share personal data with:

  • service providers and subprocessors that help us operate the Service
  • hosting, infrastructure, and content delivery providers
  • authentication, security, logging, and monitoring providers
  • communications providers
  • payment providers
  • analytics providers
  • integration providers, when you choose to connect them
  • professional advisers such as lawyers, auditors, or insurers
  • authorities, courts, regulators, or law enforcement where required by law or necessary to protect rights, safety, or the Service
  • affiliates or acquirers in connection with a merger, sale, financing, acquisition, or reorganization

We do not sell personal data in the ordinary meaning of that term.

10. Subprocessors and service providers

We may use providers such as infrastructure, email, messaging, monitoring, database, security, and payment providers in order to operate Weblooks.

Examples of providers that may be used depending on product configuration include providers related to:

  • edge and network services
  • cloud hosting
  • source control and sync
  • secret management
  • messaging and email delivery
  • error monitoring
  • database tools
  • payment processing
  • connected integrations selected by users

We will maintain appropriate contractual and technical safeguards with service providers where required.

11. International transfers

Your personal data may be processed in countries other than the country where you are located.

Where applicable law requires safeguards for international transfers, we will use appropriate mechanisms such as:

  • adequacy decisions
  • standard contractual clauses
  • supplementary measures where appropriate
  • other lawful transfer mechanisms

12. Data retention

We retain personal data for as long as reasonably necessary for the purposes described in this Policy, including to:

  • provide the Service
  • maintain account functionality
  • keep security, audit, and operational records
  • comply with legal, tax, accounting, and regulatory obligations
  • resolve disputes
  • enforce agreements

Retention periods may vary based on the type of data, the plan, applicable law, security needs, and whether deletion requests have been received.

When data is no longer required, we will delete it, anonymize it, or securely isolate it as required by law or operational necessity.

13. Security

We use administrative, technical, and organizational measures designed to protect personal data, including measures related to:

  • access control
  • encryption where appropriate
  • secret management
  • logging and monitoring
  • environment separation
  • incident detection and response
  • least-privilege practices
  • secure development and deployment

No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

14. Your rights

Depending on your location and applicable law, you may have rights such as:

  • the right to be informed
  • the right of access
  • the right to rectification
  • the right to erasure
  • the right to restrict processing
  • the right to data portability
  • the right to object
  • the right to withdraw consent
  • the right to lodge a complaint with a supervisory authority

We may need to verify your identity before responding to a request.

You may exercise rights by contacting us at [Insert Privacy Contact Email].

15. Children

The Service is not directed to children, and we do not knowingly collect personal data from children in violation of applicable law.

If you believe a child has provided personal data to us unlawfully, contact us so we can take appropriate steps.

16. Third-party services and integrations

If you connect third-party services or use integrations, you instruct us to interact with those services on your behalf, subject to your settings and permissions.

Your use of those services is subject to their own terms and privacy notices.

We are not responsible for the privacy or security practices of third parties that you choose to use.

17. Review links, collaboration, and shared content

If you invite others to collaborate or review content, we will process personal data needed to provide those sharing features, such as:

  • email addresses
  • invite status
  • access permissions
  • comments
  • review events
  • audit logs

You are responsible for selecting appropriate sharing settings and for ensuring you have a lawful basis to share personal data or content through the Service.

18. Analytics and service improvement

We may use analytics and telemetry to understand platform usage, improve reliability, diagnose issues, and make the Service better.

Where legally required, analytics or similar technologies that are not strictly necessary will be activated only after consent.

19. Changes to this Policy

We may update this Policy from time to time.

If we make material changes, we will provide notice by appropriate means such as the Service, website, or email.

The "Last Updated" date above indicates when this Policy was last revised.

20. Contact us

For privacy questions or requests, contact:

[Insert Privacy Contact Name or Team] [Insert Email Address] [Insert Postal Address]

21. EEA, UK, and similar rights notice

If you are located in the EEA, UK, or another jurisdiction with similar rights, you may also have the right to complain to the supervisory authority in your country or region.

22. California and other regional disclosures

If laws in your jurisdiction require additional disclosures, rights, or notices, we may provide a region-specific supplement to this Policy.