Privacy Policy

1. Information We Collect

We collect information you provide directly to us:

• Account Information: Email address, name, and authentication data when you create an account via Google or email sign-up.
• Payment Information: Billing details processed securely through Stripe. We do not store your full credit card numbers.
• Project Data: Website URLs you provide for content extraction and any uploaded documents or requirements.
• Usage Data: Information about how you use our Service, including pages visited and features used.

2. How We Use Your Information

We use collected information to:

• Provide, maintain, and improve our Service
• Process transactions and send related information
• Send technical notices, updates, and support messages
• Respond to your comments, questions, and customer service requests
• Detect, prevent, and address technical issues and fraud

3. Data Sharing and Disclosure

We may share your information with:

• Service Providers: Third-party vendors who perform services on our behalf (e.g., Stripe for payments, Supabase for data storage, PostHog for analytics).
• Legal Requirements: When required by law or to protect our rights and safety.
• Business Transfers: In connection with a merger, acquisition, or sale of assets.

We do not sell your personal information to third parties.

4. Analytics and Product Improvement

We use PostHog, an open-source analytics platform, to understand how our Service is used and to improve the user experience. PostHog collects anonymous usage data using two different methods depending on your consent:

Privacy-Preserving Analytics (No Consent Required): By default, we collect anonymous analytics using cookieless tracking that does not process personal data. This uses a privacy-preserving hash calculated on PostHog's servers based on technical information (browser type, device type, daily rotating identifier). This hash cannot be reversed to identify you and changes daily, ensuring full GDPR compliance without requiring consent.

Enhanced Analytics (With Your Consent): If you accept cookies via our banner, we enable enhanced tracking that provides more detailed insights while still maintaining anonymity. This includes persistent user sessions and improved feature usage tracking.

Both modes collect the following types of data:

• Page views and navigation patterns
• Feature usage and interactions (e.g., button clicks, form submissions)
• Technical information (browser type, device type, screen resolution)
• Error messages and technical issues
• Project generation events and completion rates

No Personal Information: PostHog tracking does not collect or store personally identifiable information (PII) such as names, email addresses, or project content. We route all analytics through our own servers (reverse proxy), which means PostHog never receives your actual IP address - only our server's IP.

Data Retention: Analytics data is retained for 12 months.

For more information about PostHog's privacy practices, visit: https://posthog.com/privacy

5. AI Processing and Anthropic

Our Service uses Anthropic's Claude API to process and generate website content. When you use our Service, the following data may be transmitted to and processed by Anthropic:

• Website URLs and content you provide for extraction
• Project requirements and specifications
• Content and data used to generate website code
• Code and files generated during the website creation process

Data Retention: Anthropic retains API data for 30 days by default. For commercial API usage (which we use), your data is not used to train Anthropic's models unless you explicitly opt in. Data is encrypted in transit using TLS.

For more information about how Anthropic handles your data, please review their privacy policy at: https://privacy.anthropic.com/

6. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. This includes:

• Encryption of data in transit and at rest
• Secure authentication via Supabase Auth
• Regular security assessments and updates
• PCI-compliant payment processing through Stripe

7. Data Retention

We retain your personal information for as long as necessary to provide our Service and fulfill the purposes outlined in this policy. Generated website code and project data are retained for 90 days after generation, after which they may be automatically deleted.

You can request deletion of your account and associated data at any time by contacting us.

8. Your Rights (GDPR)

If you are a resident of the European Economic Area (EEA), you have certain data protection rights under the General Data Protection Regulation (GDPR):

• Access: Request copies of your personal data
• Rectification: Request correction of inaccurate data
• Erasure: Request deletion of your personal data
• Restriction: Request restriction of processing
• Portability: Request transfer of your data
• Objection: Object to our processing of your data

To exercise these rights, please contact us at contact@vinkweb.lu.

9. Cookies and Tracking

We use essential cookies to maintain your session and remember your preferences. We collect anonymous analytics data by default using privacy-preserving methods that do not require consent. We also offer enhanced analytics and advertising with cookies if you choose to accept them.

Cookie Consent: When you first visit our website, you will see a cookie consent banner. You can choose "Accept All" for enhanced features or "Essential Only" to decline optional cookies. Your preference is stored for one year.

Important: Even if you decline cookies, we still collect anonymous analytics using cookieless, privacy-preserving methods that comply with GDPR without requiring consent. This data cannot be linked to you personally and uses daily-rotating identifiers.

Types of Cookies and Tracking:

• Essential Cookies: Required for authentication and basic functionality (Supabase authentication tokens). These do not require consent under GDPR as they are strictly necessary for the service you requested.
• Privacy-Preserving Analytics (No Consent Required): We collect anonymous usage data using PostHog's cookieless mode, which does not use cookies or process personal data. This uses a privacy-preserving hash that changes daily and cannot identify you. This tracking is always active and complies with GDPR without requiring consent.
• Enhanced Analytics Cookies (Optional): If you accept cookies, PostHog stores data in your browser for improved session tracking and feature analysis. These are first-party cookies only.
• Consent Cookie: Stores your cookie preference. This is essential to remember your choice.

Managing Your Preferences: You can change your cookie preferences at any time by clearing the consent cookie in your browser (named "legasite_cookie_consent"). This will show the cookie banner again on your next visit. You can also disable cookies through your browser settings, but disabling essential cookies will prevent you from signing in.

Compliance: Our tracking and cookie implementation complies with:

• GDPR Article 6(1)(a) - Explicit consent for non-essential cookies
• ePrivacy Directive (Cookie Law) - Prior consent for cookies not strictly necessary
• Luxembourg data protection laws

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. We ensure appropriate safeguards are in place for such transfers, including standard contractual clauses approved by the European Commission.

11. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Lars Vink
BPM 392499
Banzelt 4 A
6921 Roodt-sur-Syre
Luxembourg
Email: contact@vinkweb.lu