Website Privacy Policy
For webappski.com and AI Form Copilot Marketing Website
Last Updated: [DATE]
Website Owner: [NAME] Individual Entrepreneur Staniszewskiego 19b 81-303 Gdynia, Poland NIP: -------- Email: info@webappski.com
1. Introduction
This Privacy Policy explains how we collect, use, and protect your personal information when you visit our marketing website at webappski.com or related subdomains (the "Website").
Scope: This Privacy Policy applies ONLY to our Website (webappski.com). It does NOT apply to:
- End users of AI Form Copilot widget on third-party websites (see "Privacy Policy for End Users")
- Business clients using AI Form Copilot services (see "Terms of Service" and "Data Processing Agreement")
2. Data We Collect
2.1 Information You Provide
When you interact with our Website, you may provide:
Contact Form / Demo Request:
- Name
- Email address
- Company name
- Website URL
- Message or inquiry
Account Registration:
- Name
- Email address
- Company name
- Billing address
- Payment information (processed by Stripe - we do NOT store full credit card numbers)
Newsletter Subscription:
- Email address
- Name (optional)
Support Inquiries:
- Name, email, account details
- Technical information about your issue
- Screenshots or attachments (if you provide them)
2.2 Automatically Collected Information
When you visit our Website, we automatically collect:
Analytics Data (via Plausible Analytics):
- Page URLs visited
- Referrer (website you came from)
- Browser type and version
- Operating system
- Device type (desktop, mobile, tablet)
- Country (based on IP address, NOT stored)
- NO IP addresses stored
- NO cookies set
- NO cross-site tracking
Technical Data:
- Timestamps of page visits
- Server logs (access logs for security purposes)
- Error logs (if technical issues occur)
Cookies:
- Strictly Necessary Cookies: Session management, authentication (if logged in)
- NO advertising cookies
- NO tracking cookies
3. How We Use Your Data
3.1 Purpose
We use your data for:
- Provide Services:
- Respond to contact form inquiries
- Process account registrations
- Manage subscriptions and billing
- Provide customer support
- Marketing Communications:
- Send newsletters (if you subscribed)
- Send product updates and announcements
- Send promotional offers (with opt-out option)
- Analytics & Improvements:
- Understand how visitors use our Website
- Improve Website design and user experience
- Identify technical issues
- Legal Compliance:
- Comply with tax and accounting requirements
- Respond to legal requests (court orders, subpoenas)
- Prevent fraud and abuse
3.2 Legal Basis (GDPR Article 6)
- Consent (Article 6(1)(a)): Newsletter subscriptions, optional cookies
- Contract (Article 6(1)(b)): Account management, billing, customer support
- Legitimate Interests (Article 6(1)(f)): Analytics, security, fraud prevention
- Legal Obligation (Article 6(1)(c)): Tax records, legal requests
4. Data Sharing & Third Parties
4.1 Service Providers (Data Processors)
We share your data with trusted third-party service providers:
| Provider | Purpose | Data Shared | Privacy Policy |
|---|---|---|---|
| Plausible Analytics | Website analytics | Page views, referrer, browser, country (NOT IP) | Plausible Privacy |
| Stripe | Payment processing | Name, email, billing address, payment info | Stripe Privacy |
| Google Cloud (Firebase) | Infrastructure (hosting, database) | Account data, logs | Google Cloud Privacy |
| Email Provider (e.g., SendGrid, Mailchimp) | Email delivery (newsletters, transactional) | Email address, name | [Provider Privacy] |
All service providers:
- Bound by contracts requiring GDPR compliance
- Use data only as instructed by us
- EU Standard Contractual Clauses (SCCs) in place for international transfers
4.2 Legal Disclosures
We may disclose your data if required by law:
- Court orders or subpoenas
- Law enforcement requests
- Protection of our rights or safety
- Fraud investigations
4.3 Business Transfers
If we are acquired or merge with another company:
- Your data may be transferred to the new owner
- You will be notified 30 days before transfer
- New owner must honor this Privacy Policy
4.4 No Sale of Data
We do NOT sell your personal data to third parties for marketing purposes.
5. Data Retention
| Data Type | Retention Period |
|---|---|
| Contact form inquiries | 2 years from submission |
| Account data (active) | Duration of account |
| Account data (deleted) | 30 days after deletion request |
| Newsletter subscriptions | Until you unsubscribe + 30 days |
| Payment records | 7 years (tax/accounting requirements) |
| Analytics data (Plausible) | 2 years (aggregate, no IP) |
| Server logs | 90 days |
After retention period, data is permanently deleted.
6. Your Rights (GDPR)
As a data subject in the European Union, you have the following rights:
6.1 Right to Access (Article 15)
You can request a copy of your personal data we hold.
How: Email info@webappski.com with subject "GDPR Access Request"
6.2 Right to Rectification (Article 16)
You can request correction of inaccurate data.
How: Email info@webappski.com or update your account settings
6.3 Right to Erasure (Article 17 - "Right to be Forgotten")
You can request deletion of your data.
How: Email info@webappski.com with subject "GDPR Deletion Request"
Exceptions: We may retain data if legally required (e.g., tax records for 7 years)
6.4 Right to Restrict Processing (Article 18)
You can request we limit how we use your data.
How: Email info@webappski.com with subject "GDPR Restriction Request"
6.5 Right to Data Portability (Article 20)
You can receive your data in machine-readable format (JSON, CSV).
How: Email info@webappski.com with subject "GDPR Portability Request"
6.6 Right to Object (Article 21)
You can object to:
- Direct marketing (unsubscribe link in emails)
- Processing based on legitimate interests
- Automated decision-making (we do NOT use automated decisions)
6.7 Right to Withdraw Consent (Article 7(3))
For consent-based processing (newsletter, cookies):
- Newsletter: Click unsubscribe link in any email
- Cookies: Adjust cookie settings in our cookie banner
6.8 Right to Lodge a Complaint
You can file a complaint with your data protection authority:
Poland: Urząd Ochrony Danych Osobowych (UODO) Website: https://uodo.gov.pl/ Email: kancelaria@uodo.gov.pl
Your Country: Find your authority at https://edpb.europa.eu/about-edpb/board/members_en
Response Time: We will respond to your requests within 30 days (may extend to 60 days for complex requests).
7. International Data Transfers
Data Location: Your data may be transferred from EU to United States for processing by:
- Google Cloud (Firebase infrastructure)
- Stripe (payment processing)
Legal Mechanisms:
- EU Standard Contractual Clauses (SCCs)
- Google Cloud Data Processing Terms
- Stripe Data Processing Agreement
Additional Safeguards:
- Encryption in transit (TLS 1.2+)
- Encryption at rest (AES-256)
- Access controls
8. Security Measures
We implement industry-standard security measures:
Technical Measures:
- Encryption: HTTPS (TLS 1.2+) for all website traffic
- Secure hosting: Google Cloud Platform with DDoS protection
- Access control: Multi-factor authentication for admin accounts
- Regular updates: Security patches applied promptly
Organizational Measures:
- Staff training: GDPR awareness training for all staff
- Data minimization: Collect only necessary data
- Access limitation: Data accessible only to authorized personnel
- Incident response plan: 72-hour breach notification to authorities (GDPR Article 33)
Limitations: No security is 100% perfect. We cannot guarantee absolute security, but we use commercially reasonable efforts.
9. Cookies Policy
9.1 What Are Cookies?
Cookies are small text files stored on your device by websites you visit.
9.2 Cookies We Use
Strictly Necessary Cookies:
- Session cookie: Keeps you logged in (if you have an account)
- Security cookie: Prevents CSRF attacks
- Duration: Session (deleted when you close browser)
- No consent required (necessary for service)
Analytics (via Plausible):
- NO cookies set by Plausible Analytics
- Plausible is cookie-less, privacy-first analytics
- Complies with GDPR, CCPA, PECR without consent banner
9.3 Third-Party Cookies
We do NOT use third-party tracking cookies (Google Analytics, Facebook Pixel, etc.).
9.4 Cookie Management
Browser Settings: You can block cookies via browser settings:
- Chrome: Settings > Privacy > Cookies
- Firefox: Settings > Privacy > Cookies
- Safari: Preferences > Privacy > Cookies
Note: Blocking strictly necessary cookies may break Website functionality (e.g., cannot log in).
10. Children's Privacy
Age Restriction: Our Website is NOT intended for children under 16 years old.
- We do NOT knowingly collect data from children under 16
- If you are under 16, DO NOT use our Website or provide personal data
- Parents: If you believe your child provided data, contact us immediately at info@webappski.com for deletion
11. Marketing Communications
11.1 Newsletter
If you subscribe to our newsletter:
- We send product updates, blog posts, and promotional offers
- You can unsubscribe anytime (link in every email)
- We use [Email Provider] as our email service provider
11.2 Transactional Emails
If you have an account:
- We send transactional emails (account creation, password reset, billing)
- You CANNOT opt-out of transactional emails (necessary for service)
11.3 Promotional Emails
If you are an existing customer:
- We may send promotional emails about our Services (legitimate interest)
- You can opt-out anytime
11.4 Do Not Track
We honor "Do Not Track" (DNT) browser signals:
- If DNT enabled, we do NOT use cookies (except strictly necessary)
- Plausible Analytics respects DNT by default
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time.
Notification:
- Material changes: Email notification to registered users
- Minor changes: Updated "Last Updated" date at top
Effective Date: Changes effective immediately upon posting.
Your Consent: Continued use of Website after changes = acceptance.
13. Contact Information
For Privacy Inquiries: Email: info@webappski.com Subject: "Privacy Inquiry - Website"
For GDPR Requests: Email: info@webappski.com Subject: "GDPR Request - [Type: Access/Deletion/etc.]"
Postal Address: [NAME] Staniszewskiego 19b 81-303 Gdynia, Poland
Data Protection Authority (Poland): Urząd Ochrony Danych Osobowych (UODO) Website: https://uodo.gov.pl/ Email: kancelaria@uodo.gov.pl
14. California Privacy Rights (CCPA)
If you are a California resident (US), you have additional rights under CCPA:
14.1 Right to Know
You can request disclosure of:
- Categories of personal information collected
- Sources of personal information
- Business purpose for collection
- Third parties with whom we share data
14.2 Right to Delete
You can request deletion of your personal information (same as GDPR Right to Erasure).
14.3 Right to Opt-Out of Sale
We do NOT sell your personal information. No opt-out required.
14.4 Non-Discrimination
We will NOT discriminate against you for exercising CCPA rights (same prices, same service quality).
To Exercise CCPA Rights: Email: info@webappski.com Subject: "CCPA Request - [Type]"
Response Time: 45 days (may extend to 90 days for complex requests)
APPENDIX: Data Processing Record (GDPR Article 30)
Controller: [NAME] Contact: info@webappski.com DPO: Not appointed (not required for small businesses)
Categories of Data Subjects:
- Website visitors
- Newsletter subscribers
- Account holders (business clients)
- Support inquiries
Categories of Personal Data:
- Identification data: Name, email
- Commercial data: Company name, billing address
- Technical data: Browser, device, page views (no IP)
Categories of Recipients:
- Plausible Analytics (analytics)
- Stripe (payments)
- Google Cloud (hosting)
- Email provider (marketing communications)
Transfers to Third Countries:
- United States (Google Cloud, Stripe) - SCCs in place
Retention Periods:
- See Section 5 (Data Retention)
Security Measures:
- See Section 8 (Security Measures)
BY USING OUR WEBSITE, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND AGREE TO THIS PRIVACY POLICY.
Last Updated: [DATE] Version: 1.0