Privacy Policy

Last updated: February 12, 2026

1. Information We Collect

1.1 Information You Provide

When you use WebFold, we collect:

• Account Information: Name, email address, and profile picture from your Google account
• Google Drive Content: Content from Google Docs and folders you explicitly select to create websites
• Website Settings: Website names, custom domain names, theme preferences, navigation settings
• Payment Information: Billing information processed securely through Stripe (we do not store credit card details)

1.2 Information Automatically Collected

We automatically collect certain technical information:

• Usage Data: Pages visited, features used, build history, error logs (via Umami Analytics - privacy-friendly, cookieless)
• Device Information: Browser type, operating system, IP address (aggregated and anonymized)
• Log Data: Server logs for security, debugging, and performance monitoring
• Authentication Tokens: Google OAuth tokens (stored encrypted) to access your Google Drive and Docs

1.3 Website Visitor Data

For websites you create with WebFold:

• We do not track visitors to your published websites
• Visitor data (if any) is handled by Cloudflare CDN as part of content delivery
• You may optionally enable Umami Analytics for your website (privacy-focused, no cookies)

2. How We Use Your Information

We use your information for the following purposes:

• Provide the Service: Generate and host websites from your Google Docs content
• Account Management: Create and maintain your account, authenticate you, manage subscriptions
• Payment Processing: Process subscription payments through Stripe
• Service Improvement: Analyze usage patterns to improve features and fix bugs (via Umami Analytics)
• Communication: Send service-related emails (build notifications, subscription updates, security alerts)
• Security: Detect and prevent fraud, abuse, and security incidents
• Legal Compliance: Comply with legal obligations and enforce our Terms of Service

We do not sell your personal information to third parties. We do not use your data for advertising purposes.

3. Google API Data

WebFold's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

3.1 What We Access

We request the following Google permissions:

• Google Drive API: Read-only access to folders and files you explicitly select
• Google Docs API: Read-only access to documents you choose to convert to websites
• Basic Profile: Name, email, and profile picture for account creation

3.2 How We Use Google Data

• Access is limited to only the folders and documents you explicitly select for website creation
• We do not access other files in your Google Drive
• We do not share your Google data with third parties
• We do not use your Google data for advertising or marketing
• Your Google OAuth tokens are stored encrypted in our database
• You can revoke WebFold's access to your Google account at any time through Google Account Permissions

4. Data Sharing and Third Parties

We share your information only with essential service providers necessary to operate WebFold:

We do not share your data with marketing platforms, advertising networks, or data brokers.

4.1 Legal Disclosures

We may disclose your information if required by law:

• To comply with legal obligations (court orders, subpoenas)
• To protect our rights, property, or safety
• To prevent fraud or abuse
• In connection with a business transfer (acquisition, merger)

5. Data Storage and Security

5.1 Where We Store Data

• Application Database: Railway servers in The Netherlands (EU)
• Website Content: Cloudflare R2 object storage (global)
• Backups: Encrypted daily backups stored in Cloudflare R2

5.2 Security Measures

We implement industry-standard security practices:

• Encryption: All data transmitted over HTTPS (TLS/SSL)
• Token Encryption: Google OAuth tokens encrypted at rest using AES-256
• Access Controls: Role-based access to internal systems
• Secure Authentication: OAuth 2.0 with Google for user authentication
• Regular Updates: Security patches and software updates
• Monitoring: Automated security monitoring and error tracking

While we take security seriously, no system is 100% secure. We cannot guarantee absolute security of your data.

6. Data Retention

We retain your data for as long as necessary to provide the service:

6.1 Active Accounts

• Account Data: Retained for the duration of your account
• Website Content: Retained until you delete the website
• Build Logs: Retained for 90 days
• Free Tier Websites: Automatically deleted after 30 days of inactivity

6.2 After Account Deletion

• Immediate: Account data and websites deleted from active systems
• 90 Days: Data permanently deleted from backups
• Legal Retention: Some data may be retained longer for legal compliance (e.g., payment records for tax purposes)

7. Cookies and Tracking

WebFold uses minimal cookies for essential functionality:

• Session Cookie: Required for authentication and keeping you logged in (expires after 30 days or logout)
• No Advertising Cookies: We do not use cookies for advertising or third-party tracking
• Umami Analytics: Privacy-friendly analytics without cookies (aggregated, anonymized data only)

8. Your Privacy Rights

8.1 General Rights

You have the following rights regarding your personal data:

• Access: Request a copy of your personal data
• Correction: Update or correct inaccurate data through your account settings
• Deletion: Delete your account and data at any time
• Export: Request an export of your data (manual process, contact support)
• Revoke Access: Revoke Google Drive access through Google Account Permissions
• Unsubscribe: Opt out of marketing emails (service emails remain necessary)

8.2 EU/EEA Rights (GDPR)

If you are in the European Union or European Economic Area, you have additional rights:

• Right to Restriction: Request we limit processing of your data
• Right to Object: Object to processing of your data
• Right to Portability: Receive your data in a machine-readable format
• Right to Lodge a Complaint: File a complaint with your local data protection authority

8.3 How to Exercise Your Rights

To exercise any of these rights, contact us at:

• Email: support@webfold.io
• Delete account: Account Settings → Delete Account
• Revoke Google access: Google Account Permissions

We will respond to your request within 30 days.

9. Children's Privacy

WebFold is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately at support@webfold.io.

10. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence:

• EU/EEA: Application servers hosted in Netherlands (Railway)
• Global: Website content distributed via Cloudflare's global CDN
• US Services: Google (OAuth, Drive, Docs), Stripe (payments)

When transferring data outside the EU/EEA, we ensure appropriate safeguards are in place (Standard Contractual Clauses, Privacy Shield successors, or equivalent mechanisms).

11. Third-Party Websites

Websites you create with WebFold may link to external websites. We are not responsible for the privacy practices of third-party websites. We encourage you to review their privacy policies.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. For material changes, we will notify you via:

• Email notification to your registered email address
• Prominent notice in the dashboard

Your continued use of WebFold after changes take effect constitutes acceptance of the updated policy.

13. Data Controller Information

The data controller for your personal information is:

14. Contact Us

If you have questions about this Privacy Policy or how we handle your data, please contact us:

• Support: support@webfold.io