Privacy Policy
Last updated: May 26, 2026
This Privacy Policy explains what information WebDYI ("we", "us") collects when you use the WebDYI widget platform (webdyi.com, app.webdyi.com, cdn.webdyi.com), how we use it, who we share it with, and the choices and rights you have.
1. Information we collect
Account information
When you create a Developer account, we collect:
- Email address (always — whether you sign in with Google, GitHub, or email + password).
- Display name and profile photo (when you sign in with Google or GitHub, taken from your provider profile).
- Hashed password (only when you sign up with email + password; hashed and stored by our authentication provider — we don't see the plaintext).
- Linked auth providers (Google / GitHub / email — so you can see and manage your sign-in methods).
Service content
- Templates — the HTML/CSS/JS and schema you author.
- Instance settings — the customizations Clients make through the no-code form (text, color, block configuration, etc.).
- Uploaded media — images and videos uploaded by Developers or Clients, securely hosted in distributed, high-performance object storage.
- Project metadata — titles, tags, descriptions, timestamps.
Billing information
If you subscribe to the Creator plan, Our payment processor collects and stores your payment method. We receive only a Payment processor customer ID and subscription status (plan, active/canceled, current period end). We do not store your card details on our servers.
Marketing-site form submissions
If you fill out the contact form on webdyi.com, we store your name, email, subject, message, IP address, and User-Agent in our marketing database so we can reply. If you join an email list, we store the email + any preferences you provide.
Technical / usage data
Our edge network infrastructure automatically logs standard network request metadata (including IP addresses, browser User-Agents, requested URLs, referral headers, and cryptographic timestamps) to maintain platform security, prevent system abuse, and optimize content routing. We also monitor aggregated network usage metrics—such as page view counts and operational error rates—to improve reliability without individually identifying you wherever possible
2. How we use your information
- Provide and operate the Service (sign you in, save your work, render widgets, process payments).
- Communicate about your account (verification, security alerts, billing receipts, support replies).
- Send product updates if you've opted in (e.g. blog subscription, changelog notifications).
- Protect the Service against abuse, fraud, and security threats.
- Comply with legal obligations (tax records, lawful requests).
We do not sell your personal information. We do not run third-party advertising trackers on the Service.
3. Email communications
Transactional emails (account verification, password resets, billing receipts, security alerts) are sent regardless of marketing preferences because they're necessary to operate your account. Marketing/product-update emails are opt-in; each one includes an unsubscribe link.
4. Data storage and security
Your data is securely managed across fully distributed, redundant cloud data centers (leveraging relational SQL architecture for structured configurations and secure object storage buckets for media assets). All infrastructure connections utilize end-to-end TLS encryption. We enforce granular access controls using signed ID tokens for API endpoints and unique, per-instance tokens for secure client customizer access.
No method of transmission or storage is 100% secure. We make reasonable efforts to protect your data but cannot guarantee absolute security.
5. Sharing your information
We share information only with:
- Service providers who process data on our behalf: Our core cloud infrastructure network (handling edge-routing, application hosting, database records, and asset storage), our centralized identity management system (handling secure user authentication), and Payment processor (handling secure merchant payment processing).
- Legal authorities when required by law (court orders, subpoenas) — we'll notify you when legally permitted.
- Acquirers in the event of a merger, acquisition, or sale of assets — with notice and continued protection of your data.
Widget content you publish at cdn.webdyi.com/w/{id} is
public by design — anyone with the URL can view the rendered
widget. The customizer link with the secret edit token is private; only people with
that link can edit.
6. Your data rights
Depending on your jurisdiction, you may have rights to:
- Access the personal information we hold about you.
- Correct inaccurate information.
- Delete your account and associated data.
- Export your content.
- Object to or restrict certain processing.
- Withdraw consent (where processing is based on consent).
Email [email protected] to exercise any of these. We'll respond within 30 days.
7. Data retention
We retain core account data while your profile remains active and for a standard grace period following account closure (typically 30 days) to facilitate accidental recovery and allow for network abuse investigations, after which it is permanently purged from our active systems. Financial transaction and billing records are retained permanently in accordance with statutory tax and accounting laws. Routine network edge access logs are short-lived and automatically overwritten on a strict, brief rolling window
8. Children's privacy
The Service is not directed to children under 13 and we do not knowingly collect personal information from children under 13. If you believe a child has provided us information, contact us and we'll delete it.
9. Cookies and tracking
The app (app.webdyi.com) sets an authentication cookie to keep you signed in. The widget CDN (cdn.webdyi.com) is cookieless. We do not use third-party advertising cookies.
Most browsers let you control cookies through their settings. Blocking the authentication cookie will prevent you from staying signed in.
10. International users
Our infrastructure network operates globally; consequently, data may be securely stored or processed in jurisdictions outside of your country of residence. We rely strictly on industry-standard international data transfer mechanisms and contractual compliance frameworks provided by our upstream hosting infrastructure to ensure your data remains fully protected across all regions.
11. Changes to this Policy
We may update this Policy from time to time. Material changes will be notified by email or in-app notice. The "Last updated" date at the top reflects the current version.
12. Contact
Questions or requests about your data? Email [email protected] or use the contact form.