1. Home
  2. ›Privacy Policy
Back to Home

Privacy Policy

Last updated: March 29, 2026

1. Information We Collect

When you use Website Creator, we may collect the following types of information:

  • Account Information: When you create a business account, we collect your name, email address, and password.
  • Business Information: Business name, description, street address, phone number, category, and any content you add to your website (services, gallery images, etc.). Optionally, you may provide your Tax ID and company Registration Number.
  • Booking Data: When customers make bookings through your website, we collect their name, email address, and appointment details.
  • Blog Content: When you create and publish blog posts, we collect the content, images, and metadata you provide. Published posts are publicly visible.
  • Auto-Translation Data: When you use the auto-translate feature, your text content is sent to Google Cloud Translation API for translation between English and Greek. Google may process this data according to their Cloud Terms of Service. We do not store translation requests separately from your content.
  • Theme Preference: Your dark/light mode preference is stored locally in your browser's localStorage. This data is not transmitted to our servers.
  • Error Data: When technical errors occur, our error monitoring system (Sentry) automatically collects information about the error, including the page URL, browser type, and error details. This data does not include any personal information — emails and IP addresses are stripped before transmission.

2. How We Use Your Information

We use the information we collect to:

  • Provide and maintain the Website Creator platform
  • Create and host your business website
  • Process and manage booking appointments
  • Send booking confirmations and notifications to you and your customers
  • Send optional daily booking digest emails to business owners who enable this feature
  • Host and display published blog posts on your business's public website
  • Monitor and fix technical errors to improve platform reliability
  • Protect the platform from abuse through rate limiting

3. Information Sharing

We do not sell your personal information to third parties. We may share information in the following circumstances:

  • Public Business Directory: Your business name, description, category, city, and logo are displayed in our public directory to help customers find you.
  • Service Providers: We use the following third-party services to operate the platform:
    • Supabase — Data storage and authentication
    • Resend — Email delivery
    • Sentry — Error monitoring (receives anonymised error data only, no personal information)
    • Upstash — Rate limiting to protect against abuse (stores only request counts, no personal data)
    • Google Cloud — Maps integration and auto-translation service (processes text content for translation; subject to Google Cloud Terms of Service)
    • Stripe — Payment processing for subscription billing (handles payment data directly; subject to Stripe Privacy Policy)
  • Legal Requirements: We may disclose information when required by law or to protect our rights and safety.

4. Data Security

We take comprehensive measures to protect your information, including:

  • Encrypted data transmission using HTTPS with strict transport security (HSTS)
  • Secure authentication and session management via Supabase
  • Content Security Policy (CSP) headers to prevent cross-site scripting (XSS) and other injection attacks
  • HTML sanitisation of all user-generated content to prevent malicious code injection
  • Rate limiting on login, signup, and API endpoints to prevent brute-force attacks
  • Ownership verification on file uploads to prevent unauthorised access
  • Row-level security on all database tables

While we strive to protect your data, no method of transmission over the internet is 100% secure.

5. Your Rights

In accordance with applicable data protection laws, you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate or incomplete data
  • Delete your personal data (you can export your data first via the backup feature)
  • Object to certain types of processing
  • Data Portability: Export your business data in a structured format using our backup feature
  • Email Unsubscribe: You can unsubscribe from marketing and booking emails via the unsubscribe link included in every email or through your account notification preferences. We comply with GDPR and CAN-SPAM regulations.

To exercise these rights, please contact us using the details below.

6. Data Retention

We retain your data for as long as your account is active or as needed to provide services. Specifically:

  • Blog Posts: When you delete a blog post, it is soft-deleted (deactivated) and retained for 30 days before permanent removal.
  • Account Data: If you delete your account, your personal data is removed in accordance with our GDPR obligations.

7. Cookies

We use cookies to maintain your login session and provide essential platform functionality. We do not use analytics or advertising cookies. For more details, please see our Cookie Policy.

8. Children's Privacy

Website Creator is not directed at individuals under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting a notice on the platform. Your continued use of Website Creator after changes are made constitutes your acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy or your personal data, please contact us at:

Website Creator
Cyprus
Email: support@websitecreator.cy