Privacy Policy

1. Information We Collect

We collect only the information necessary to operate and improve Werf.

1.1 Information You Provide

When you create an account or use Werf, we may collect:

• Email address
• Password (stored securely in encrypted form)
• Website content you generate or upload (text, structure, configuration)

If you sign in using Google, we receive basic account information from Google (such as your email address), in accordance with Google's OAuth permissions.

1.2 Automatically Collected Information

We may automatically collect limited technical and usage data, such as:

• IP address
• Device and browser type
• Pages or features used within the app

This data is used for basic functionality, security, and performance monitoring. We do not currently use third-party analytics tools.

2. Payments

Payments and subscriptions are processed entirely by Paddle, our third-party payment processor.

We do not collect or store credit card numbers or payment method details.

We may store subscription status, Paddle customer IDs, and transaction references for account management and billing purposes.

Paddle handles all sensitive payment information in accordance with their own privacy and security standards.

3. How We Use Your Information

We use your information to:

• Provide and operate the Werf service
• Authenticate users and manage accounts
• Generate and display websites you create
• Maintain security and prevent abuse
• Improve features and functionality over time

We do not sell user data.

4. AI & Third-Party Services

Werf uses third-party services to function:

• Gemini (Google) – to process user prompts and generate website content
• Supabase – for authentication, database storage, and user data management
• Vercel – for application hosting and deployment
• Google OAuth – for optional third-party login

User input may be processed by these services strictly to provide Werf's functionality.

5. Data Storage & Retention

User data is stored using Supabase.

Generated websites can be deleted by users.

User accounts cannot currently be deleted.

Data is retained indefinitely unless functionality changes in the future.

We may update data retention practices as Werf evolves.

6. Cookies

Werf does not currently use cookies for tracking or analytics.

Essential technical mechanisms may be used for authentication and session management.

7. Children's Privacy

Werf is intended for users 13 years of age and older.

We do not knowingly collect personal data from children under 13. If you believe a child has provided personal information, please contact us and we will take appropriate action.

8. Data Security

We take reasonable measures to protect user data, including:

• Secure authentication systems
• Encrypted credential storage
• Trusted third-party infrastructure providers

However, no system is 100% secure, and we cannot guarantee absolute security.

9. Your Rights

Depending on your location, you may have rights to:

• Access the personal data we hold about you
• Request correction of inaccurate data

Because account deletion is not currently supported, some data may not be removable at this time.

10. Future Changes

Werf may introduce new features such as:

• Custom domains
• Analytics dashboards
• Email communications

This Privacy Policy will be updated if data practices change.

11. Changes to This Policy

We may update this Privacy Policy from time to time. The updated version will be posted on this page with a revised "Last updated" date.

12. Contact

If you have any questions about this Privacy Policy or your data, contact:

meshaunreagan@gmail.com