Legal

Privacy Policy

Effective date: April 2, 2026 · WebSoQuick LLC

Your privacy matters to us. This policy explains exactly what data WebSoQuick collects, how it is used, where it is stored, and your rights regarding your information. We collect only what is necessary to run the service, we do not sell your data, and we do not share it with third parties except as required to operate the platform.

Who We Are

WebSoQuick ("we," "us," or "our") is a website and AI assistant platform for local businesses. We operate at websoquick.com and provide tools to help small businesses create websites, manage content, and deploy AI-powered customer assistants. You can reach us at [email protected].

Information We Collect

We collect information in three ways: information you provide directly, information generated automatically when you use the service, and information created through your use of AI features.

Account information:

Email address (used as your login identifier)
Business name and subdomain
Password (stored as a bcrypt hash — we never store your plain-text password)
Optional: two-factor authentication setup data (TOTP secret, stored encrypted)

Content you create:

Website content — headlines, about text, service descriptions, and images you upload
Business information entered into the CMS (hours, location descriptions, contact info)
Images and media files you upload to your account

Usage and technical data:

IP address (logged for security and rate limiting; not retained long-term)
Browser type and operating system (used for compatibility; not stored beyond the session)
Actions taken in the CMS (stored in a per-account audit log for security purposes)
Session tokens (short-lived, stored in an HttpOnly cookie)

AI Conversation Data

Your website may include an AI assistant powered by a language model running entirely on WebSoQuick’s own servers. When a visitor interacts with your AI assistant:

Conversation messages are temporarily held in memory to maintain context within that session
Conversations are stored in a per-account database on our servers for a limited retention period
No conversation data is sent to third-party AI providers — the model runs locally on our infrastructure
As the account holder, you can request deletion of AI conversation logs at any time

When you use AI content generation tools inside the CMS (to generate website copy), the prompts and results are processed on our servers and stored as part of your website content. No external AI APIs are used.

How We Use Your Information

We use the information we collect to:

Create and maintain your account and website
Authenticate you securely when you log in
Build and serve your static website to visitors
Power the AI assistant features on your published website
Detect and prevent abuse, unauthorized access, and fraud
Respond to your support requests
Send transactional emails (account verification, password reset, billing receipts)
Comply with applicable laws and legal obligations

We do not use your content or visitor data to train AI models.

Data Storage and Security

Your data is stored on servers we control. We do not use third-party cloud storage providers for primary data storage.

Databases: Per-account SQLite databases in WAL mode, stored on-disk on our servers
Backups: Automated backups retained for up to 30 days
Passwords: bcrypt-hashed with cost factor 12 — not reversible
Sessions: Opaque random tokens; invalidated on logout or after inactivity
Images: Stored server-side; EXIF metadata stripped on upload
Transport: All traffic encrypted via HTTPS (TLS 1.2+)

No security system is perfect. While we take significant measures to protect your data, we cannot guarantee absolute security. In the event of a breach affecting your personal information, we will notify you as promptly as possible.

Cookies and Session Storage

We use cookies strictly to operate the service — not for tracking or advertising.

Session cookie: Set on login, HttpOnly and Secure, used to keep you signed in. Expires on browser close or after a period of inactivity.
CSRF token: A short-lived token included in forms to prevent cross-site request forgery. Not used for tracking.

We do not use analytics cookies, advertising cookies, or any third-party tracking scripts. We do not use Google Analytics, Facebook Pixel, or similar tools.

Information Sharing and Disclosure

We do not sell, rent, or trade your personal information. We share data only in the following limited circumstances:

Payment processing: If you subscribe to a paid plan, payment is processed by Stripe. We share only what is required for billing — your full card number is never stored by us.
Legal requirements: We may disclose information if required by law, court order, or government request, or to protect the rights and safety of WebSoQuick and its users.
Business transfer: If WebSoQuick is acquired or merges with another entity, your data may be transferred. We will notify you before that occurs and you will have the opportunity to delete your account.

Your website visitors’ data (including AI chat conversations on your website) is not shared with third parties. It remains on our servers under your account.

Your Rights and Choices

You have the following rights regarding your data:

Access: Request a copy of the personal data we hold about you
Correction: Ask us to correct inaccurate data
Deletion: Request deletion of your account and all associated data
Portability: Request your website content in a portable format (JSON)
Restriction: Ask us to restrict processing of your data in certain circumstances
Opt-out: Opt out of non-essential communications at any time

To exercise any of these rights, email [email protected]. We will respond within 30 days.

Data Retention

We retain your data for as long as your account is active. Specifically:

Account data: Retained until you request account deletion
Audit logs: Retained for up to 12 months for security purposes
AI conversation logs: Retained for up to 90 days unless you request earlier deletion
Backups: Retained for up to 30 days after the backup is created
Deleted images: Removed from disk immediately upon deletion

After account deletion, we retain only what is required by law (e.g., billing records for tax purposes) and delete everything else within 30 days.

Children’s Privacy

WebSoQuick is designed for business use by adults. We do not knowingly collect personal information from anyone under the age of 13. If you believe a child has provided us with personal information, contact us at [email protected] and we will delete it promptly.

Third-Party Links

Your published website may contain links to third-party websites (such as your social media profiles or review sites). We are not responsible for the privacy practices of those sites. We encourage you to review their privacy policies independently.

The WebSoQuick platform itself does not embed third-party widgets, social share buttons, or external tracking scripts.

International Users

WebSoQuick is operated from the United States. If you access the service from outside the United States, your data will be transferred to and processed in the United States. By using the service, you consent to this transfer. We take steps to ensure your data is handled in accordance with this policy regardless of where it is processed.

Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the effective date at the top of this page. For significant changes, we will notify you by email or by a prominent notice in the CMS dashboard. Your continued use of the service after changes take effect constitutes acceptance of the revised policy.

We will not make retroactive changes that reduce your privacy rights without your explicit consent.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your data, please contact us:

Email: [email protected]
Response time: We aim to respond within 2 business days