WebDYI
WebDYI
No-code widgets
 Start free
Legal

Privacy Policy

Last updated: May 26, 2026

This Privacy Policy explains what information WebDYI ("we", "us") collects when you use the WebDYI widget platform (webdyi.com, app.webdyi.com, cdn.webdyi.com), how we use it, who we share it with, and the choices and rights you have.

1. Information we collect

Account information

When you create a Developer account, we collect:

  • Email address (always — whether you sign in with Google, GitHub, or email + password).
  • Display name and profile photo (when you sign in with Google or GitHub, taken from your provider profile).
  • Hashed password (only when you sign up with email + password; hashed and stored by Firebase Authentication — we don't see the plaintext).
  • Linked auth providers (Google / GitHub / email — so you can see and manage your sign-in methods).

Service content

  • Templates — the HTML/CSS/JS and schema you author.
  • Instance settings — the customizations Clients make through the no-code form (text, color, block configuration, etc.).
  • Uploaded media — images and videos uploaded by Developers or Clients, stored in Cloudflare R2.
  • Project metadata — titles, tags, descriptions, timestamps.

Billing information

If you subscribe to the Creator plan, Stripe (our payment processor) collects and stores your payment method. We receive only a Stripe customer ID and subscription status (plan, active/canceled, current period end). We do not store your card details on our servers.

Marketing-site form submissions

If you fill out the contact form on webdyi.com, we store your name, email, subject, message, IP address, and User-Agent in our marketing database so we can reply. If you join an email list, we store the email + any preferences you provide.

Technical / usage data

Cloudflare automatically logs request metadata (IP, User-Agent, requested URL, referer, timestamps) for security, abuse prevention, and performance. We may also collect aggregated usage metrics (page views, error rates) — without individually identifying you wherever possible.

2. How we use your information

  • Provide and operate the Service (sign you in, save your work, render widgets, process payments).
  • Communicate about your account (verification, security alerts, billing receipts, support replies).
  • Send product updates if you've opted in (e.g. blog subscription, changelog notifications).
  • Protect the Service against abuse, fraud, and security threats.
  • Comply with legal obligations (tax records, lawful requests).

We do not sell your personal information. We do not run third-party advertising trackers on the Service.

3. Email communications

Transactional emails (account verification, password resets, billing receipts, security alerts) are sent regardless of marketing preferences because they're necessary to operate your account. Marketing/product-update emails are opt-in; each one includes an unsubscribe link.

4. Data storage and security

Your data is stored with Cloudflare (D1 for structured data, R2 for media) and Firebase (for authentication). Connections to the Service use TLS. We use signed Firebase ID tokens to authenticate API calls and per-instance edit tokens for client customizer access.

No method of transmission or storage is 100% secure. We make reasonable efforts to protect your data but cannot guarantee absolute security.

5. Sharing your information

We share information only with:

  • Service providers who process data on our behalf: Cloudflare (hosting, edge, DB, storage), Firebase / Google (authentication), Stripe (payments).
  • Legal authorities when required by law (court orders, subpoenas) — we'll notify you when legally permitted.
  • Acquirers in the event of a merger, acquisition, or sale of assets — with notice and continued protection of your data.

Widget content you publish at cdn.webdyi.com/w/{id} is public by design — anyone with the URL can view the rendered widget. The customizer link with the secret edit token is private; only people with that link can edit.

6. Your data rights

Depending on your jurisdiction, you may have rights to:

  • Access the personal information we hold about you.
  • Correct inaccurate information.
  • Delete your account and associated data.
  • Export your content.
  • Object to or restrict certain processing.
  • Withdraw consent (where processing is based on consent).

Email hello@webdyi.com to exercise any of these. We'll respond within 30 days.

7. Data retention

We keep account data while your account is active and for a reasonable period after deletion (typically 30 days) for recovery and abuse-investigation purposes, then purge it. Billing records are retained as long as required by tax and accounting law. Cloudflare's edge logs are short-lived (rolling window).

8. Children's privacy

The Service is not directed to children under 13 and we do not knowingly collect personal information from children under 13. If you believe a child has provided us information, contact us and we'll delete it.

9. Cookies and tracking

The app (app.webdyi.com) sets a Firebase authentication cookie to keep you signed in. The widget CDN (cdn.webdyi.com) is cookieless. We do not use third-party advertising cookies.

Most browsers let you control cookies through their settings. Blocking the Firebase auth cookie will prevent you from staying signed in.

10. International users

Cloudflare and Firebase operate globally; your data may be stored or processed in countries other than your own. We rely on standard contractual safeguards provided by these services for international transfers.

11. Changes to this Policy

We may update this Policy from time to time. Material changes will be notified by email or in-app notice. The "Last updated" date at the top reflects the current version.

12. Contact

Questions or requests about your data? Email hello@webdyi.com or use the contact form.