Privacy Policy

This Privacy Policy describes what personal data Uisdom collects, why we collect it, how long we keep it, and the rights you have over it. It applies to uisdom.design and to the websites we host on our subdomains for our customers.

1. Who we are (Controller)

Uisdom.design — Mühlenstrasse 20, 13187 Berlin, Germany
Contact: uisdomcontact@gmail.com

We are the data controller for personal data we collect about you. For the websites you generate with Uisdom and serve from your own domain, you are the controller and Uisdom acts as a processor.

2. What we collect and why

Account and profile data

When you sign up we collect your email address and a hashed password (or, if you sign in with Google, the basic profile fields Google shares — typically email, display name, and avatar URL). We use this data to authenticate you, communicate with you about the service, and provide customer support.

Lawful basis: performance of a contract (Art. 6(1)(b) GDPR).

Billing data

When you subscribe to a paid plan or buy credits, our third-party payment processor handles your payment details directly — we never see or store your full card number. We do receive and store a customer reference, the plan you bought, and the amount, so we can give you the right credit balance and show your invoice history.

Lawful basis: performance of a contract (Art. 6(1)(b) GDPR).

Content you submit

When you analyze or rebuild a website, we fetch its public pages and store the resulting analysis, generated files, and any custom domain you connect. Edits you make in the chat-driven builder are stored alongside the rest of your project.

Lawful basis: performance of a contract (Art. 6(1)(b) GDPR).

Usage and device data

When you visit our site, our servers automatically receive technical information such as your IP address, browser, language, the pages you load, and the time. We use this to keep the service secure, investigate errors, and understand how the product is used in aggregate.

Lawful basis: our legitimate interest in operating and securing the service (Art. 6(1)(f) GDPR).

Marketing measurement

With your consent, we use the Meta Pixel(operated by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin) to measure which advertising campaigns brought visitors to our site and which of those visitors went on to take meaningful actions (sign up, start a checkout, subscribe). The pixel sets cookies in your browser and shares with Meta the page URL, the conversion event name, and a conversion value where applicable. Meta uses this data to attribute conversions to its ads and may combine it with information it already holds about you on its platforms. Meta may transfer this data to the United States — Meta participates in the EU–US Data Privacy Framework and we rely on the European Commission’s adequacy decision plus the Standard Contractual Clauses.

You can withhold consent at any time in the cookie banner. When consent is withheld the pixel does not load at all, no cookies are set, and no data flows to Meta. The rest of the service keeps working normally.

Lawful basis: your consent (Art. 6(1)(a) GDPR), withdrawable at any time.

3. Cookies and similar technologies

We split cookies into two groups:

• Strictly necessary. Used to keep you signed in, handle your checkout return, and remember your cookie preference itself. Without these the site cannot function. They are set regardless of consent.
• Marketing & analytics. Set only after you click Accept all in the cookie banner. They allow us (and the advertising platform we use) to measure conversions and optimise our advertising spend. If you click Decline(or never interact with the banner), these cookies are not set.

You can change your choice at any time by clearing your browser storage for our domain or by contacting us at the address above. Your browser settings let you block or delete cookies generally — note that blocking strictly necessary cookies will break sign-in.

4. Hosting and data location

We use the following processors to run Uisdom. Each is bound by a data-processing agreement (Art. 28 GDPR) and only handles your data on our written instructions.

• Vercel Inc.(440 N Barranca Ave #4133, Covina, CA 91723, USA) — hosting and serving uisdom.design and the customer websites we publish. Web requests from EU visitors are routed to Vercel’s European edge nodes (primarily Frankfurt). Build artefacts and serverless functions run in EU regions where available.
• Supabase Inc. (970 Toa Payoh North #07-04, 318992 Singapore) — Postgres database, file storage, and authentication. Our project is hosted in the EU (Frankfurt) region.
• Vercel Blob (operated by Vercel Inc.) — stores the HTML and assets of the websites you generate. EU region.
• Anthropic PBC (548 Market St., PMB 90375, San Francisco, CA 94104, USA) — runs the AI model that generates and edits your website. Prompts are sent to Anthropic for the duration of the request only; see §6 below for our no-training agreement.
• Stripe Payments Europe Ltd. (1 Grand Canal Street Lower, Dublin, Ireland) — payment processing. Stripe handles your full card details directly; we receive only a customer reference, the plan or top-up purchased, and the amount.
• Google Ireland Ltd. (when you sign in with Google) — passes your email, display name, and avatar to Uisdom so we can create your account.
• Microlink — fetches your existing website during analysis so the AI has something to rebuild from.

Where a processor is in the United States or otherwise outside the EEA, the transfer is covered by the EU–US Data Privacy Framework, the European Commission’s adequacy decisions, or Standard Contractual Clauses (Art. 46 GDPR), depending on the processor.

5. Sharing your data

We do not sell your personal data. Beyond the processors named in §4, we only share data with:

• Meta Platforms Ireland Ltd. for the marketing measurement use described in §2 — only after you consent in the cookie banner.
• Authorities where we are legally required to disclose data, for example in response to a valid court order.
• A successor entity if Uisdom is involved in a merger, acquisition, or sale of assets — in which case we will inform you and your data will continue to be subject to a privacy notice at least as protective as this one.

6. AI providers and no-training commitment

The text Uisdom sends to its AI provider for generating or editing your website is processed for the duration of the request only. Our agreement with the AI provider prohibits the use of our customers’ inputs and outputs to train or improve the underlying AI models. If this commercial term ever changes, we will notify you before the change takes effect and you will have the right to terminate accordingly.

7. How long we keep your data

We keep account, project, and billing data for as long as you have an account with us, plus a reasonable retention window after closure (generally 6–12 months) to handle support requests and meet accounting obligations. Server access logs are kept for up to 90 days. Marketing-cookie data is retained according to the advertising platform’s own policy.

You can request earlier deletion at any time — see §7.

8. Security

We use industry-standard technical and organisational measures to protect your data — including encryption in transit (TLS), authentication-controlled access to production systems, and principle-of-least-privilege for our team. No system is perfectly secure, however; we cannot guarantee that data will never be intercepted, lost, or accessed without authorisation.

9. Your rights

If you are in the EU/EEA, the GDPR gives you the right to:

• access the personal data we hold about you,
• correct inaccurate or incomplete data,
• have your data deleted (subject to our legal retention duties),
• restrict or object to certain processing,
• receive your data in a portable, machine-readable format,
• withdraw any consent you have given us, at any time, without affecting prior processing,
• complain to a supervisory authority — for residents of Germany, the relevant authority is the Berlin Beauftragte für Datenschutz und Informationsfreiheit.

To exercise any of these rights, email us at uisdomcontact@gmail.com. We respond within 30 days.

10. Children

Uisdom is not directed at children under 16. We do not knowingly collect data from children. If you believe a child has given us personal data, contact us and we will delete it.

11. Changes to this policy

We may update this policy from time to time. The current version is always available at this URL with the updated date at the top. Material changes will be communicated by email or in-product notice where reasonably practical.

12. Contact

Questions or requests? uisdomcontact@gmail.com — Uisdom.design, Mühlenstrasse 20, 13187 Berlin, Germany.