Awebbyclick
Get started

Legal

Privacy Policy

Effective 2026-06-07 · webbyclick

1. Who we are

webbyclick is operated by Symbolic Design LLC (“webbyclick”, “we”, “our”, “us”). This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and the rights you have over it. For any privacy question, contact halim@symbolic-design.com.

2. Scope

This policy covers personal data we process when you visit webbyclick.com, create a webbyclick account, or use the dashboard, SMS, or WhatsApp interfaces to edit your site. Websites we publish for you are governed by your own privacy notice, not ours.

3. What we collect

  • Account data: email address and a password hash, both managed by AWS Cognito; the business name and display information you enter during onboarding; an internal client identifier we assign to your account.
  • Payment data: we use Stripe Checkout and the Stripe Customer Portal to process payments. We never see or store your card number. What we retain is your Stripe customer ID, subscription state, plan, and billing cycle.
  • Site content: the JSON files and uploaded images that define your published site. Stored in Amazon S3 with versioning enabled so every change is reversible.
  • Prompt history: for each prompt you send, we store a SHA-256 hash of the prompt, the classified intent, the section it targeted, the LLM token counts, the result status, and the channel it came from (dashboard, SMS, or WhatsApp). Raw prompt text is hashed before it reaches our logs.
  • Messaging metadata: if you message the service from a phone, the phone number is stored only as a SHA-256 hash, used to route inbound messages to your account.
  • Logs and telemetry: standard request logs, error logs, and LLM token-spend metrics. Personal identifiers and prompt content are hashed before logging. CloudWatch log retention is one month.

4. How we use it

We process the data above only to:

  • Operate, secure, and improve the service.
  • Process subscription payments via Stripe.
  • Send transactional email (welcome, payment failure, refund notification, cancellation, account deletion).
  • Provide customer support.
  • Detect abuse, debug issues, and account for per-customer LLM cost.

We do not sell personal data, share it for advertising, or train third-party AI models on your content. Our LLM provider is Anthropic via AWS Bedrock; the AWS Bedrock terms apply, under which your prompts and content are not used to train Anthropic’s foundation models.

5. SMS messaging and mobile information

When you opt in to receive text messages from webbyclick (for example, by checking the SMS-consent box during onboarding), you agree to receive automated transactional text notifications and website configuration updates from us. Message frequency varies. Message and data rates may apply. Reply STOP to unsubscribe, or HELP for help.

No mobile information or SMS opt-in data will be shared with third parties or affiliates for marketing purposes. Phone numbers and SMS opt-in records are used only to deliver the messaging features of the service (inbound prompt routing and transactional notifications) and are shared with our messaging sub-processor (Twilio) solely to deliver those messages.

6. Sub-processors

We rely on the following sub-processors to deliver the service:

  • Amazon Web Services, Inc. — hosting, identity (Cognito), object storage (S3), CDN (CloudFront), database (DynamoDB), LLM inference (Bedrock), and transactional email (SES). Data is processed in the us-east-2 region.
  • Anthropic, PBC — Claude LLM inference, accessed exclusively through AWS Bedrock.
  • Stripe, Inc. — billing, subscription management, and customer portal.
  • Twilio Inc. — SMS and WhatsApp messaging on Pro and Business plans only.

We will notify customers at least 30 days before adding a new sub-processor that processes personal data.

7. Retention

  • Prompt history records: 180 days, then automatically deleted.
  • Site versions in S3: current snapshot kept for 30 days; previous versions transition to Glacier Instant Retrieval and are permanently deleted after one year.
  • Onboarding drafts: 24 hours.
  • Webhook deduplication records: 30 days.
  • CloudWatch logs: 1 month.
  • On account deletion: prompt history is bulk-deleted on request, your site and CloudFront distribution are torn down 30 days after the deletion request, and account records are removed at the end of that 30-day window.

8. Your rights

You may request access to, correction of, deletion of, or a portable copy of your personal data at any time by emailing halim@symbolic-design.com. You may also delete your account directly from the dashboard. Customers in the EU, the United Kingdom, California, and other jurisdictions with comparable laws have additional rights, including the right to object to processing and the right to lodge a complaint with a supervisory authority.

9. International transfers

We process data in the United States (AWS us-east-2). If you access the service from outside the United States, your data will be transferred to and processed in the United States. Where required, transfers from the EU, UK, or Switzerland rely on Standard Contractual Clauses incorporated through our sub-processors’ standard agreements.

10. Security

We use TLS 1.2+ for data in transit, AWS-managed encryption at rest, JWT-based authentication, IAM least-privilege controls, and per-customer isolation at the S3 prefix and CloudFront distribution layers. No system is perfectly secure; please report suspected vulnerabilities to halim@symbolic-design.com.

11. Children

webbyclick is not directed to children under 13 (or under 16 in the EU and UK). We do not knowingly collect personal data from children. If you believe a child has provided personal data, contact us and we will delete it.

12. Cookies

We use only strictly-necessary cookies for the service to function. For details, see our cookie policy.

13. Changes

We will notify active customers by email at least 30 days before material changes to this policy take effect.

14. Contact

Symbolic Design LLC halim@symbolic-design.com.