wibruwibruStart a project

Legal

Privacy Policy

Last updated: May 2, 2026

1. What we collect

We collect only what we need to do our job:

  • Contact info you give us — name, email, phone, business name, address — through forms, intake submissions, or direct contact.
  • Payment info processed by Stripe (we never see or store your full card number; Stripe gives us a token + the last 4 digits for receipts).
  • Site content you upload — photos, logos, copy — for your website.
  • Server logs — IP, user-agent, request paths, retained 30 days for security/abuse-prevention.

2. What we don't collect

We don’t use third-party advertising trackers, Facebook Pixel, Google Ads remarketing, or session-replay tools on wibru.com or on the sites we build for clients. No behavioural ad networks.

3. How we use it

  • To design, build, and host your website
  • To send you transactional emails (intake links, quotes, receipts, alerts)
  • To bill recurring subscriptions through Stripe
  • To respond when you contact us
  • To investigate suspected abuse and protect the service

We do not sell your information. We do not share with marketing partners.

4. Service providers we use

To operate, we share specific data with these vendors:

  • Stripe — payment processing
  • Resend — transactional email delivery
  • Hetzner — server hosting (EU + US data centres)
  • Cloudflare — DNS + edge caching
  • Google Places API — only when you opt into the Places import flow
  • Unsplash — stock photography (sees no PII)

Each is bound by their own DPA / privacy terms.

5. Cookies

We use first-party cookies only — for login sessions and CSRF protection. No analytics cookies, no third-party tracking. Your browser’s “do not track” signal is honoured (we don’t track to begin with).

See the Cookies page for the full list.

6. Your rights (CCPA / CPRA / state laws)

If you live in the U.S., you can ask us to:

  • Access what we have on you
  • Correct inaccurate info
  • Delete your data (we’ll keep what we’re legally required to)
  • Opt out of any sale/sharing — already opted out by default; we don’t do this
  • Limit use of sensitive info

Email contact@wibru.com with your request. We respond within 45 days.

7. Data retention

  • Active client data — kept while your subscription is active.
  • After cancellation — site files archived for 90 days, then deleted (cold archive on request).
  • Server logs — 30 days.
  • Billing records — 7 years (U.S. tax + accounting requirements).

8. Children

Wibru is not intended for children under 16. We don’t knowingly collect data from minors.

9. International transfers

Our infrastructure spans U.S. and EU data centres (Hetzner). For U.S. clients, day-to-day requests are served from U.S. edges. Some backups may transit EU servers — adequacy is per Hetzner’s standard contractual clauses.

10. Changes

We’ll email active clients about material changes. Latest version is always on this page.

11. Contact

Privacy questions: contact@wibru.com.

Postal address (data controller):
Wibru
Office 3564, 182-184 High Street North
East Ham, London E6 2JA
United Kingdom