Privacy Policy
Last updated: December 2024
1. Introduction and Scope
This Privacy Policy explains how Widgetfied Inc. ("we", "us", "our") collects, uses, shares, and protects information about you when you use our services, website, APIs, and widgets (collectively, the "Service"). By using our Service, you agree to the collection and use of information in accordance with this policy. This policy applies to all users, including visitors, free users, and paid subscribers.
2. Information We Collect
We collect several types of information: (a) Account Information: name, email, business name, phone number, and billing information when you register; (b) Service Data: job details, customer information, booking data, and any content you upload or create through our widgets; (c) SMS Notification Data: when you opt-in to receive SMS notifications, we collect your phone number to send booking confirmations, reminders, and service updates via text message; (d) Usage Information: API calls, widget interactions, feature usage, and performance metrics; (e) Technical Information: IP address, browser type, device information, operating system, and referring URLs; (f) Communication Data: support tickets, feedback, email and SMS correspondence with us.
3. How We Collect Information
We collect information through: (a) Direct interactions when you create an account, use our services, or contact support; (b) Automated technologies including cookies, web beacons, and analytics tools; (c) Third-party integrations such as Stripe for payments and Google for calendar services; (d) Widget implementations on your websites that may collect end-user interaction data; (e) API usage and server logs for security and performance monitoring.
4. How We Use Your Information
We use collected information to: (a) Provide, maintain, and improve our Service; (b) Process transactions and send related information including confirmations and invoices via email and SMS (with your consent); (c) Send SMS notifications for booking confirmations, reminders, and service updates when you have explicitly opted in; (d) Send technical notices, updates, security alerts, and support messages; (e) Respond to your comments, questions, and customer service requests; (f) Monitor and analyze usage patterns to improve user experience; (g) Detect, prevent, and address technical issues and security threats; (h) Develop new features and services; (i) Comply with legal obligations and enforce our Terms of Service. We will never use your phone number for marketing purposes without your explicit consent, and you can opt out of SMS messages at any time by replying STOP.
5. Legal Basis for Processing
We process your personal information based on: (a) Contract Performance: to provide the services you've requested; (b) Legitimate Interests: to improve our services, ensure security, and conduct business operations; (c) Consent: for marketing communications and optional features; (d) Legal Compliance: to meet regulatory requirements and respond to legal processes. You may withdraw consent at any time where consent is the legal basis for processing.
6. Data Sharing and Disclosure
We share information only in these circumstances: (a) Service Providers: with trusted third parties who assist in operating our Service (e.g., Stripe, AWS, Google); (b) Legal Requirements: if required by law, subpoena, or governmental request; (c) Protection of Rights: to protect the rights, property, or safety of Widgetfied, our users, or others; (d) Business Transfers: in connection with a merger, acquisition, or sale of assets; (e) Consent: with your explicit consent for specific purposes. We NEVER sell your personal information to third parties for marketing purposes.
7. Data Retention
We retain your information for as long as necessary to: (a) Provide our services and maintain your account; (b) Comply with legal obligations (typically 7 years for financial records); (c) Resolve disputes and enforce agreements; (d) Support legitimate business interests. When you delete your account, we remove or anonymize your personal data within 30 days, except where retention is required by law. Backup systems may retain copies for up to 90 days.
8. Data Security
We implement industry-standard security measures including: (a) Encryption of data in transit (TLS/SSL) and at rest (AES-256); (b) Regular security audits and vulnerability assessments; (c) Access controls and authentication mechanisms; (d) Secure development practices and code reviews; (e) Incident response procedures and breach notification protocols. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.
9. Your Privacy Rights
Depending on your location, you may have these rights: (a) Access: request a copy of your personal data; (b) Rectification: correct inaccurate or incomplete data; (c) Erasure: request deletion of your data ("right to be forgotten"); (d) Portability: receive your data in a structured, machine-readable format; (e) Restriction: limit how we process your data; (f) Objection: object to certain processing activities; (g) Automated Decision-Making: opt out of automated processing. To exercise these rights, contact privacy@widgetfied.com. We will respond within 30 days.
10. Cookie Policy
We use cookies and similar technologies for: (a) Essential Cookies: required for Service functionality and security; (b) Performance Cookies: to analyze usage and improve performance; (c) Functionality Cookies: to remember your preferences and settings; (d) Analytics Cookies: to understand how users interact with our Service. You can control cookies through your browser settings. Disabling certain cookies may limit Service functionality. We respect Do Not Track signals where legally required.
11. Third-Party Services
Our Service integrates with third-party services that have their own privacy policies: (a) Stripe: payment processing (PCI-DSS compliant); (b) Google APIs: calendar integration and analytics; (c) Vercel & AWS: cloud infrastructure, hosting, and storage; (d) Supabase: database and realtime data synchronization; (e) Fastmail SMTP: transactional email delivery for booking confirmations and notifications; (f) OpenAI API: AI-powered estimate generation and natural language processing; (g) Twilio: SMS notification delivery for booking confirmations and reminders (only when you opt-in). Your phone number is shared with Twilio solely to deliver text messages you have consented to receive. We do not share your information with third parties for marketing purposes. We recommend reviewing their privacy policies. We are not responsible for third-party privacy practices.
12. International Data Transfers
Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards through: (a) Standard Contractual Clauses approved by regulatory authorities; (b) Adequacy decisions where applicable; (c) Your explicit consent for specific transfers. By using our Service, you consent to the transfer of your information to the United States and other countries where we operate.
13. Children's Privacy
Our Service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@widgetfied.com, and we will delete such information from our systems.
14. California Privacy Rights (CCPA)
California residents have additional rights under the CCPA: (a) Right to Know: what personal information we collect, use, and share; (b) Right to Delete: request deletion of your personal information; (c) Right to Opt-Out: of the sale of personal information (we do not sell personal information); (d) Right to Non-Discrimination: for exercising your privacy rights. To exercise these rights, email privacy@widgetfied.com or call 1-800-XXX-XXXX.
15. European Privacy Rights (GDPR)
If you are in the European Economic Area, you have additional rights under GDPR: (a) Legal basis transparency for all processing activities; (b) Data Protection Officer contact: dpo@widgetfied.com; (c) Right to lodge complaints with supervisory authorities; (d) Explicit consent requirements for marketing; (e) Privacy by Design and Default principles in our Service development. Our EU representative can be contacted at eu-privacy@widgetfied.com.
16. Marketing Communications
We may send you marketing communications if you have: (a) Opted in to receive such communications; (b) Purchased our services and haven't opted out; (c) Engaged with our Service in ways that imply interest. You can opt out at any time by: clicking "unsubscribe" in any marketing email, updating your account preferences, or contacting support@widgetfied.com. We will honor opt-out requests within 10 business days.
16a. SMS Notifications and Consent
When enabled by service businesses using Widgetfied, end-users may opt-in to receive SMS notifications for booking confirmations, reminders, and service updates. SMS opt-in is obtained through: (a) Explicit Consent: End-users provide opt-in consent during the booking confirmation step by checking a checkbox that reads "Send SMS reminders to [their phone number]". This checkbox is unchecked by default and only appears when the business has SMS notifications enabled in their Widgetfied dashboard; (b) Active Opt-In Required: Users must actively opt-in before completing their booking. SMS is only sent when both conditions are met: (1) the business has enabled SMS in their account settings, and (2) the end-user has checked the consent box; (c) Opt-Out Mechanism: Users can opt out anytime by replying STOP to any SMS message. Once opted out, no further messages will be sent to that phone number; (d) Data Usage: Phone numbers collected for SMS are used exclusively for sending transactional notifications related to bookings and services. We do not use phone numbers for marketing purposes or share them with third parties except our SMS service provider (Twilio) for message delivery; (e) Message Frequency: SMS frequency varies based on booking activity (confirmations, reminders, cancellations). Standard message and data rates may apply.
17. Data Breach Notification
In the event of a data breach that may compromise your personal information, we will: (a) Notify affected users within 72 hours of discovery; (b) Provide details about what information was involved; (c) Explain steps we're taking to investigate and remediate; (d) Offer guidance on protective measures you can take; (e) Cooperate with regulatory authorities as required. Notifications will be sent via email and posted on our Service status page.
18. Privacy Policy Changes
We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of material changes by: (a) Posting the new policy on our website with the updated date; (b) Sending an email notification for significant changes; (c) Obtaining consent where required by law. Your continued use after changes indicates acceptance. We maintain an archive of previous policy versions for transparency.
19. Data Processing Agreements
For business customers, we offer Data Processing Agreements (DPAs) that: (a) Define roles and responsibilities for data processing; (b) Ensure compliance with applicable privacy laws; (c) Include Standard Contractual Clauses where required; (d) Specify security measures and audit rights. To request a DPA, contact legal@widgetfied.com with your company details.
20. Contact Information
For privacy-related questions, concerns, or requests, contact us at: Email: privacy@widgetfied.com, Legal: legal@widgetfied.com, Data Protection Officer: dpo@widgetfied.com, Mailing Address: Widgetfied Inc., [Your Address]. You may also use our contact form.