Privacy Policy
Welcome to Weboden (weboden.com). This policy explains how we collect, use, and protect your data within our privacy-focused analytics platform.
1. Introduction & Accountabilities
Weboden provides website analytics tools including heatmaps, session recordings, and visitor behavior tracking.
Mandatory Acknowledgment: By continuing to browse this website, registering an account, or interacting with any of our services, you explicitly accept and agree to be bound by all the terms outlined in this Privacy Policy. If you do not agree with these practices or object to any section of this policy, you must immediately cease all access and leave this website.
For customers using our tracking script: Weboden acts as a Data Processor. You (the website owner) are the Data Controller. We process your visitors' analytics data strictly under your instructions and a binding Data Processing Agreement (DPA).
2. Information We Collect
A. Platform User Data Collected when you register or manage an account:
- Email address: Used for account identity and notifications.
- Password: Permanently hashed and securely salted.
- Profile configurations: Name, avatar URL, and timezone preferences.
- Tax ID / VAT Details: Collected for corporate tax and billing alignment.
- Security Logs: Two-Factor Authentication (2FA) metadata & custom anti-phishing codes.
B. End-User Data Gathered via the Weboden script on customer websites:
- Behavioral data: Page views, clicks, scroll depth, and heatmap mouse movements.
- Session recordings: Visitor journey replays that are fully anonymized before transmission. All sensitive inputs — including password fields, credit card forms, email inputs, and personally identifiable information (PII) — are masked client-side before leaving the visitor's browser. Only behavioral data reaches our servers.
- Technical environment: Device type, browser vendor, operating system, screen aspect ratio.
- Geographic location: Derived from network routing (truncated IP address, city-level accuracy only).
- Referral metrics: Web referral context and outbound link clicks.
Privacy by Design: Our tracking system operates with privacy at its core. No PII (such as raw IPs, names, phone numbers) is stored. IP addresses are completely anonymized immediately at the processing frontier, before writing to storage.
C. Payment Transaction Data Payments are processed exclusively by PayU (PCI-DSS Level 1 infrastructure). Weboden never stores, captures, or has access to your raw credit card numbers, CVV codes, or card expiration details. We receive only transaction success responses and cryptographically unique invoice tokens.
3. How We Use Your Information
We process data only for predefined operational paths:
- Rendering and managing the Weboden analytics dashboard
- Facilitating payment settlements and subscription cycles via PayU
- Delivering customer support and responding to technical tickets
- Mitigating fraud, enforcing security, and managing 2FA/anti-phishing filters
- Supplying critical system or product updates (with explicit opt-out functionality)
3.1 Advertisement Display & Ad-Blocker Policy:
To maintain our services, Weboden integrates standard promotional or contextual advertisements across specific areas of the dashboard. The presence of advertisements depends entirely on your active subscription tier (e.g., promotional units may appear on free or lower-tier packages, while premium tiers offer an ad-free workspace experience).
Mandatory Requirement: The platform implements script-level mechanics to verify if advertisements are being rendered properly. If your web browser runs active ad-blocking software (AdBlock, uBlock, Brave Shields, etc.) that restricts these sections, you will be automatically prevented from accessing or utilizing the Weboden dashboard and analytics services until the extension is disabled or your domain workspace is whitelisted.
4. Tracking Script & Customer Responsibilities
When you deploy the Weboden snippet on your infrastructure, you function as the ultimate Data Controller. You are legally required to:
- Secure prior informed consent from website visitors under GDPR/PECR guidelines.
- Clearly feature Weboden as an integrated analytics provider within your local privacy notices.
- Prevent the submission of sensitive data attributes via our custom tagging APIs.
5. Legal Basis for Processing (GDPR Art. 6)
| Processing Purpose | GDPR Legal Basis | User Control Option |
|---|---|---|
| Account provisioning & workspace rendering | Performance of a Contract (Art. 6(1)(b)) | None (Essential for system access) |
| Payment processing via PayU | Performance of a Contract (Art. 6(1)(b)) | Managed through PayU's terminal |
| Product updates & announcements | Consent (Art. 6(1)(a)) | Immediate unsubscribe mechanisms |
| Platform diagnostics & core metrics (weboden.com) | Consent / Legitimate Interest | Controllable via cookie settings |
6. Your Rights & Account Controls
Users maintain full sovereignty over their records. You can execute these controls autonomously inside your settings panel:
-
Access & Modification:Modify your profile parameters, avatar assets, and business billing tags in real-time.
-
Data Portability:Securely extract all operational telemetry metrics anytime in clean CSV, JSON, or PDF formats.
-
Right to Erasure (Deletion):Execute "Delete account" to permanently wipe your profile, payment tokens, and historical analytics configurations from active arrays.
-
Security Adjustments:Configure Multi-Factor Authentication (2FA) and custom anti-phishing codes to shield workspace access. Recommended
7. Third-Party Data Disclosures
We do not broker, trade, or monetize personal information. Data transmission is confined to these sub-processors:
- PayU: For merchant card settlement paths under full PCI-DSS level conditions.
- Cloud Hosting Infrastructure: Governed under explicit enterprise Data Processing Agreements (DPA).
- Regulatory/Judicial Authorities: Compelled strictly under valid legal warrants or statutory mandates.
8. Data Retention Thresholds
| Data Classification Group | Retention Term Lifespan | Handling Post-Term |
|---|---|---|
| Account Profile & Registration Metadata | Duration of account lifespan | Purged upon user deletion trigger |
| Unconfirmed User Accounts | 3 calendar days | Automated deletion of unverified profiles |
| Inactive User Accounts | 585 calendar days | Auto-deleted after continuous inactivity |
| End-User Analytics (Customer Tracking Script) | 2, 3, or 6 months (based on chosen plan) | Automated script-driven purging |
| Raw Financial/Payment Card Streams | Zero retention on Weboden side | Managed exclusively by PayU pipelines |
| Server Logs & Operational Security Telemetry | 30 calendar days | Overwritten via rotation rules |
9. Cookies & PECR Compliance Framework
On weboden.com: Detailed cookie scan reports confirm our production system drops a total number of exactly 01 cookie domain-wide:
| Cookie | Domain | Description | Duration | Type |
|---|---|---|---|---|
| PHPSESSID | weboden.com | This cookie is native to PHP applications. The cookie is used to store and identify a users' unique session ID for the purpose of managing user session on the website. The cookie is a session cookies and is deleted when all the browser windows are closed. | session | Necessary |
No secondary tracking, advertisement, performance, or behavioral analytics cookies are placed on our domain. For the implementation script deployed by customers, first-party cookie libraries require consent configuration in accordance with local PECR/ePrivacy guidelines.
10. Global Data Sovereignty & Compliance
Weboden operates in strict adherence to global privacy standards. Our platform is fully GDPR, CCPA, and PECR compliant, ensuring that your data is processed with transparency, security, and the principle of data minimization. We uphold these rigorous frameworks regardless of your geographic location, guaranteeing that your rights to access, rectification, portability, and erasure are fully respected and managed autonomously through your user dashboard.
11. Children's Privacy
Weboden is a B2B platform intended solely for business users aged 18 and above. We do not knowingly collect or process personal data from individuals under the age of 18. If we become aware that we have inadvertently collected personal data from a child under 18, we will take immediate steps to delete such information from our records.