Legal
Privacy Policy
Last updated: · Effective:
1. Quick summary
Website Killer ("we", "us", "our") is an AI website builder operated from hello@websitekiller.com. This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and how to exercise your rights under GDPR, CCPA/CPRA, and similar laws.
In one paragraph: we collect what we need to run the service (account info, project data, billing, usage telemetry); we don't sell your data; we share it only with the infrastructure providers that power our product (listed below); you can export, correct, or delete your data anytime by emailing support@websitekiller.com.
2. Data we collect
Account data
Name, email address, password hash (bcrypt; we never store plaintext), authentication provider IDs (Google), and account preferences.
Project data
The prompts you submit, the generated websites, the configuration you set, custom domains you connect, media you upload, and chat-edit history. Project data is yours; we process it to operate the service.
Billing data
Processed by Stripe under their PCI-DSS Level 1 compliance. We store Stripe customer and subscription IDs, plan, status, and billing email. We do not store full credit card numbers — Stripe handles all card data.
Usage data
AI token counts, request metadata, error logs, page-view analytics, and anonymized performance metrics. We use this for product improvement, billing accuracy, and reliability — not for advertising.
Support data
When you contact support or open a ticket, we store the messages, attachments, and any context you share to resolve the issue.
3. How we use it
- To run the service — generate websites, host projects, send transactional email
- To process payments and renew subscriptions
- To respond to support requests
- To enforce our Terms of Service
- To detect and prevent fraud, abuse, and security incidents
- To improve the product (aggregate, anonymized analytics)
- To comply with legal obligations
4. Legal basis for processing (GDPR)
For users in the European Economic Area, United Kingdom, or Switzerland, we process your personal data under one or more of the following lawful bases:
- Contract — to perform our agreement with you (deliver the service you signed up for)
- Legitimate interest — security, fraud prevention, product improvement, and direct marketing to existing users
- Consent — analytics, optional cookies, and any data processing where consent is required and you've given it
- Legal obligation — record-keeping for tax, accounting, and statutory purposes
5. AI providers
We use third-party AI providers to power generation. When you submit a prompt, your prompt and the generated output are sent to one or more of:
- Anthropic (Claude family models) — under enterprise terms with no training on your data
- OpenAI (GPT family models) — under API terms with no training on your data
Both providers may retain prompts for short windows (typically 30 days) for abuse prevention. Neither uses your data to train future models.
6. Subprocessors
We share data with the following infrastructure subprocessors strictly to operate the service:
| Subprocessor | Purpose | Region |
|---|---|---|
| Anthropic | AI model inference | US |
| OpenAI | AI model inference | US |
| Stripe | Payments + billing | US/EU |
| Cloudinary | Media hosting + transformation | US/EU |
| Firebase / Google Cloud | Authentication | US/EU |
| Postgres (managed) | Application database | US |
| Redis (managed) | Job queue + cache | US |
| Resend / Postmark | Transactional email | US/EU |
Email hello@websitekiller.com for the latest list and copies of the relevant data processing agreements.
7. Data sharing
We do not sell your personal data. We share data only:
- With the subprocessors listed above, strictly to operate the service
- With our legal advisors, auditors, and accountants under confidentiality
- If required by law, court order, or government request — with notice to you where legally permitted
- In a corporate transaction (merger, acquisition, asset sale), with notice to you and the right to delete your account before transfer
8. Data retention
- Account data — retained for the life of the account, deleted within 30 days of account closure
- Project data — retained while the project exists, deleted within 30 days of project deletion
- Billing records — retained for 7 years to meet tax and accounting law
- Usage logs — retained for 90 days, then aggregated and anonymized
- Backups — retained for 30 days, then permanently deleted
9. Your rights
Under GDPR (EU/UK/Swiss residents) and CCPA/CPRA (California residents), you have the right to:
- Access — get a copy of the personal data we hold about you
- Rectification — correct inaccurate or incomplete data
- Erasure — delete your data ("right to be forgotten")
- Portability — receive your data in a machine-readable format
- Restriction — limit how we process your data
- Objection — object to processing based on legitimate interest or direct marketing
- Withdraw consent — at any time, where consent is the legal basis
- Lodge a complaint — with your local data protection authority
Email support@websitekiller.com with the subject "Privacy request" to exercise any of these rights. We respond within 30 days.
11. International data transfers
Our infrastructure is hosted in the United States and the European Union. When data is transferred outside your region, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, supplemented by additional safeguards as required.
12. Children
Website Killer is not intended for users under 16. We do not knowingly collect personal data from children. If you believe we've inadvertently collected data from a child, email hello@websitekiller.com and we'll delete it immediately.
13. Security
We use industry-standard security: encrypted-at-rest storage, TLS 1.2+ in transit, bcrypt password hashing, role-based access controls, audit logging, and regular security reviews. No system is perfectly secure — if you discover a vulnerability, please report it responsibly to security@websitekiller.com.
14. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be announced via email or in-product notice at least 30 days before they take effect. The "Last updated" date at the top of this page reflects the most recent version.
15. Contact
Questions, requests, or concerns about this policy:
- Email: hello@websitekiller.com
- Privacy / data subject requests: support@websitekiller.com
- Security disclosures: security@websitekiller.com