Privacy Policy

1. Data Controller

Webfy is the entity responsible for the processing of personal data collected through the website webfy.pt and associated services.

For privacy-related questions, you can contact us via email: geral@webfy.pt

2. Personal Data Collected

We collect the following personal data when you use our services:

Identification data: full name, email address, phone number
Authentication data: login credentials (email/password or Google authentication)
Business data: information about your company or project (company name, industry, business description, visual references)
Payment data: processed directly by Stripe — we do not store card data on our servers
Technical data: IP address, browser type, pages visited

3. Purpose of Processing

Your data is processed for the following purposes:

Creation and management of your user account
Provision of contracted services (website creation and hosting)
Payment processing and invoicing
Communication about the status of your projects
Sending service-related notifications (payment reminders, hosting status)
Improvement of our services and user experience

4. Legal Basis

The processing of your data is based on the following legal grounds, under the General Data Protection Regulation (GDPR):

Contract performance: processing necessary for the provision of the services you contracted
Consent: when you expressly authorise us (e.g., account creation)
Legitimate interest: for service improvement and fraud prevention
Legal obligation: compliance with tax and legal obligations

5. Data Sharing with Third Parties

Your data may be shared with the following service providers, strictly for the purposes described:

Stripe: payment processing (card, Apple Pay, Google Pay, MB WAY, Revolut Pay, Samsung Pay, Klarna, Link, PIX)
Supabase: data storage and authentication
Google: authentication via Google OAuth (when chosen by the user)
Resend: transactional email delivery
Vercel: hosting of the Webfy platform
Hetzner: hosting of client websites

We do not sell, rent or share your personal data with third parties for marketing purposes.

6. Data Retention

Your personal data is retained as long as you maintain an active account on our platform and for the period necessary to fulfil the purposes for which it was collected. After account closure, data may be retained for the legally required period for tax and legal purposes.

7. Data Subject Rights

Under the GDPR, you have the following rights:

Right of access: obtain confirmation and access to your personal data
Right of rectification: correct inaccurate or incomplete data
Right to erasure: request the deletion of your personal data
Right to restriction: restrict the processing of your data in certain circumstances
Right to portability: receive your data in a structured, machine-readable format
Right to object: object to the processing of your data for specific purposes

To exercise any of these rights, contact us via email at geral@webfy.pt. We will respond to your request within a maximum of 30 days.

8. Cookies

Our website uses essential cookies for the functioning of the platform, including session cookies for authentication. We do not use third-party tracking or advertising cookies.

9. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure or destruction. This includes data encryption in transit (HTTPS/TLS), secure authentication and access controls.

10. Changes to This Policy

We reserve the right to update this privacy policy at any time. Any significant changes will be communicated by email or through a notice on the platform. The date of the last update is shown at the top of this page.

11. Contact and Complaints

If you have questions about this policy or about the processing of your personal data, contact us:

Email: geral@webfy.pt

You also have the right to lodge a complaint with the Portuguese National Data Protection Commission (CNPD) — www.cnpd.pt