1. Information We Collect
We collect information to provide better services, improve user experience, and ensure the security of our platform. The types of data we process include:
πΉ Information You Provide Directly
- βΉ Contact Information: Name, email address, and optional phone number when you submit inquiries via our contact form or subscribe to updates.
- βΉ Account Data: If you create an account for API access or premium features, we store your username, hashed password, and usage preferences.
- βΉ Communication Records: Copies of emails, support tickets, or chat messages you send to our team for service improvement and dispute resolution.
- βΉ Feedback & Surveys: Voluntary responses to user research, feature requests, or satisfaction surveys to enhance our offerings.
πΉ Information Collected Automatically
- βΉ Device & Connection Data: IP address, browser type, operating system, device identifiers, and approximate location derived from IP for security and analytics.
- βΉ Usage Analytics: Pages visited, time spent, click patterns, referral sources, and search queries within our site to improve content relevance and navigation.
- βΉ Cookie Data: Preferences, session identifiers, and authentication tokens stored via cookies (see Section 7 for details).
- βΉ Log Files: Server logs recording timestamps, requested URLs, HTTP status codes, and user-agent strings for troubleshooting and security monitoring.
πΉ Information from Third Parties
We may receive limited information from trusted partners:
- βΉ Analytics Providers: Aggregated, anonymized data from Google Analytics and similar tools to understand traffic patterns (no personal identifiers shared).
- βΉ Security Services: Threat intelligence feeds to detect and prevent malicious activity, fraud, or abuse.
- βΉ Public Sources: Professionally relevant information from public business directories or professional networks when verifying enterprise partnerships.
2. How We Use Your Information
We process your data only for legitimate, specified purposes:
π§ Service Delivery & Improvement
To provide, maintain, and enhance our statistics platform: delivering content, processing requests, personalizing your experience, fixing bugs, and developing new features based on usage patterns.
π Analytics & Research
To analyze aggregated, anonymized usage data for trend identification, content optimization, and product development. Individual users are never identified in research outputs.
π Security & Compliance
To protect our platform, users, and data: detecting fraud, preventing abuse, enforcing terms, responding to legal requests, and complying with applicable laws and regulations.
π¬ Communications
To respond to your inquiries, send service updates (security alerts, policy changes), andβwith your explicit consentβshare relevant industry insights or product announcements. You may opt out of promotional emails anytime.
βοΈ Legal Obligations
To fulfill contractual commitments, respond to lawful requests from authorities, establish/defend legal claims, and protect the rights, property, or safety of Web2AI Statistics, our users, or the public.
Note: We do not sell, rent, or trade your personal information to third parties for their marketing purposes. Data sharing is strictly limited to service provision, legal compliance, or with your explicit consent.
3. Legal Basis for Processing (GDPR)
Under the GDPR, we process personal data based on one or more of the following lawful bases:
| Legal Basis | Processing Activities | Your Rights |
|---|---|---|
| Consent | Newsletter subscriptions, optional surveys, marketing communications | Withdraw anytime via link or contact |
| Contract | Account creation, API access, premium feature delivery | Request data portability, terminate account |
| Legitimate Interest | Security monitoring, analytics, service improvement, fraud prevention | Object to processing; we assess case-by-case |
| Legal Obligation | Tax records, regulatory compliance, responding to lawful requests | Limited; required by law |
Where we rely on legitimate interests, we conduct a balancing test to ensure your rights and freedoms are not overridden. You may object to such processing by contacting us at alex@engineai.eu.
4. Data Sharing & Third Parties
We share data only in limited, transparent circumstances:
-
1
Service Providers
Trusted vendors who process data on our behalf under strict contractual obligations: cloud hosting (AWS/EU regions), email delivery (SendGrid), analytics (Google Analytics 4 with IP anonymization), and security monitoring. None may use your data for their own purposes.
-
2
Legal Requirements
We may disclose information if required by law, court order, or governmental request, or to protect our rights, property, or safety, or that of our users or the public. We notify users of such requests unless legally prohibited.
-
3
Business Transfers
In the event of a merger, acquisition, or asset sale, user data may be transferred as part of the transaction. We will notify you via email and/or prominent notice on our site of any change in ownership or uses of your data, and provide choices regarding your information.
-
4
With Your Consent
We may share information with third parties when you explicitly authorize it, such as connecting your account to a partner platform or participating in a co-branded research study. You may withdraw consent anytime.
β We do NOT: Sell personal data to data brokers, share email lists with third-party marketers, or use your data for profiling beyond service improvement without explicit consent.
5. Data Retention Periods
We retain personal data only as long as necessary for the purposes outlined in this policy:
| Data Category | Retention Period | Deletion Method |
|---|---|---|
| Contact Form Submissions | 24 months from last interaction | Secure automated deletion |
| Account Data | Duration of account + 12 months post-closure | User-initiated or admin deletion |
| Analytics Logs | 14 months (GA4 default), then aggregated/anonymized | Platform automated retention |
| Security Logs | 12 months for threat analysis | Encrypted archival then deletion |
| Legal/Compliance Records | As required by applicable law (typically 7 years) | Secure destruction post-retention |
You may request earlier deletion of your personal data at any time (see Section 6). We will comply within 30 days unless a legal obligation requires retention.
6. Your Rights & Choices
Depending on your location, you have specific rights regarding your personal data:
π GDPR Rights (EU/EEA/UK)
- Access: Request a copy of your personal data we hold.
- Rectification: Correct inaccurate or incomplete information.
- Erasure ("Right to be Forgotten"): Request deletion of your data.
- Restriction: Limit processing while accuracy is verified.
- Data Portability: Receive your data in a structured, machine-readable format.
- Objection: Object to processing based on legitimate interests.
- Withdraw Consent: Revoke consent for optional processing anytime.
πΊπΈ CCPA/CPRA Rights (California)
- Right to Know: Request categories/sources/purposes of data collected.
- Right to Delete: Request deletion of personal information.
- Right to Opt-Out: Opt out of "sale" or "sharing" of personal data (we do not sell data).
- Right to Correct: Request correction of inaccurate personal information.
- Right to Limit Sensitive Data Use: Restrict use of sensitive personal information.
- Non-Discrimination: Receive equal service/pricing regardless of exercising rights.
π Global Rights
- Marketing Opt-Out: Unsubscribe from promotional emails via link in any message or by contacting us.
- Cookie Preferences: Manage non-essential cookies via our Cookie Banner or browser settings.
- Do Not Track: We honor DNT signals; however, analytics use aggregated, non-identifiable data.
π¬ To exercise your rights: Email alex@engineai.eu with "Privacy Request" in the subject line. We respond within 30 days and may verify your identity to protect your data. No fee applies unless requests are manifestly unfounded or excessive.
8. Data Security Measures
We implement technical and organizational safeguards to protect your data against unauthorized access, alteration, disclosure, or destruction:
- β Encryption: Data encrypted in transit (TLS 1.3) and at rest (AES-256).
- β Access Controls: Role-based permissions, multi-factor authentication for admin access, principle of least privilege.
- β Regular Audits: Security assessments, vulnerability scanning, and penetration testing by independent third parties.
- β Incident Response: Documented procedures for detecting, containing, and notifying affected parties of data breaches within 72 hours as required by GDPR.
- β Employee Training: Mandatory privacy/security training for all staff with access to personal data.
While we strive to use commercially acceptable means to protect your information, no method of electronic transmission or storage is 100% secure. If you believe your account has been compromised, contact us immediately.
9. International Data Transfers
Web2AI Statistics is operated from the European Union. When we transfer personal data outside the EU/EEA, we ensure adequate protection through:
- βΉ EU-US Data Privacy Framework: For transfers to certified US service providers.
- βΉ Standard Contractual Clauses (SCCs): EU-approved contractual safeguards for transfers to countries without adequacy decisions.
- βΉ Data Localization: Where possible, we store EU user data on servers located within the EU (AWS eu-central-1, Frankfurt).
You may request a copy of our SCCs or other transfer safeguards by emailing alex@engineai.eu.
10. Children's Privacy
Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us immediately, and we will take steps to delete such information.
Parents or guardians who believe we have inadvertently collected a child's information may request deletion by emailing alex@engineai.eu with "Child Data Request" in the subject line.
11. Changes to This Policy
We may update this Privacy Policy periodically to reflect changes in our practices, services, or legal requirements. When we do:
- βΉ We will post the updated policy on this page with a revised "Last Updated" date.
- βΉ For material changes affecting your rights, we will provide prominent notice via email and/or site banner at least 30 days before effectiveness.
- βΉ Your continued use of our services after changes take effect constitutes acceptance of the updated policy.
We encourage you to review this policy periodically to stay informed about how we protect your information.
12. Contact Information
For questions about this Privacy Policy, to exercise your data rights, or to report a concern:
Web2AI Statistics
Operated by EngineAI EU
Registered in Romania
EU Representative (GDPR Art. 27): Available upon request for EU residents.
CCPA Authorized Agent: California residents may designate an authorized agent to submit requests on their behalf with written permission.