Privacy Policy
Last updated: 2026-06-30
1. Who we are
WidgetAI (the "Service") is operated by Quassum MB, registered in Lithuania, with a registered address at Vilnius, Lithuania. We are the data controller for personal data processed via the WidgetAI website, web application, API, and iOS application. Contact our privacy contact at info@quassum.com.
2. Scope
This policy covers the WidgetAI marketing website, the WidgetAI web application, our API, and the WidgetAI iOS application (together, the "Service"). Where a section applies only to one of these, we say so.
3. Data we collect
When you create and use an account
- Account data: name, email address, email verification status, and an optional profile image. If you sign up with a password, we store it only in hashed form. If you sign in with Google or Apple, we receive your name, email, and profile image from that provider and store the linked-account reference and its sign-in tokens.
- Session and security data: IP address and browser/device User-Agent of each session, session tokens, and session expiry times.
- Your content: the widgets you create (their full document structure and revision history), your AI chat messages with the editor (prompts, responses, and the edits they produce), and any widgets you publish to or install from the marketplace.
- AI usage data: token counts per AI message and a per-month count of AI edits, used to enforce plan quotas.
- Product usage analytics (Mixpanel): pseudonymous product analytics via Mixpanel, hosted on Mixpanel's EU servers. Events are tied to your user ID — never your name or email. Our iOS app sends events that include your plan tier, which device permissions (location, calendar, reminders, photos) you have enabled, and device metadata such as device model, OS version, and app version. In addition, our servers send events about how you use the Service — for example, when you create a widget, together with non-identifying attributes such as how it was created (blank, template, or marketplace listing), its size, and an internal widget identifier. These server-side events apply whether you use the iOS app or the web app.
- Advertising measurement (iOS): our iOS app shares aggregated, privacy-preserving conversion measurement with Meta Platforms, Inc. and with Google so we can understand the effectiveness of our advertising. For Google, a
purchaseevent flows from Firebase Analytics into Google Analytics 4 and onward to Google Ads, combined with Apple's SKAdNetwork. We do not request App Tracking Transparency permission and do not collect your device's advertising identifier (IDFA). Measurement relies on Apple's SKAdNetwork together with Meta's Aggregated Event Measurement and Google's aggregated conversion measurement, which provide aggregate results and do not identify you individually. - Firebase Analytics (iOS): our iOS app uses Google's Firebase Analytics for product-usage analytics, keyed to a pseudonymous app-instance identifier — never your name or email. The same SDK provides the advertising-conversion measurement described above (a
purchaseevent sent to Google Analytics 4 and Google Ads). We do not collect your advertising identifier (IDFA) and do not request App Tracking Transparency permission. - Firebase Crashlytics (iOS): if the app crashes, Google's Firebase Crashlytics sends us crash reports and diagnostic data — stack traces, device model and OS version, and app state at the time of the crash — so we can diagnose and fix stability problems.
- Firebase Performance Monitoring (iOS): Google's Firebase Performance Monitoring collects app and network performance metrics, such as startup time, screen rendering, and network request timing and success rates, so we can measure and improve performance.
- Connector credentials: if you configure an API connector, the API keys or secrets you provide. These are encrypted at the application level (AES-256-GCM) before storage and are used only to fetch the data you configured the connector to fetch.
- Subscription data: your plan tier, subscription status, billing period end, and customer/subscription identifiers from our payment providers. We never receive or store full payment card numbers — payment details are handled by Polar (web purchases) or Apple (iOS in-app purchases).
- Location (optional, iOS only): if you grant the iOS location permission, the app uploads an approximate (city-level, roughly 1 km accuracy) latitude/longitude, a reverse-geocoded place name, and your timezone, captured only while the app is in use. This powers location-aware widgets such as weather. You can disable this at any time in iOS Settings; we then stop receiving updates, and you can ask us to delete the stored value.
Processed on your device only (never sent to our servers)
- Photos: photos you select for photo widgets are copied into the app's local shared container and read by your widgets on-device.
- Calendar and reminders: widgets that display calendar events or reminders read them locally on your device.
We do not receive your photo library, calendar, or reminder contents.
When you use the marketing website
- Waitlist sign-ups: email address, source / referrer (if provided), the timestamp of your consent to our terms and privacy policy, IP address and User-Agent of the request, and any subsequent confirmation or unsubscribe timestamps.
- Contact form submissions: the email address and message body you provide.
- Anonymous site analytics: aggregated page views, referrer, country, browser version, and Web Vitals timings via self-hosted Umami. No cookies, no cross-site identifiers.
- Google Analytics & Google Ads (Consent Mode v2): we use Google Analytics 4 and Google Ads via Google's gtag.js with Consent Mode v2. Consent defaults to denied, so no cookies (
_ga,_gid,_gcl_*,_gac_*) are set and no identifiers are stored; until you opt in, Google receives only aggregated, cookieless signals. When you accept analytics and/or advertising cookies we signal consent so the relevant cookies are set and event data (such as page views and sign-ups) is shared with Google — see our Cookies page. - Other advertising pixels (only with your consent): if you accept advertising cookies, pixels from Meta, TikTok, and X set cookies and share events (such as page views and sign-ups) with those providers to measure and optimise our ads. These load only after you opt in via our cookie banner — see our Cookies page.
4. AI processing
When you use the AI editor, your prompt, the relevant chat history, and the widget document being edited are sent to our model providers — Anthropic and/or OpenAI — to generate the response. Under these providers' API terms, data submitted via their APIs is not used to train their models. To operate and debug the AI features we may also record traces of model calls (prompts, responses, model, token counts, latency, and your user identifier) in our LLM observability tooling (Langfuse); these traces are subject to the same protections and retention rules as the rest of your account data.
5. Purposes and legal bases (GDPR Art. 6)
- Providing the Service — operating your account, storing and syncing your widgets and chats, processing AI editing requests, marketplace publishing/installs, connectors, and managing your subscription: Art. 6(1)(b) — performance of a contract.
- Location-aware widgets — processing the approximate location you choose to share: Art. 6(1)(a) — consent, given via the iOS permission prompt and withdrawable at any time in iOS Settings.
- Security and abuse prevention — storing IP addresses and User-Agents of sessions and sign-up requests, rate limiting, and fraud detection: Art. 6(1)(f) — legitimate interests. We have balanced this against your rights and concluded the processing is proportionate; you may object at any time.
- Billing and accounting records — Art. 6(1)(c) — legal obligation (tax and accounting law) and Art. 6(1)(b).
- Waitlist and marketing communications — Art. 6(1)(a) — consent. You can withdraw at any time via the unsubscribe link in every email or by emailing our privacy contact.
- Product analytics — aggregated, cookieless site analytics (Umami) and pseudonymous product analytics (Mixpanel, EU-hosted, from our iOS app and our servers, no name or email; and iOS Firebase Analytics, keyed to a pseudonymous app-instance identifier, no name or email): Art. 6(1)(f) — legitimate interests in measuring and improving the Service. You may object at any time.
- App stability and performance (iOS) — crash reports and diagnostic data (Firebase Crashlytics) and app and network performance metrics (Firebase Performance Monitoring): Art. 6(1)(f) — legitimate interests in diagnosing problems and keeping the Service stable and performant. You may object at any time.
- iOS advertising measurement — aggregated, privacy-preserving conversion measurement shared with Meta and with Google via Apple's SKAdNetwork, Meta's Aggregated Event Measurement, and Google's aggregated conversion measurement (a
purchaseevent from Firebase Analytics to Google Analytics 4 and Google Ads), with no App Tracking Transparency prompt, no IDFA, and not identifying you individually: Art. 6(1)(f) — legitimate interests in understanding the effectiveness of our advertising. You may object at any time. - Analytics and advertising cookies (Google Analytics, Google Ads, Meta, TikTok, X) — Art. 6(1)(a) — consent. For the Google tags, your consent governs cookie storage under Consent Mode v2; until you consent only aggregated, cookieless signals are sent. The Meta, TikTok, and X pixels load only if you accept them. You can withdraw consent at any time via the Cookie settings link.
6. Recipients and processors
We share personal data with the following categories of recipients, only to the extent needed for the purposes above:
- Anthropic (AI model provider) — US; receives AI prompts, chat history, and widget documents when you use AI features; API data is not used for model training.
- OpenAI (AI model provider) — US; same scope as Anthropic.
- Langfuse (LLM observability) — EU; receives traces of AI model calls.
- Resend (email delivery) — EU/US; receives recipient email addresses and email content.
- Polar (payment processing for web purchases, acting as merchant of record) — EU/US; receives your email and subscription details and processes your payment.
- Apple (App Store and in-app purchases; Sign in with Apple) — under Apple's own terms and privacy policy.
- RevenueCat (in-app purchase infrastructure) — US; receives your user identifier and subscription entitlement state.
- Mixpanel (product analytics) — EU data residency; receives a pseudonymous user identifier and product-usage events. From our iOS app: plan tier, device-permission flags, and device metadata. From our servers (web and iOS): events about your use of the Service, such as widget creation, with non-identifying attributes (for example, how a widget was created and its size). Never receives your name or email.
- Meta Platforms, Inc. (iOS advertising measurement) — US; receives aggregated, privacy-preserving conversion measurement from our iOS app via Apple's SKAdNetwork and Meta's Aggregated Event Measurement. We do not request App Tracking Transparency permission or collect your advertising identifier (IDFA); the results are aggregate and do not identify you individually.
- Google (Sign in with Google; web Google Analytics 4 and Google Ads; iOS Firebase SDKs) — sign-in under Google's own terms; on the website, the analytics/ads tags operate under Consent Mode v2 and receive aggregated, cookieless signals by default and, once you consent, cookie-based analytics and advertising event data. In our iOS app, Google's Firebase SDKs send: a pseudonymous app-instance identifier with product-usage analytics (Firebase Analytics); crash reports and diagnostic data — stack traces, device model and OS version, and app state at the time of a crash (Firebase Crashlytics); app and network performance metrics (Firebase Performance Monitoring); and aggregated advertising-conversion measurement to Google Analytics 4 and Google Ads (a
purchaseevent, combined with Apple's SKAdNetwork). We do not request App Tracking Transparency permission or collect your advertising identifier (IDFA), and the advertising results are aggregate and do not identify you individually. Google acts as an independent controller under its own privacy policy. - Vercel (web hosting) — EU/US.
- Railway (API, background-job, and database hosting) — US; hosts our application database.
- Self-hosted Umami analytics — runs on our infrastructure; no third party receives identifiable data.
- Advertising partners — Meta Platforms, TikTok, and X Corp — receive pixel event data only where you have consented. They act as independent controllers for that data under their own privacy policies.
We do not sell personal data.
7. International transfers
Where personal data is transferred outside the EEA/UK, we rely on adequacy decisions (including the EU-US Data Privacy Framework, where the recipient is certified) and/or the Standard Contractual Clauses incorporated into the recipient's standard service terms.
8. Retention
- Account data and your content (widgets, revisions, AI chats, connectors, subscription state, location): for the life of your account. When you request deletion, your account enters a 30-day grace period during which you can cancel the request; after it elapses, your account and all associated data are permanently deleted.
- Sessions: expire after 30 days.
- Email verification tokens: 24 hours.
- Billing and accounting records: retained for the period required by applicable tax and accounting law, even after account deletion.
- Waitlist data: retained until the iOS app launches plus twelve (12) months, after which it is deleted unless you have converted to a customer account. You may request earlier deletion at any time.
- Contact form messages: retained as long as needed to handle your enquiry.
9. Your rights (GDPR Art. 15–22)
You have the right to access, rectify, erase, restrict, port, and object to processing of your personal data, and to withdraw consent at any time without affecting prior processing.
- Export: you can export a machine-readable copy of your account data directly from account settings.
- Deletion: you can request account deletion directly from account settings; deletion completes after a 30-day grace period during which you may cancel.
- Everything else: email info@quassum.com. We respond within one month.
10. Security
We operate an information security program aligned with the SOC 2 Trust Services Criteria and the control objectives of ISO/IEC 27001. Measures include: encryption in transit (TLS) for all traffic; encryption at rest for stored data; additional application-level AES-256-GCM encryption for stored connector credentials; password hashing; HttpOnly, Secure session cookies; least-privilege access controls and logical separation of customer data; rate limiting and abuse detection; and review of the subprocessors listed above. This section describes our practices and is not a representation that we hold any particular certification or attestation; where we obtain formal certifications, we will make them available on request. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
11. Right to lodge a complaint
You may lodge a complaint with the supervisory authority in your Member State of habitual residence, place of work, or place of the alleged infringement. Our lead supervisory authority is the Lithuanian State Data Protection Inspectorate (Valstybinė duomenų apsaugos inspekcija).
12. Children
The Service is not intended for children under 16, and we do not knowingly collect personal data from them.
13. Automated decision-making
We do not make automated decisions that produce legal or similarly significant effects about you. AI features generate content at your request and do not evaluate you. Where you consent to advertising cookies, our advertising partners (Meta, TikTok, Google, X) may use the resulting data to profile and target ads under their own policies; you can withdraw consent at any time via the Cookie settings link.
14. Changes to this policy
We will update the "Last updated" date above when we make material changes. If changes affect your rights we will notify you by email or in-app notice.