Privacy Policy

Draft — this is not legal advice.

1. Data controller

Weblabfactory
VAT IT10698181210
Portici (NA), Campania, Italy
Email: info@weblabfactory.it
Privacy: privacy@weblabfactory.it

2. Data processed

We process the following categories of data:

  • Account data: name, email address and credentials managed through airouter, the authentication gateway of the WeblabFactory ecosystem.
  • Project content: text, images, video and metadata of websites generated by the user.
  • BYOK keys: API keys provided by the user for third-party generative engines, stored encrypted at-rest using the Fernet algorithm.
  • Payment data: processed and stored by Stripe; aiwebstudio does not store payment card details.
  • Technical logs: IP addresses, request timestamps, error events, used for security and proper operation of the service.

3. Purposes and legal bases

Data is processed for the following purposes:

  • Performance of the contract (Art. 6(1)(b) GDPR): providing the service, account management, payment processing.
  • Legal obligation (Art. 6(1)(c) GDPR): tax and accounting compliance, log retention under applicable regulations.
  • Legitimate interest (Art. 6(1)(f) GDPR): platform security, fraud prevention, service improvement.

4. Cookies and tracking

aiwebstudio does not use profiling or tracking cookies. Authentication is handled via a JWT stored in the browser's localStorage, not via cookies.

During checkout, Stripe may set technical cookies required to complete the payment. Such cookies are governed by Stripe's privacy policy.

5. Recipients and data processors

Data may be shared with the following parties, to the extent necessary:

  • airouter / WeblabFactory: authentication and LLM model management.
  • Stripe: payment processing.
  • User-selected AI providers (BYOK): Higgsfield, MuAPI, fal.ai, ModelArk — only to the extent the user configures and uses their own keys.

6. Transfers outside the EU

Some third-party AI providers (selected by the user via BYOK) may operate outside the European Economic Area. In such cases, transfers are made with appropriate safeguards as required by GDPR (e.g., standard contractual clauses). Users are encouraged to review each provider's policy before configuring their keys.

7. Data retention

Account data and project content are retained for the duration of the contractual relationship and for the period subsequently required by law (e.g., tax obligations). Technical logs are kept only as long as strictly necessary for security purposes. BYOK keys are deleted upon account closure or at the data subject's request.

8. Data subject rights

As a data subject, you have the right to:

  • Access your personal data (Art. 15 GDPR).
  • Rectify inaccurate data (Art. 16 GDPR).
  • Obtain erasure of your data ("right to be forgotten", Art. 17 GDPR).
  • Object to processing based on legitimate interest (Art. 21 GDPR).
  • Receive your data in a structured format (portability, Art. 20 GDPR).

To exercise your rights, contact us at info@weblabfactory.it. You also have the right to lodge a complaint with the competent supervisory authority (in Italy: Garante per la Protezione dei Dati Personali).

9. Contact

Weblabfactory
VAT IT10698181210
Portici (NA), Campania, Italy
Email: info@weblabfactory.it
Privacy: privacy@weblabfactory.it