Privacy policy
Last Updated: December 2024
1. Introduction
Welcome to WebGPT, operated by A.M.T.H DIGITAL LTD ("we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered content management and automation platform at webgpt.com (the "Service").
By accessing or using our Service, you agree to this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access the Service.
2. Information We Collect
2.1 Personal Information You Provide
We collect information you voluntarily provide when using our Service:
- Account Information: Email address, username, password (encrypted), first and last name, phone number, and address
- Profile Information: Profile picture, job title, company name, country, timezone, website URL, social media links, and biographical information
- Billing Information: Payment card details (processed securely through third-party payment processors), invoice details, and business tax ID
- Communication Data: Support tickets, messages, and any correspondence with us
2.2 Information Collected Automatically
When you access our Service, we automatically collect:
- Device Information: Device type, operating system, browser type, screen resolution, and device identifiers
- Session Information: IP address, login timestamps, session duration, and geographic location (derived from IP)
- Usage Data: Features accessed, actions performed, content created, and interaction patterns
- Log Data: Server logs including request timestamps, page views, and error logs
2.3 Third-Party Integration Data
When you connect third-party services, we may receive and store:
- WordPress Sites: Site URLs, authentication tokens, post data, categories, and analytics
- AI Service Providers: API keys (encrypted) for OpenAI, Google Gemini, Anthropic Claude, DeepSeek, and Grok
- Cloudflare: Account credentials, domain information, analytics data, and DNS records
- Telegram: Bot tokens, channel information, and message data
- Social Platforms: OAuth tokens and page/account information for Facebook, Twitter, Blogger, Tumblr, and WordPress.com
- Google Analytics: Analytics credentials and website performance data
2.4 AI-Generated Content Data
We process and store:
- Prompts and inputs you provide for AI content generation
- Generated articles, posts, and other AI-created content
- RAG (Retrieval-Augmented Generation) knowledge base documents and embeddings
- Chatbot configurations and conversation histories
- AI usage metrics and token consumption
3. How We Use Your Information
We use collected information for the following purposes:
3.1 Service Delivery
- Creating and managing your account
- Processing AI content generation requests
- Publishing content to connected platforms
- Managing scheduled tasks and automated workflows
- Operating RAG chatbots and knowledge bases
- Providing SERP (Search Engine Results Page) analysis
- Managing domain and website integrations
3.2 Account Management
- Processing subscription payments and billing
- Managing multi-user accounts and permissions
- Tracking usage against subscription limits
- Sending account-related notifications
3.3 Security and Fraud Prevention
- Detecting and preventing unauthorized access
- Monitoring for suspicious activities
- Managing active sessions and devices
- Enforcing rate limits and usage policies
3.4 Service Improvement
- Analyzing usage patterns to improve features
- Debugging and fixing technical issues
- Developing new features and services
3.5 Communication
- Responding to support requests
- Sending service-related announcements
- Providing email confirmations and security alerts
4. Data Sharing and Disclosure
4.1 Third-Party Service Providers
We share data with service providers who assist in operating our Service:
| Provider Type | Purpose | Data Shared |
|---|---|---|
| AI Providers (OpenAI, Anthropic, Google, etc.) | Content generation | Prompts, context data |
| Payment Processors | Payment processing | Billing information |
| Cloud Infrastructure (MongoDB Atlas) | Data storage | All stored data (encrypted) |
| Email Services | Transactional emails | Email addresses, message content |
| Image Services (Pexels, Pixabay) | Stock image search | Search queries |
4.2 Connected Platforms
When you connect and use integrations, we transmit data to:
- WordPress sites (via REST API)
- Social media platforms (Facebook, Twitter, Telegram)
- Blogging platforms (Blogger, WordPress.com, Tumblr)
- Cloudflare (for domain management)
4.3 Legal Requirements
We may disclose information if required to:
- Comply with legal obligations or valid legal processes
- Protect our rights, privacy, safety, or property
- Enforce our Terms of Service
- Respond to claims of content violations
4.4 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction. We will notify you of any change in ownership or uses of your personal information.
5. Data Storage and Security
5.1 Data Storage
- Location: Data is stored on MongoDB Atlas cloud infrastructure
- Encryption: All sensitive data is encrypted at rest and in transit
- Passwords: Stored using bcrypt hashing (cost factor 13)
- API Keys: Encrypted before storage
5.2 Security Measures
- HTTPS/TLS encryption for all data transmission
- CSRF (Cross-Site Request Forgery) protection
- Session security with secure, httponly cookies
- Rate limiting on authentication endpoints
- Login attempt monitoring and lockout policies
- Regular security audits and updates
5.3 Session Management
- Active session tracking and device monitoring
- Ability to terminate individual or all sessions
- Session expiration policies
6. Data Retention
We retain your information for the following periods:
| Data Type | Retention Period |
|---|---|
| Account Information | Until account deletion + 30 days |
| Generated Content | Until deleted by user or account termination |
| Billing Records | 7 years (legal requirement) |
| Usage Logs | 90 days |
| Session/Device Data | Until session termination + 30 days |
| Support Tickets | 3 years after resolution |
| AI Conversation History | Until deleted by user or account termination |
7. Your Rights and Choices
7.1 Access and Portability
You have the right to:
- Access your personal information through your account settings
- Export your data including articles, chatbot configurations, and conversation histories
- Download invoices and billing history
7.2 Correction
You can update your personal information through:
- Account settings for profile and security information
- Billing settings for payment and invoice details
- Public profile settings for publicly visible information
7.3 Deletion
You can request deletion of:
- Individual content items (articles, chatbots, RAG data)
- Connected integrations and their associated data
- Your entire account (contact support)
7.4 Integration Disconnection
You can revoke access to connected third-party services at any time through the integrations settings.
7.5 Email Preferences
You can manage email notification preferences in your account settings, including:
- Message notifications
- Security alerts
- Service updates
8. Cookies and Tracking Technologies
8.1 Essential Cookies
We use essential cookies for:
- Session management and authentication
- CSRF protection tokens
- Language and interface preferences
8.2 Local Storage
We use browser local storage for:
- Caching application data for performance (24-hour expiry)
- Storing user preferences
- Session state management
8.3 Third-Party Analytics
We may use analytics services to understand Service usage. These services may use their own cookies and tracking technologies.
9. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for such transfers, including:
- Standard contractual clauses approved by relevant authorities
- Use of service providers with appropriate certifications
- Encryption of data in transit and at rest
10. Children's Privacy
Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child under 18, we will take steps to delete that information promptly.
11. AI-Specific Privacy Considerations
11.1 AI Content Generation
- Your prompts and generated content may be processed by third-party AI providers
- We do not use your content to train our own AI models
- Generated content is stored in your account and not shared with other users
11.2 RAG Knowledge Bases
- Documents you upload are processed to create embeddings
- Embeddings are stored securely and associated only with your account
- Your RAG data is not shared with or accessible to other users
11.3 Chatbot Conversations
- Conversations with your chatbots are logged and stored
- You can export or delete conversation histories
- Visitor information from embedded chatbots is tracked (device type, browser, location)
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by:
- Posting the new Privacy Policy on this page
- Updating the "Last Updated" date
- Sending an email notification for significant changes
Your continued use of the Service after any changes indicates your acceptance of the updated Privacy Policy.
13. Contact Us
If you have questions about this Privacy Policy or our privacy practices, please contact A.M.T.H DIGITAL LTD:
- Support System: Submit a ticket through the Support section in your account
- Website: Contact Page
14. Additional Rights for Specific Jurisdictions
14.1 European Economic Area (GDPR)
If you are in the EEA, you have additional rights including:
- Right to lodge a complaint with a supervisory authority
- Right to object to processing based on legitimate interests
- Right to data portability in a machine-readable format
14.2 California (CCPA)
California residents have the right to:
- Know what personal information is collected
- Know if personal information is sold or disclosed
- Say no to the sale of personal information
- Access their personal information
- Request deletion of personal information
- Not be discriminated against for exercising these rights
We do not sell personal information to third parties.