Privacy Policy — WeblyChat

Section 1

Who We Are

WeblyChat is a service operated by TECHVANTAGE SL (NIF: B56213499), a company registered in Spain and the data controller for personal data processed through the WeblyChat service. In this Policy, "we", "us", or "our" refers to TECHVANTAGE SL.

Registered address: Calle Firmamento, No 5, Casa 9, 29631 Benalmádena, Málaga, Spain
Phone: +34 643 899 763

As data controller, we determine the purposes and means of processing your personal data. This Privacy Policy explains what data we collect when you use WeblyChat, the legal basis for processing it, how long we keep it, and the rights you have under the General Data Protection Regulation (GDPR) and Spanish data protection law.

If you have any questions or concerns about how we handle your personal data, please contact us at hola@weblychat.eu.

Section 2

What Data We Collect

We collect only what we genuinely need to provide the service. Here is a full account of the personal data we hold:

Data	Source	When collected
Email address	Google OAuth	When you sign in for the first time
Display name	Google OAuth	When you sign in for the first time
Telegram username	Telegram bot	When you link your Telegram account
Session token	Our server, stored in your browser's localStorage	Each time you sign in
Server logs (IP address, request timestamps)	Our servers and Cloudflare	Automatically on each request

What we do not collect

We do not run advertising trackers, analytics pixels, or any third-party behavioural tracking scripts. We do not collect payment card details (no card is required during the trial, and payment details for paid plans are handled outside the platform). We do not collect your phone number or physical address.

Section 3

Why We Collect It

Under the GDPR, every piece of personal data we process must have a defined legal basis. The following table explains each item:

Email address and display name

Legal basis: Performance of a contract (Article 6(1)(b) GDPR). We need your email address and name to create your account, identify you as the account holder, send you service notifications (such as trial expiry warnings), and authenticate your session. Without this data we cannot provide the service.

Telegram username

Legal basis: Performance of a contract (Article 6(1)(b) GDPR). Linking your Telegram account is the core mechanism through which you interact with the WeblyChat bot. We store your Telegram username to associate your bot conversations with your WeblyChat account.

Session token

Legal basis: Performance of a contract (Article 6(1)(b) GDPR). The session token keeps you signed in on the website. It is a randomly generated string stored only in your browser's localStorage — it is not transmitted to third parties and is not used for tracking. It expires automatically after 7 days.

Server logs

Legal basis: Legitimate interests (Article 6(1)(f) GDPR). Server logs containing IP addresses and request timestamps are retained for security monitoring, debugging, and fraud prevention. We have assessed that our legitimate interest in securing the service outweighs the minimal impact on your privacy, given that these logs are not used for profiling and are retained for a short period.

Section 4

Fonts and External Resources

Our website uses self-hosted fonts. No font or resource request is sent to Google Fonts or any other external font provider when you visit weblychat.com.

WeblyChat previously used Google Fonts loaded from Google's CDN. This has been replaced with self-hosted font files served directly from our own infrastructure. As a result, visiting our website does not cause your browser to send any request to Google Fonts, and Google receives no data about your visit for this purpose.

We do not embed third-party widgets, social media buttons, or external scripts on the marketing website that would cause your browser to connect to external servers.

Section 5

Third-Party Services

To deliver the service we work with a small number of carefully selected third-party processors. Each acts only on our instructions and is contractually bound to handle your data securely.

Google (Google OAuth)

We use Google OAuth as our sign-in provider. When you click "Continue With Google", your browser connects directly to Google's authorisation service. Google authenticates you according to their own terms and privacy policy and returns a token to us confirming your identity. We receive your name and email address from Google and store them in our own database. We do not receive your Google password, payment details, or any other Google account data.

Google's Privacy Policy: policies.google.com/privacy

Telegram

The WeblyChat bot runs on Telegram's platform. When you link your account and send messages to the bot, those messages pass through Telegram's servers. Telegram's own privacy policy governs how they handle data on their platform. We receive only the messages you send to the bot and your Telegram username — we do not receive your phone number or other Telegram profile data.

Telegram's Privacy Policy: telegram.org/privacy

Cloudflare Pages

The static websites we build for you are hosted on Cloudflare Pages, a static hosting platform operated by Cloudflare, Inc. Visitors to your published website will have their requests served through Cloudflare's global network. Cloudflare may log request metadata (such as IP addresses) in accordance with their own privacy policy. This data is collected by Cloudflare as part of their CDN service and is separate from the personal data we hold about you as a WeblyChat account holder.

Cloudflare's Privacy Policy: cloudflare.com/privacypolicy

We do not share your personal data with any advertising networks, data brokers, or other third parties not listed here.

Section 6

Data Retention

We keep your data only for as long as it is necessary. Here is our retention schedule:

Session tokens: Expire automatically after 7 days of inactivity. On sign-out, the token is removed from localStorage on your device.
Trial account data (email, name, Telegram username, project data): Retained while the trial is active. If the trial expires without upgrading to a paid subscription, all project data is deleted automatically. Account-level data (email and name) is deleted 30 days after trial expiry.
Active subscription data: Retained for the duration of the subscription. On account closure or cancellation, project data is deleted immediately; account-level data is deleted within 30 days.
Server logs: Retained for up to 30 days for security and debugging purposes, then deleted automatically.
Analytics data: We do not retain analytics data because we do not collect it.

Where we are required by law to retain certain data for a longer period (for example, financial records), we will comply with that obligation and delete the data as soon as the legal retention period has passed.

Section 7

Your Rights Under GDPR

If you are located in the European Economic Area, you have the following rights regarding your personal data:

Right of access (Article 15)

You have the right to request a copy of the personal data we hold about you and information about how we use it.

Right to rectification (Article 16)

If any of the personal data we hold about you is inaccurate or incomplete, you have the right to ask us to correct it.

Right to erasure (Article 17)

You have the right to ask us to delete your personal data where there is no compelling reason for us to continue processing it — for example, where you withdraw consent or where the data is no longer necessary for the purpose it was collected. Note that some data may be subject to legal retention obligations.

Right to data portability (Article 20)

Where processing is based on your consent or a contract and is carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.

Right to object (Article 21)

You have the right to object to processing carried out on the basis of our legitimate interests (such as server log retention). We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests.

Right to restrict processing (Article 18)

In certain circumstances you have the right to ask us to restrict the processing of your personal data — for example, while a dispute about accuracy is resolved.

How to exercise your rights

To exercise any of the rights above, please email us at hola@weblychat.eu with a clear description of your request. We will respond within 30 days. We may need to verify your identity before fulfilling the request.

Right to lodge a complaint

If you believe we are not handling your personal data in compliance with the GDPR, you have the right to lodge a complaint with the Spanish Data Protection Authority:

Agencia Española de Protección de Datos (AEPD)
Website: www.aepd.es
Address: C/ Jorge Juan, 6, 28001 Madrid, Spain

If you are resident in another EU member state you also have the right to contact your national supervisory authority.

Section 8

Cookies and Local Storage

We do not use cookies for tracking or advertising. The only data stored in your browser is a functional session token in localStorage, which keeps you signed in.

WeblyChat does not set any cookies on your device. We use the browser's localStorage API to store a single session token after you sign in. Here is what you need to know about it:

Purpose: Strictly functional. It keeps you signed in between page visits so you do not have to authenticate on every page load.
Content: A randomly generated token string. It does not contain your name, email, or any identifiable information.
Scope: Stored only in your browser; not sent to any third party.
Expiry: Expires automatically after 7 days. Cleared immediately when you sign out.
How to remove it: You can clear it at any time by signing out, clearing your browser's site data, or opening the browser developer tools and deleting the localStorage entry for our domain.

Because this token is strictly necessary for the service to function, we do not require a separate consent banner for it under the ePrivacy Directive. If you clear it, you will simply need to sign in again.

We do not use session storage, IndexedDB, or any other browser storage mechanism beyond what is described above.

Section 9

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the service, or applicable law. When we make a material change — such as collecting a new category of personal data or changing the legal basis for processing — we will update the "Last updated" date at the top of this page and notify active account holders by email at least 14 days before the change takes effect.

Minor updates (such as fixing typos, adding clarifications that do not affect your rights, or updating contact details) may be made without advance notice.

We encourage you to review this policy periodically. The current version is always available at this URL.

Section 10

Contact Us

For any privacy-related questions, data subject requests, or complaints, please contact us:

Email: hola@weblychat.eu
Service: WeblyChat
Data controller jurisdiction: Spain

We aim to respond to all privacy-related enquiries within 5 business days and to complete data subject requests within 30 days as required by the GDPR.