GDPR

GDPR Policy

Last Updated: November 10, 2025

This GDPR Policy explains how Helloweb complies with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and protects the privacy rights of our users located in the European Economic Area (EEA), the United Kingdom, and other regions offering similar data protection rights.

1. Who We Are

Helloweb is a SaaS platform that converts user CVs into personal websites.
We collect and process user data only as necessary to provide our service.

Data Controller:
Helloweb
📧 [email protected]

We act as a data controller when handling user data for account management, service delivery, and communications.

2. Lawful Basis for Processing

Under the GDPR, we must have a lawful basis to process your data.
We process data based on one or more of the following:

Purpose	Lawful Basis
To create and manage your account	Contractual necessity
To generate and host your personal website	Contractual necessity
To provide support and communicate with you	Legitimate interest
To improve our services	Legitimate interest
To process payments	Legal obligation / Contract
To send marketing communications (optional)	Consent
To use AI and analytics tools	Legitimate interest / Consent

3. Data We Collect

We collect and process the following categories of data:

Personal data: Name, email address, and login details.
CV content: The information you upload for website generation.
Usage data: Interactions with our platform, preferences, and activity logs.
Payment data: Processed securely through third-party payment providers.
AI data: Information processed temporarily for AI chat and template generation (powered by Anthropic).

We only collect what’s necessary for the stated purposes.

4. Data Processing and Retention

Your data is stored and processed securely.
We retain it only for as long as needed to:

Maintain your account and website.
Comply with legal and financial requirements.
Resolve disputes or enforce agreements.

Once your account is deleted, your data is removed from active systems within 30 days, unless retention is legally required.

5. Data Sharing

We do not sell or share your personal data with third parties.
We only share data with:

Service providers (hosting, payment, AI, analytics) that help us operate Helloweb.
Anthropic (AI processing provider) — only for generating responses and never for model training.
Legal authorities — only if required by law.

All third parties are bound by confidentiality and GDPR-compliant data processing agreements.

6. International Data Transfers

If your data is transferred outside the EEA or UK (e.g., to the U.S.), it is done under one of the following safeguards:

The recipient country is recognized as offering adequate protection by the European Commission.
Standard Contractual Clauses (SCCs) approved by the European Commission are in place.
Equivalent contractual or legal safeguards ensuring GDPR-level protection.

7. Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

Right of Access – Request a copy of your personal data.
Right to Rectification – Correct inaccurate or incomplete information.
Right to Erasure (“Right to be Forgotten”) – Request deletion of your data.
Right to Restriction of Processing – Limit how we use your data.
Right to Data Portability – Receive your data in a structured, machine-readable format.
Right to Object – Object to processing based on legitimate interests or marketing.
Right to Withdraw Consent – Withdraw consent where processing relies on it.

You can exercise your rights anytime by contacting [email protected].
We respond to verified requests within 30 days.

8. Automated Decision-Making and Profiling

We do not use your data for automated decision-making or profiling that produces legal or significant effects.
Our AI tools (powered by Anthropic) generate website content suggestions only at your request and under your control.

9. Data Security

We use appropriate technical and organizational measures to protect your data, including:

Encrypted data transmission (HTTPS/TLS)
Secure storage and access controls
Regular system monitoring and audits
Limited employee access to personal data

10. Children’s Data

Helloweb is not intended for users under 16 years old.
We do not knowingly collect data from minors.
If we discover that we have collected personal data from a child under 16 without consent, we will delete it immediately.

11. Data Protection Officer (DPO)

If you have any GDPR-related questions or concerns, you can contact our DPO directly at:

Data Protection Officer
📧 [email protected]

12. Complaints

If you believe we have not handled your data properly, you can contact your local Data Protection Authority (DPA).
In the EU, you can find your national authority here:
https://edpb.europa.eu/about-edpb/board/members_en

You may also contact the UK Information Commissioner’s Office (ICO) if you are based in the United Kingdom.

13. Updates to This Policy

We may update this GDPR Policy periodically to reflect changes in our practices or legal requirements.
The latest version will always be available at helloweb.io/gdpr.

By using Helloweb, you acknowledge that you have read and understood this GDPR Policy.

Back to Home