Your data is safe.
1. Who is the controller
Trenér svobody s.r.o., Company ID: 142 43 440, registered at Velehradská 2340/7, Vinohrady, 130 00 Praha 3, Czech Republic, recorded in the Commercial Register maintained by the Municipal Court in Prague.
We operate the Web by Voice service (the "service") at webbyvoice.com. For any privacy-related questions contact us at [email protected].
2. What data we process
- Identification and contact details — name, email, phone, billing info (if provided).
- Telegram identifiers — Telegram ID, username, profile photo, content of messages you send us.
- Voice recordings — temporarily, only for transcription. Deleted after transcription.
- Content you send for the website — texts, photos, links, documents (e.g. from a shared Google Drive folder).
- Payment data — amount, subscription type, payment status. Card numbers and CVV never reach us — Stripe handles them.
- Operational and technical data — IP address, access logs, browser type, pages visited, and data required for WordPress to run under the hood.
3. Why we process data and on what legal basis
| Purpose | Legal basis | Retention |
|---|---|---|
| Service delivery — building and maintaining your site via Telegram chat and AI builder | Performance of contract | Subscription duration + 12 months |
| Invoicing and tax records | Legal obligation (VAT, accounting laws) | 10 years |
| Newsletter to existing customers | Legitimate interest — you can unsubscribe anytime | Until you unsubscribe, max 10 years after last payment |
| Marketing to non-customers | Explicit consent | Until consent withdrawn, max 5 years |
| Protection against abuse, disputes, complaints | Legitimate interest | Service duration + 4 years |
4. Who we share data with (processors)
Some tasks are handled for us by trusted vendors. All are bound by a data processing agreement and must maintain the same level of protection as we do. For processors outside the EU (typically USA) we rely on EU Standard Contractual Clauses.
- Telegram FZ‑LLC (UAE) — operates the messenger platform you use to chat with the AI builder.
- Anthropic, PBC (USA) — Claude API, the AI model that understands your requests and generates website changes. Anthropic does not use API content to train models.
- OpenAI, LLC (USA) — Whisper API for voice transcription. Recordings are processed one-off and not used for training.
- Stripe Payments Europe, Ltd. (Ireland, USA) — payment processing. Card data is seen only by Stripe.
- Hetzner Online GmbH (Germany) — server infrastructure hosting the WordPress instances.
- RunCloud Pte Ltd (Singapore) — server management and WordPress provisioning.
- Cloudflare, Inc. (USA) — DNS, CDN and DDoS protection for webbyvoice.com and client websites.
- Google Ireland Limited (Ireland, USA) — Google Drive API (access to the folder you share), Gmail (transactional emails), optionally Google Analytics 4 on your site.
- Ecomail s.r.o. (CZ) — newsletter and marketing email delivery (if you subscribed).
- GitHub, Inc. (USA, Microsoft) — source code and CI/CD. Client personal data is typically not stored here.
- Asana, Inc. (USA) — internal task management. May contain client name and ID for specific support requests.
We update this list whenever a vendor changes. For the current complete list of sub-processors write to [email protected].
5. Automated decision-making and AI
The service uses AI (Claude, Whisper) to understand your requests and apply them to your website. This is not automated decision-making with legal effect under Art. 22 GDPR — every meaningful action (creating a site, publishing, changing content) is triggered by you. AI acts as a tool, not a decision-maker.
6. Your rights
As a data subject you have the right to:
- know what data we hold about you (access);
- request correction of inaccurate data;
- request erasure (except data we must keep by law, e.g. invoices);
- request restriction of processing;
- request portability of your data in a machine-readable format;
- object to processing based on legitimate interest;
- withdraw consent for marketing at any time — one click in the email or write to us;
- lodge a complaint with the supervisory authority — the Czech Office for Personal Data Protection.
Contact for exercising your rights: [email protected]. We reply within 30 days at the latest.
7. Cookies and web tracking
On webbyvoice.com we use only technical cookies required for operation. Analytics or marketing cookies are deployed only with your explicit consent via the cookie banner.
The website we build for you may use cookies per your setup (e.g. Google Analytics). As the operator of your own site, you are responsible for its cookies — we're happy to help you configure them.
8. Security
- All communication is encrypted (HTTPS/TLS).
- Passwords and API keys are kept in encrypted storage.
- Servers run in the EU (Hetzner, Germany).
- WordPress instances are backed up and updated regularly.
- Data access is limited to the small group of people who strictly need it.
9. Changes to this document
We may update this document from time to time — typically when a vendor changes or the service expands. You'll always find the current version at webbyvoice.com/en/privacy/. We will notify you by email of any material change.