FeaturesHow It WorksPricingIntegrations
Log InGet Started Free

Privacy Policy

Last updated: April 19, 2026

1. Introduction

WidgetJar ("we", "us", "our") operates the website widgetjar.com and the WidgetJar SaaS platform (the "Service"). This Privacy Policy explains how we collect, use, disclose and safeguard your information when you visit our website or use our Service.

2. Information We Collect

Account information

When you register, we collect your name, email address and a hashed password. If you sign up via a third-party provider (e.g. Google), we receive basic profile information from that provider.

Widget & usage data

We collect the widget configurations you create, the domains they are embedded on and aggregated impression / interaction counts to provide analytics and enforce plan limits.

Visitor data on embedded widgets

When a visitor loads a widget on a customer site, we record an anonymous impression event (timestamp, widget ID, country code derived from IP). We do not set any tracking cookies on visitor devices and we do not collect personal data from visitors unless they explicitly submit it through a form widget.

Cookies & analytics

Our marketing site uses Google Analytics with IP anonymization to understand aggregate traffic. You can opt-out via the cookie consent banner shown on first visit.

3. How We Use Your Information

  • To provide, operate and maintain the Service
  • To process billing, subscriptions and refunds
  • To send transactional emails (account, billing, security alerts)
  • To detect, prevent and address fraud, abuse and security incidents
  • To comply with legal obligations

4. Legal Basis (GDPR)

We process personal data on the following legal bases: (a) performance of the contract you enter into with us; (b) compliance with legal obligations; (c) our legitimate interest in operating and improving the Service; (d) your explicit consent for marketing communications and non-essential cookies.

5. Data Sharing & Sub-processors

We do not sell personal data. We share data only with sub-processors strictly needed to operate the Service:

  • Stripe — payment processing
  • Brevo — transactional and marketing email
  • Cloudflare — CDN, R2 object storage and DDoS protection
  • Sentry — error monitoring
  • Google Analytics — aggregate website analytics

6. Data Retention

We retain account data for as long as your account is active. Aggregated analytics events are retained for up to 24 months. Upon account deletion, personal data is removed within 30 days, except where retention is required by law (e.g. tax records).

7. Your Rights

Depending on your jurisdiction (GDPR, CCPA and similar laws), you have the right to access, rectify, erase, restrict or port your personal data, and to object to processing. To exercise these rights, contact us at [email protected].

8. Security

We use industry-standard security measures including TLS encryption in transit, encryption at rest for sensitive fields, hashed passwords (bcrypt) and least- privilege access controls. No method of transmission over the Internet is 100% secure, however, and we cannot guarantee absolute security.

9. International Transfers

Our infrastructure is hosted in the European Union. Where data is transferred outside the EEA (e.g. to US-based sub-processors), we rely on Standard Contractual Clauses approved by the European Commission.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or via an in-product notice. The "Last updated" date at the top of this page reflects the latest revision.

11. Contact

Questions about this Privacy Policy? Email [email protected].