Privacy Policy

Last updated: 27 June 2026

🔒 This template is written for a UK-based business under UK GDPR. It is a starting point, not legal advice — have it reviewed before launch, and register with the ICO if required.

This Privacy Policy explains how WelcomeBookMaker ("we", "us") collects, uses and protects personal data when you use WelcomeBookMaker.com (the "Service"). We are the data controller for your account data.

1. What we collect

Account data: your email address, name (optional), and a securely hashed password.
Booklet data: the property details, text, logos and photos you add.
Payment data: handled by Stripe. We store a Stripe customer ID and your subscription status — we never see or store your card details.
Guest messages: if a guest uses a booklet's contact form, we store their message and (if provided) their name and email to pass to you.
Usage data: basic, privacy-respecting view counts on published booklets (e.g. how many times a booklet was opened or scanned).

2. How we use it

To provide and operate the Service (create, host and export your booklets).
To generate booklet content using AI based on the details you provide.
To process subscriptions and send service emails (verification, password reset, guest messages).
To maintain security and improve the Service.

3. Legal bases (UK GDPR)

We process your data to perform our contract with you (providing the Service), to comply with legal obligations, and on the basis of our legitimate interests in running and securing the Service.

4. Sub-processors we use

We share data with trusted providers only as needed to run the Service:

Anthropic — AI content generation (receives the property details used to draft your booklet).
Stripe — payment processing.
Brevo — transactional email delivery.
Google — only if you choose "Sign in with Google".
Our hosting provider, which stores the Service and its data.

5. Published booklets are public

When you publish a booklet, its content and QR link are publicly accessible to anyone with the link. Do not include information in a booklet that you are not comfortable making public to guests.

6. Data retention

We keep your account and booklet data for as long as your account is active. If you delete a booklet or your account, the associated data is deleted. We may retain limited records where required for legal or accounting reasons.

7. Your rights

Under UK GDPR you have the right to access, correct, delete, or export your personal data, and to object to or restrict certain processing. To exercise these rights, email support@welcomebookmaker.com. You also have the right to complain to the Information Commissioner's Office (ICO).

8. Security

We protect your data with industry-standard measures, including hashed passwords and encrypted connections. No system is perfectly secure, but we take reasonable steps to safeguard your information.

9. Cookies

We use a single essential session cookie to keep you logged in. We do not use advertising or third-party tracking cookies.

10. Changes

We may update this Policy. Material changes will be notified by email or in-app.

11. Contact

For any privacy questions, email support@welcomebookmaker.com.