Try for free

Privacy Policy

Last updated: April 30, 2026

Data controller

The data controller is Waibly SAS, registered at 6, rue Antoine Lavoisier, 77680 Roissy-en-Brie, France. For any question about your personal data, please contact hello@waibly.com.

Data collected

Waibly only collects data necessary to provide the service:

β€” Account data: name, email, hashed password
β€” Billing data: payment information processed by Stripe (Waibly never stores card numbers)
β€” Usage data: connected sites, generated content, imported documents
β€” Technical data: IP address, browser, operating system

Processing purposes

Your data is processed to:

β€” Provide and improve the Waibly service
β€” Manage your subscription and billing
β€” Send account-related information
β€” Ensure platform security
β€” Comply with legal and accounting obligations

Legal basis

Processing is based on contract performance (Terms of Service), your explicit consent for marketing communications, and our legal obligations for invoice retention.

Subprocessors

Waibly relies on GDPR-compliant subprocessors:

β€” OVH (hosting, France)
β€” Stripe (payment, Ireland/USA β€” Standard Contractual Clauses)
β€” TinaCMS (content management, USA β€” Standard Contractual Clauses)
β€” Plausible Analytics (anonymous audience measurement, EU)
β€” Anthropic and OpenAI (AI content generation, USA β€” Standard Contractual Clauses)

Retention period

Your data is retained for the duration of your subscription. After cancellation, it is deleted within 30 days, except for legal obligations (invoices kept for 10 years).

Your rights

Under GDPR, you have the following rights:

β€” Right of access
β€” Right of rectification
β€” Right of erasure
β€” Right to data portability
β€” Right to object
β€” Right to restrict processing

To exercise these rights, write to hello@waibly.com. You may also lodge a complaint with the CNIL (www.cnil.fr).

Security

Waibly implements technical and organizational measures to protect your data: TLS encryption, hashed passwords, restricted access, regular backups.

Transfers outside the EU

Some subprocessors are located outside the European Union (notably USA). These transfers are framed by the Standard Contractual Clauses adopted by the European Commission.

Changes

This policy may be modified. Any substantial change will be notified to you by email at least 30 days before it takes effect.