Privacy Policy

Last updated: March 16, 2026

1. Introduction

Welcome to Capuzzella ("we," "our," or "us"). Capuzzella is an AI-powered website builder that lets you create, edit, and publish web pages using natural language and a visual editor. We are committed to protecting your privacy and personal data.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web application at capuzzella.com and any associated services (collectively, the "Service"). By using the Service, you agree to the collection and use of information in accordance with this policy.

Data Controller: Maurice Wipf, operating as Capuzzella
Contact: capuzzella@mauwi.me

2. Information We Collect

2.1 Information You Provide Directly

• Account Information: When you create an account, we collect your email address and password (stored in encrypted form).
• Website Content: HTML pages, images, videos, and other files you create, upload, or publish through the Service.
• AI Chat Input: When you use the AI-powered editor, your text prompts and page context are sent to our AI service provider for processing.
• API Keys: If you create API keys for programmatic access, we store key metadata (name, role, usage logs). The full key value is only shown once at creation.
• Payment Information: When you subscribe to a paid plan, payment processing is handled by Stripe. We do not directly store your credit card details. We receive confirmation of your subscription status, plan type, and billing history from Stripe.

2.2 Information Collected Automatically

• Usage Data: Information about how you interact with the Service, including pages edited, features used, and session duration.
• Device & Browser Information: We may collect your IP address, browser type, operating system, and device type for security and analytics purposes.
• Session Data: We use server-side sessions to keep you logged in. We do not use cookies.

3. How We Use Your Information

We use the information we collect to:

• Provide Core Services: Host, render, and publish the websites you build with Capuzzella.
• Enable AI Features: Process your text prompts to generate and edit web page content via our AI providers.
• Manage Your Account: Create, maintain, and authenticate your user account.
• Process Subscriptions: Verify subscription status and provide access to paid features.
• Improve Our Service: Analyze usage patterns to enhance features and user experience.
• Communicate With You: Send service-related notifications, updates, and respond to your inquiries.
• Ensure Security: Detect, prevent, and address technical issues, fraud, or abuse, including API rate limiting and audit logging.

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, our legal basis for collecting and using your personal information depends on the data concerned and the context in which we collect it:

• Contract Performance: Processing necessary to provide the Service you requested (e.g., account management, website hosting, subscription fulfillment).
• Consent: For optional analytics and marketing communications, which you can withdraw at any time.
• Legitimate Interests: For security monitoring, service improvement, and fraud prevention, where such interests are not overridden by your data protection rights.

5. Data Sharing and Disclosure

We do not sell your personal information. We may share your information only in the following circumstances:

• AI Service Providers: We use third-party AI providers (such as OpenAI or Anthropic) to power the AI editor. Your text prompts and page context are transmitted for processing. These providers process data according to their respective privacy policies and data processing agreements.
• Payment Processor: Stripe handles subscription management and payment processing. Stripe processes your payment data according to their privacy policy.
• Email Service Provider: If transactional email is configured, we use Resend to deliver account-related emails. Resend processes data according to their privacy policy.
• Infrastructure Providers: We use cloud hosting services (e.g., Render, Railway) to operate the Service, which may process data on our behalf.
• Legal Requirements: We may disclose information if required by law, court order, or governmental authority, or to protect our rights, property, or safety.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

6. Data Retention

• Account Data: Retained until you delete your account.
• Website Content: Your pages, uploads, and published content are retained as long as your account is active. Upon account deletion, all associated content is permanently removed.
• AI Chat History: Conversation data used during AI-assisted editing is not permanently stored after your session ends.
• API Audit Logs: API usage logs are retained for up to 90 days for security and debugging purposes.
• Payment Records: Billing records are retained as required by applicable tax and accounting laws.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit using TLS/SSL
• Encryption of passwords using industry-standard hashing algorithms
• Session-based authentication with secure server-side sessions
• API key authentication with role-based access controls and rate limiting
• Regular security assessments and updates

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal data, we cannot guarantee absolute security.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Right of Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete data.
• Right to Erasure: Request deletion of your personal data ("right to be forgotten").
• Right to Restriction: Request restriction of processing of your data.
• Right to Data Portability: Request transfer of your data in a machine-readable format.
• Right to Object: Object to processing based on legitimate interests.
• Right to Withdraw Consent: Withdraw consent for optional data processing at any time.

To exercise these rights, please contact us at capuzzella@mauwi.me. We will respond to your request within 30 days.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States, where our service providers (including AI providers and Stripe) are located. These countries may have data protection laws different from your country.

When we transfer personal data from the EEA, UK, or Switzerland, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, or reliance on the recipient's certification under applicable data protection frameworks.

10. Children's Privacy

The Service is not intended for children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at capuzzella@mauwi.me, and we will take steps to delete such information.

11. Third-Party Links and Services

Websites you build with Capuzzella may contain links to third-party websites or embed third-party content. We are not responsible for the privacy practices of these third parties. We encourage you to read the privacy policies of any third-party services you access or integrate.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For significant changes, we may also notify you via email or through the Service. Your continued use of the Service after any changes constitutes acceptance of the updated policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Capuzzella
Data Controller: Maurice Wipf
Email: capuzzella@mauwi.me

14. Supervisory Authority

If you are located in the EEA, UK, or Switzerland and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection supervisory authority.