Privacy Policy

Weblease ("we", "us", "our") is a Swedish digital agency operating the website weblease.se and the WPilot WordPress plugin. We are committed to protecting your personal data in accordance with the EU General Data Protection Regulation (GDPR) and Swedish data protection law.

This privacy policy explains what data we collect, why we collect it, how we process it, and your rights regarding your personal information.

We collect the following categories of personal data:

• Account data: Email address, hashed password, and license key when you create an account.
• Payment data: Billing information processed through Stripe. We do not store credit card numbers on our servers.
• Usage data: Number of AI prompts used, plan type, and subscription status.
• Plugin data: WordPress site URL, theme and plugin information, and anonymized AI interaction data (with your explicit consent).
• Technical data: IP address, browser type, and device information collected via server logs and cookies.

We process your personal data for the following purposes:

• To provide and maintain the WPilot plugin and your account.
• To process payments and manage subscriptions via Stripe.
• To send transactional emails (license keys, receipts, account notifications).
• To improve the WPilot AI model using anonymized training data (only with your explicit consent).
• To ensure the security and integrity of our services.
• To comply with legal obligations.

Legal bases for processing: contract performance, legitimate interest, consent, and legal obligation (Article 6 GDPR).

We use the following types of cookies:

• Essential cookies: Required for the website to function (authentication, session management).
• Preference cookies: Store your cookie consent choice and display preferences.
• Analytics cookies: Help us understand how visitors interact with our website (only with your consent).

You can manage your cookie preferences through the cookie banner on your first visit, or by clearing your browser data.

We share data with the following third-party processors:

• Stripe — Processes payments securely. Stripe receives your email and payment details. See Stripe's privacy policy.
• Anthropic (Claude AI) — Powers the AI in WPilot. Prompts are sent to Anthropic's API for processing. No personally identifiable information (PII) is included in AI training data. See Anthropic's privacy policy.
• Loopia (email) — Handles transactional email delivery through SMTP.

The WPilot plugin collects anonymized AI interaction data to improve our own WordPress AI model. This data collection only occurs with your explicit consent, which you can grant or revoke at any time in the plugin settings.

Training data is fully anonymized before storage. No personally identifiable information (PII), no site URLs, and no sensitive content is included in the training dataset. The data consists of WordPress action patterns (e.g., "add heading to page") stripped of any identifying context.

• Account data: Retained as long as your account is active. Deleted within 30 days of account deletion.
• Payment data: Retained for 7 years as required by Swedish accounting law.
• Usage logs: Retained for 12 months, then automatically deleted.
• Anonymized training data: Retained indefinitely as it contains no personal data.

Under the GDPR, you have the following rights:

• Right of access — Request a copy of your personal data.
• Right to rectification — Request correction of inaccurate data.
• Right to erasure — Request deletion of your personal data ("right to be forgotten").
• Right to restrict processing — Request limitation of how we process your data.
• Right to data portability — Receive your data in a structured, machine-readable format.
• Right to object — Object to processing based on legitimate interest.
• Right to withdraw consent — Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, contact us at info@weblease.se. We will respond within 30 days.

You also have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY) at imy.se.

We implement appropriate technical and organizational measures to protect your personal data, including encryption in transit (TLS), hashed passwords (bcrypt), secure API key storage, and regular security reviews.

For questions about this privacy policy or your personal data, contact us: