Privacy Policy

Last updated: June 15, 2026

1. Overview

This Privacy Policy describes how WebUplink ("we", "us") collects, uses, and protects information when you use our API service.

2. Information We Collect

Account Information

When you sign up, we collect your name, email address, and payment information (processed by Stripe). This is used for account management, billing, and support communication.

API Usage Data

We collect the following operational data for each API request:

• Timestamp and request ID
• API key prefix (first 8 characters, for logging)
• Target URL domain (not full URL)
• Action count and billing metrics
• Response status codes and latency

What We Do NOT Collect

• Page content — Browsed page content is not stored beyond the active session
• Credentials — Passwords, tokens, or other authentication data passed as tool parameters are not logged or stored
• Personal data from browsed sites — We do not extract or store PII from websites your agent visits
• Full API keys — Only the prefix is logged; the full key is hashed (SHA-256) for lookup

3. Browser Sessions

WebUplink uses Browserbase for browser infrastructure. Each browser session:

• Expires after 2 minutes of inactivity or 15 minutes total
• Runs in an isolated browser context — no data shared between sessions
• Is fully destroyed on expiration — all cookies, local storage, and session state are deleted

4. Data Retention

• Account data: Retained while your account is active, deleted within 30 days of account closure
• Usage metrics: Aggregated billing data retained for 12 months for accounting purposes
• Request logs: Retained for 30 days for debugging and support, then deleted
• Browser sessions: No retention — destroyed on expiration

5. Third-Party Services

We use the following third-party services:

• Google Cloud Platform — Infrastructure hosting (Firestore, Cloud Run)
• Browserbase — Browser session infrastructure
• Stripe — Payment processing
• Google Gemini — AI page perception (no data retained by Google per API terms)

6. Security

API keys are hashed with SHA-256 before storage. All API traffic is encrypted via TLS. Access to production infrastructure requires IAM-authenticated credentials.

7. Your Rights

You may:

• Request a copy of your account and usage data
• Request deletion of your account and associated data
• Revoke API keys at any time through the dashboard

8. Changes to This Policy

We will notify you of material changes via email. Continued use of the Service after changes constitutes acceptance.

9. Contact

For privacy inquiries, contact us at privacy@webuplink.ai.