Privacy Policy

1. Scope

This Privacy Policy separates website visitors who encounter or use the GSBKit widget from customers, account owners, administrators, and team members who use the GSBKit dashboard, billing, support, or API features.

This policy is not legal advice. It should be reviewed against the actual production configuration before launch.

2. Website Visitors Using the Widget

Based on the current widget code, the widget does not intentionally send visitor personal data to GSBKit. The widget stores accessibility and language preferences in the visitor browser using localStorage.

When a customer installs the tracked embed code with a site ID, the widget can call /api/track to send anonymous event counts such as widget load, panel open, language selection, accessibility profile, tool ID, tool state, and page path. These events are tied to the customer site ID, not to a visitor account.

When a visitor uses page translation, visible page text snippets may be sent to GSBKit /api/translate for processing and translation. The widget skips form fields, scripts, styles, code blocks, iframes, and widget UI text.

3. Customers, Account Owners, and Admin Users

• Account and contact details, such as name, email, company, domain, role, and support messages.
• Site configuration, such as widget color, position, title, plan, registered domains, and API keys.
• Billing details processed by Stripe or another payment provider. GSBKit should not store full payment card numbers.
• Operational records, such as login/session data, plan status, support history, audit/report requests, and security logs.

4. AI and Accessibility Tool Inputs

If a customer uses AI-assisted features, GSBKit may process submitted image URLs, page text, prompts, summaries, simplified text requests, translations, or other content needed to provide the requested output.

AI-generated outputs are suggestions and may require human review. Customers remain responsible for content accuracy, accessibility, and legal compliance.

5. Why We Use Data

• Provide, configure, secure, and support the widget and dashboard.
• Process subscriptions and payments.
• Generate requested accessibility scans, reports, AI suggestions, and support responses.
• Maintain service reliability, prevent abuse, debug errors, and improve user experience.
• Send service, billing, security, and support communications.

6. Service Providers and Placeholders to Confirm

The platform uses Supabase, Vercel/Next.js hosting and static asset delivery, Stripe, AI processing services, and Resend. Production use, data flows, retention, and subprocessors must be confirmed before launch.

Confirm whether any additional services are active for GSBKit or the same production deployment and disclose active services before launch.

Placeholders to verify before launch: analytics provider, email provider, error logging provider, support tools, cookie consent tooling, CDN provider, and any additional AI, logging, storage, or telemetry services.

7. Cookies, Storage, and Logs

The widget uses localStorage for preferences. Customer dashboard authentication, billing, translation, and hosting infrastructure may use cookies, request logs, IP addresses, user agents, or security logs depending on the final production setup.

Do not represent the service as collecting no data unless production analytics, logging, cookies, session tracking, IP storage, DOM capture, page text capture, and third-party telemetry have been independently verified.

8. Sharing

We do not sell personal information in the ordinary meaning of that phrase. We may share data with service providers that help operate GSBKit, process payments, host infrastructure, provide AI features, deliver email, diagnose errors, or respond to support requests.

We may disclose information if required by law, to protect rights and security, or as part of a business transaction such as a merger, acquisition, or asset sale.

9. Retention

We retain personal information only as long as reasonably needed for the purposes described in this policy, including account operation, billing, security, legal, and support needs. Specific retention periods should be confirmed before launch for database records, hosting logs, payment records, AI service requests, email logs, analytics, and support tools.

10. Your Rights and Choices

Depending on where you live, you may have rights to request access, correction, deletion, portability, restriction, objection, or information about certain sharing practices. These rights are often associated with privacy laws such as GDPR-style and CCPA-style frameworks, but this policy does not guarantee that every law applies in every situation.

To make a request, email privacy@gsbkit.com. Replace this address before launch if a different monitored privacy inbox should be used.

11. Security

We use reasonable technical and organizational safeguards appropriate to the service. No internet service, AI provider, hosting platform, database, or payment processor can be considered completely secure.

12. Children

GSBKit is not directed to children under 13, and we do not knowingly collect personal information from children under 13.