Clear notes on data, pricing, performance, and security.

The widget sends anonymous event counts such as widget load, tool opened, language selected, and profile action. These events are tied to a site ID so owners can understand which tools visitors use.

GSBKit widget events do not store visitor names, emails, phone numbers, form field values, payment details, or page content in product tables.

Account owners provide the normal information needed to run the dashboard, including their email address, site settings, billing state, and saved site domains.

Free gives small sites a way to launch core visitor controls and test the embed before paying.

Pro is built for businesses that need analytics, scanner history, and higher-value accessibility workflows.

Business is for teams that need stronger branding controls, expanded management features, and deeper support as the product grows.

The production widget is kept small and async. The current public bundle transfers under 25KB with compression; uncompressed source output can be larger.

The script is installed with async loading and is designed not to block page rendering. Runtime failures are caught so host pages keep working if the widget CDN or API is unavailable.

The widget is built to avoid layout shifts from the script itself. Site owners should still test their installed position and custom launcher target on real pages.

Dashboard data is scoped by Supabase Auth and row-level security policies so users can only access their own sites and events.

Stripe handles checkout, payment method management, invoices, upgrades, and cancellations. GSBKit does not store raw card data.

Service-role operations are kept on server routes only. The browser receives only the responses needed for the logged-in dashboard workflow.