Login
Go to plans

privacy policy

Home privacy policy

Privacy Policy

Last updated: 23 May 2026

Webnua (“we”, “us”, “our”) is operated by Webnua, registered in Ireland at Webnua, Dundrum Main Street, Dublin 14, Ireland. This Privacy Policy explains how we collect, use, store, and share personal data when you use our website (webnua.com) and our platform services.

We are committed to protecting your privacy and complying with the EU General Data Protection Regulation (GDPR), the Irish Data Protection Act 2018, and the UK Data Protection Act 2018 where applicable.

1. Who this policy applies to

This policy covers three groups of people:

  • Visitors — anyone who visits webnua.com
  • Clients — service businesses who subscribe to the Webnua platform
  • End customers — individuals who interact with our clients through websites and lead-capture forms built using Webnua (for example, by submitting an enquiry to a tradesperson whose website runs on Webnua)

Where this policy refers to “you”, it means whichever of these groups applies to your interaction with us.

2. Data we collect

From clients (paying businesses)

When you subscribe to Webnua, we collect:

  • Business name, contact name, email address, phone number
  • Business address and service area
  • Payment information (processed by our payment provider Stripe; we do not store full card details)
  • OAuth tokens granting Webnua access to your connected third-party accounts (such as Google Business Profile and Meta Ads) — stored encrypted at rest
  • Configuration data you provide (your services, pricing, branding, message templates)

From end customers (your clients’ leads and customers)

When an individual interacts with a website or form built using Webnua, we collect personal data on behalf of the business operating that website. This may include:

  • Name
  • Email address
  • Phone number
  • Service requested and message content
  • IP address and browser metadata
  • Time and source of the enquiry

The business operating the website is the data controller for this information. Webnua acts as a data processor on their behalf.

From visitors to webnua.com

When you visit our marketing website, we may collect:

  • IP address, browser type, device information, referring URL
  • Pages visited and time spent
  • Cookie data (see section 8)

3. How we use this data

Client data

We use information about our clients to:

  • Provide and maintain the platform
  • Process subscription payments
  • Manage your account and provide support
  • Send service-related communications (billing notices, important platform updates)
  • Operate connected third-party services on your behalf (run Meta ad campaigns, manage Google Business Profile listings, send SMS and email on behalf of your business)
  • Improve and develop our service

End-customer data

We process end-customer data only as instructed by the business that captured it. Specifically:

  • Storing the lead in the client’s Webnua inbox
  • Sending automated SMS and email notifications on behalf of the business (acknowledgments, appointment confirmations, review requests)
  • Routing replies back to the client
  • Generating analytics and reporting for the client

We do not use end-customer data for our own marketing or sell it to anyone.

Visitor data

We use website visitor data to understand how our marketing site is used and to improve it. We may use anonymised analytics data for business decisions.

4. Legal basis for processing

We process personal data on the following legal bases:

  • Contract: where processing is necessary to provide the service you’ve subscribed to
  • Legitimate interests: for service improvement, fraud prevention, security, and where end-customers have actively submitted information to a business expecting a response
  • Consent: where explicitly given (for example, marketing communications)
  • Legal obligation: where required to comply with applicable law

5. Third parties we share data with

We share personal data with the following service providers, who act as data processors on our behalf:

  • Stripe (payment processing) — Stripe receives payment and billing information. Stripe’s privacy policy: https://stripe.com/privacy
  • Twilio (SMS delivery) — Twilio receives recipient phone numbers and message content. Twilio’s privacy policy: https://www.twilio.com/legal/privacy
  • Resend (email delivery) — Resend receives recipient email addresses and message content. Resend’s privacy policy: https://resend.com/legal/privacy-policy
  • Google (Google Business Profile integration) — when clients connect their Google Business Profile, we exchange data with Google’s APIs to manage reviews and posts on their behalf. Data exchanged is limited to what’s needed for these features. Google’s privacy policy: https://policies.google.com/privacy
  • Meta (Meta Ads integration) — when clients connect their Meta Ads account, we exchange data with Meta’s APIs to manage ad campaigns on their behalf. Meta’s privacy policy: https://www.facebook.com/privacy/policy
  • Supabase and Vercel (hosting and database) — our platform infrastructure providers, storing data on encrypted servers. Their privacy policies are available on their respective websites.
  • Anthropic (AI text generation) — we use Anthropic’s API to generate AI-assisted content (website copy, marketing content). Submitted prompts may include business information our clients provide. Anthropic does not train models on this data. Anthropic’s privacy policy: https://www.anthropic.com/legal/privacy

We do not sell personal data to anyone.

6. International data transfers

Some of our service providers operate outside the European Economic Area (EEA). Where we transfer data to such providers, we ensure adequate safeguards are in place, typically through Standard Contractual Clauses approved by the European Commission.

7. Data retention

  • Client account data: retained for as long as your subscription is active, and for up to 7 years after termination for legal and accounting purposes
  • End-customer data: retained as long as the client requires it for their business operations, or until the client deletes it from their inbox
  • Communication logs (SMS, email): retained for 12 months for service operation and audit purposes
  • Payment records: retained for 7 years for tax and accounting purposes
  • Website analytics: retained for 26 months

Clients can request earlier deletion of their data by contacting us, subject to legal retention obligations.

8. Cookies

We use cookies on webnua.com for the following purposes:

  • Essential cookies — required for the platform to function (e.g., authentication, security). These cannot be disabled.
  • Analytics cookies — to understand how visitors use the site. You can opt out via your browser settings.

We do not currently use advertising or tracking cookies on our marketing website.

9. Your rights under GDPR

If you are in the EU or UK, you have the following rights regarding your personal data:

  • Right of access — request a copy of the data we hold about you
  • Right to rectification — request that inaccurate data be corrected
  • Right to erasure — request that your data be deleted, subject to legal exceptions
  • Right to restrict processing — request that we limit how we use your data
  • Right to data portability — request that your data be transferred to another provider
  • Right to object — object to processing based on legitimate interests
  • Right to withdraw consent — where processing is based on consent

To exercise any of these rights, contact us at hello@webnua.com.

For end-customer data (data submitted to one of our clients), the client is the data controller. We will forward your request to the relevant client where appropriate.

You also have the right to lodge a complaint with the Irish Data Protection Commission (https://www.dataprotection.ie/) or, if you are in the UK, the Information Commissioner’s Office (https://ico.org.uk/).

10. Security

We take reasonable technical and organisational measures to protect your data, including:

  • Encryption of data in transit (TLS) and at rest
  • Access controls and authentication requirements for staff
  • Encrypted storage of sensitive credentials (such as OAuth tokens)
  • Regular security reviews

No system is perfectly secure. If we become aware of a data breach affecting your personal information, we will notify you and the relevant authorities in accordance with applicable law.

11. Children

Our service is not intended for individuals under 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected data from a minor, please contact us and we will delete it.

12. Changes to this policy

We may update this policy from time to time. The “Last updated” date at the top reflects the most recent change. Material changes will be communicated to clients via email.

13. Contact us

If you have questions about this Privacy Policy or how we handle your data, contact:

Webnua
Webnua, Dundrum Main Street, Dublin 14, Ireland
Email: hello@webnua.com

For questions about data collected by a specific business using Webnua, please contact that business directly. They are the data controller for their leads and customers.