Privacy Policy

1. Information We Collect

1.1 Information You Provide

Account Information:

• Email address
• Name (optional)
• Password (stored securely hashed)
• Profile information you choose to provide

Content:

• Websites and pages you create
• Images, text, and media you upload
• Custom code (CSS, JavaScript) you add

Communications:

• Support requests and correspondence
• Feedback and survey responses

1.2 Information Collected Automatically

Usage Data:

• Pages and features you access
• Actions you take within the Service
• Time, date, and duration of your sessions

Device Information:

• Browser type and version
• Operating system
• Device type (desktop, mobile, tablet)
• Screen resolution

Network Information:

• IP address
• General geographic location (country/region level)
• Referring URLs

1.3 Information from Third Parties

Authentication Providers:
If you sign in using a third-party service (Google, GitHub, etc.), we receive basic profile information as permitted by your settings with that provider.

Payment Processor:
Stripe provides us with transaction confirmations, subscription status, and billing-related information. We do NOT receive or store your credit card numbers or bank account details.

2. How We Use Your Information

We use your information to:

Provide the Service:

• Create and manage your account
• Host and serve your websites
• Process transactions and billing
• Provide customer support

Improve the Service:

• Analyze usage patterns to improve features
• Identify and fix bugs and issues
• Develop new features based on user needs

Communicate with You:

• Send service-related notifications
• Respond to support requests
• Send product updates (with your consent)

Ensure Security:

• Detect and prevent fraud
• Enforce our Terms of Service
• Protect against abuse and security threats

Legal Compliance:

• Comply with legal obligations
• Respond to lawful requests from authorities

3. Information Sharing

We do NOT sell your personal information. We share information only in these circumstances:

3.1 Service Providers

We use trusted third-party services to operate QUJO:

These providers are contractually obligated to protect your data and use it only as necessary to provide their services.

3.2 Legal Requirements

We may disclose information if required by law or in response to:

• Valid legal process (subpoenas, court orders)
• Government requests in accordance with applicable law
• To protect our rights, property, or safety
• To protect users or the public from harm

3.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you of any such change.

3.4 With Your Consent

We may share information with your explicit consent for purposes not covered by this policy.

4. Data Security

We implement industry-standard security measures to protect your information:

Technical Safeguards:

• Encryption in transit (TLS/HTTPS)
• Encryption at rest for sensitive data
• Secure password hashing (bcrypt)
• Regular security audits and updates

Access Controls:

• Role-based access for employees
• Two-factor authentication for administrative access
• Principle of least privilege

Infrastructure:

• Hosted on Cloudflare's secure global network
• DDoS protection and WAF (Web Application Firewall)
• Regular backups with encryption

Payment Security:

• PCI-DSS compliant payment processing via Stripe
• We never store credit card numbers on our servers

While we strive to protect your information, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

5. Data Retention

We retain your information for as long as necessary to:

• Provide the Service to you
• Comply with legal obligations
• Resolve disputes
• Enforce our agreements

Account Data: Retained while your account is active and for a reasonable period afterward to allow for reactivation.

Content: Deleted within 30 days of account deletion, except where required for legal compliance.

Logs and Analytics: Aggregated data may be retained indefinitely; personally identifiable logs are retained for up to 90 days.

Backup Data: May be retained for up to 90 days in encrypted backups.

6. Your Rights and Choices

6.1 Account Settings

You can access and update your account information at any time through your dashboard settings.

6.2 Data Export

You can export your website content and data from your account settings.

6.3 Account Deletion

You can delete your account at any time. Upon deletion:

• Your account will be deactivated immediately
• Your websites will be taken offline
• Your data will be deleted within 30 days
• Backup copies may persist for up to 90 days

To delete your account, go to Settings > Account > Delete Account, or contact [email protected].

6.4 Communication Preferences

You can manage email preferences in your account settings. Note that you cannot opt out of essential service communications (security alerts, billing notices).

6.5 Cookies and Tracking

We use essential cookies for authentication and functionality. You can control analytics cookies through your browser settings.

7. International Data Transfers

QUJO is based in the United States. If you access the Service from outside the US, your information will be transferred to and processed in the US.

We ensure appropriate safeguards for international transfers through:

• Standard contractual clauses
• Service provider agreements with data protection provisions

8. Rights for European Users (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights under GDPR:

Right of Access: Request a copy of your personal data.

Right to Rectification: Request correction of inaccurate data.

Right to Erasure: Request deletion of your data ("right to be forgotten").

Right to Restrict Processing: Request limited processing in certain circumstances.

Right to Data Portability: Receive your data in a portable format.

Right to Object: Object to processing based on legitimate interests.

Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.

Right to Lodge a Complaint: File a complaint with your local data protection authority.

To exercise these rights, contact us at [email protected]. We will respond within 30 days.

Legal Basis for Processing:

• Contract: Processing necessary to provide the Service
• Legitimate Interests: Analytics, security, fraud prevention
• Consent: Marketing communications
• Legal Obligation: Compliance with laws

9. Rights for California Users (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Right to Know: Request information about data collection and sharing.

Right to Delete: Request deletion of your personal information.

Right to Correct: Request correction of inaccurate information.

Right to Opt-Out: Opt out of the sale or sharing of personal information. Note: We do NOT sell your personal information.

Right to Non-Discrimination: We will not discriminate against you for exercising your rights.

Categories of Personal Information Collected:

• Identifiers (email, name, IP address)
• Commercial information (subscription details)
• Internet activity (usage data)
• Inferences drawn from the above

To exercise these rights, contact us at [email protected] or use our web form. We will verify your identity before processing requests.

Authorized Agents: You may designate an authorized agent to make requests on your behalf with proper verification.

10. Children's Privacy

QUJO is not directed to children under 13 (or 16 in the EEA). We do not knowingly collect personal information from children.

If you believe a child has provided us with personal information, please contact us at [email protected] and we will delete it promptly.

Parents or guardians who become aware that their child has provided information without consent should contact us immediately.

11. Third-Party Links

Our Service may contain links to third-party websites. We are not responsible for the privacy practices of these sites. We encourage you to read their privacy policies.

Websites you create on QUJO may link to third-party services. Your use of those services is governed by their respective privacy policies.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy on our website
• Updating the "Last Updated" date
• Sending an email notification for significant changes

Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

13. Contact Us

For privacy-related questions or to exercise your rights, contact us:

We aim to respond to all privacy requests within 30 days.

14. Cookie Policy

What Are Cookies

Cookies are small text files stored on your device when you visit websites. They help provide functionality and improve user experience.

Cookies We Use

Essential Cookies:

• Authentication tokens
• Session management
• Security features

These are necessary for the Service to function and cannot be disabled.

Analytics Cookies:

• PostHog analytics
• Usage patterns and feature engagement

You can opt out of analytics cookies through your browser settings or by contacting us.

Managing Cookies

Most browsers allow you to:

• View cookies stored on your device
• Delete cookies
• Block cookies from specific sites
• Block all cookies (may affect functionality)