Privacy Policy

HayaWeb is an AI-powered website builder for local service businesses. To provide our Service, we collect information you give us directly (like your email and business details), information generated as you use our platform (like website preferences and analytics), and limited technical information from your device and browser.

We use this information to create and host your AI-generated website, communicate with you, process payments, improve our Service, and keep our platform secure. We do not sell your personal information. Ever.

2.1 Information You Provide Directly

2.2 Information Collected Automatically

2.3 Information from Your Generated Websites

When visitors interact with websites you publish on HayaWeb hosting, basic server logs may be collected for security and infrastructure purposes. This includes visitor IP addresses and page requests. This data is not linked to individual visitor identities and is retained only as long as needed for security and debugging purposes.

We use the information we collect for the following purposes:

• Providing the Service: Generating your AI website, hosting it, and enabling you to manage, publish, and update it through your dashboard
• Authentication: Sending OTP codes to your email to verify your identity — we store no passwords
• Billing & Subscriptions: Processing payments, managing your plan (Free, Pro, or Agency), and sending invoices and payment confirmations
• Communications: Sending transactional emails (OTP codes, account notices, billing receipts). We may also send product update emails; you may opt out at any time
• Customer Support: Responding to your inquiries, troubleshooting issues, and resolving disputes
• Security & Fraud Prevention: Detecting and preventing unauthorized access, abuse, and violations of our Terms of Service
• Analytics & Improvement: Understanding how the Service is used so we can improve features, fix bugs, and build new capabilities
• Legal Compliance: Meeting our obligations under applicable law, including responding to lawful legal process

We do not use your business description, logo, or personal information to train our AI models without your explicit consent.

We do not sell, rent, or trade your personal information to third parties. We share your information only in the following limited circumstances:

• AI Infrastructure Providers: Your business inputs (description, type, name, style preferences) are sent to third-party AI model providers solely to generate your website content. These providers are contractually prohibited from using your data for any purpose other than providing the AI service to us.
• Cloud Hosting & Infrastructure: Your data (including uploaded files) is stored on cloud infrastructure (such as AWS S3 or similar services). These providers operate under strict data processing agreements.
• Payment Processors: Payment information is handled by a PCI-DSS-compliant third-party payment processor. We do not store full card numbers or CVV codes on our servers.
• Analytics Providers: We may use third-party analytics tools that process anonymized or aggregated usage data to help us understand platform performance. No personally identifiable information is shared for this purpose.
• Legal Requirements: We may disclose your information if required by law, court order, or governmental authority, or if we believe disclosure is necessary to protect the rights, property, or safety of HayaWeb, our users, or the public.
• Business Transfers: In the event of a merger, acquisition, or sale of all or substantially all of our assets, your information may be transferred to the acquiring entity. We will notify you via email before your data becomes subject to a different privacy policy.
• With Your Consent: We may share information in other ways with your explicit consent.

To generate your website, your business information — including your business name, type, description, style preferences, and color choices — is processed by AI language models. This processing occurs at the time you request website generation.

Data minimization: We send only the information necessary for website generation. We do not send your payment information, IP address, or authentication data to AI providers.

AI provider data retention: Our AI infrastructure providers may retain input data temporarily for safety and quality assurance. We require providers to delete input data within a commercially reasonable timeframe and not use it to train their models.

Generated output: AI-generated website content is stored on our servers and associated with your account. It is your content — see Section 5 of our Terms of Service.

We use the following types of cookies and similar tracking technologies:

No advertising cookies. We do not use cookies to build advertising profiles, retarget you across third-party websites, or sell your browsing behavior to advertisers.

You can control cookies through your browser settings. Disabling cookies may affect platform functionality, including the ability to stay signed in.

We retain your data for as long as your account is active or as needed to provide the Service. Specifically:

• Account data (email, business info): Retained while your account is active and for 90 days after deletion
• Generated websites & content: Retained while your account is active. Archived (not deleted) for 90 days after account cancellation, then permanently deleted
• Uploaded files (logos): Retained while associated with an active project; deleted with your account or project
• OTP codes: Expire after 10 minutes and are not retained
• Payment records: Retained for 7 years as required by financial regulations
• Server logs: Retained for up to 90 days for security and debugging
• Legal hold: Data subject to legal proceedings may be retained longer as required

We take the security of your data seriously and implement industry-standard measures, including:

• Encryption of data in transit using TLS/HTTPS
• Encryption of sensitive data at rest
• Passwordless authentication to eliminate password breach risk
• Access controls limiting employee access to user data on a need-to-know basis
• Regular security reviews and monitoring
• Secure, isolated cloud storage for uploaded files

Despite our efforts, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security. In the event of a data breach that affects your rights, we will notify you as required by applicable law.

Depending on where you are located, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you
• Correction: Update or correct inaccurate personal information through your account dashboard or by contacting us
• Deletion: Request deletion of your account and associated personal data. We will process deletion requests within 30 days, subject to legal retention obligations
• Portability: Request your data in a structured, machine-readable format
• Opt-out of marketing: Unsubscribe from marketing emails at any time using the unsubscribe link in any email or by contacting us. Note: we cannot opt you out of transactional emails (OTP codes, billing receipts) required to operate your account
• Withdraw consent: Where processing is based on consent, you may withdraw it at any time
• Lodge a complaint: If you believe we have violated your privacy rights, you may lodge a complaint with the relevant data protection authority in your jurisdiction

California residents (CCPA): You have the right to know what personal information is collected, to delete it, to opt-out of sale (we do not sell personal information), and to non-discrimination for exercising your rights. To submit a CCPA request, contact us at privacy@hayaweb.ai.

EU/EEA residents (GDPR): You have the rights listed above, plus the right to object to processing and to restrict processing. Our lawful basis for processing your personal data is primarily contract performance (providing the Service you requested) and, for analytics, legitimate interest. To submit a GDPR request, contact privacy@hayaweb.ai.

We will respond to all rights requests within 30 days (or within the timeframe required by applicable law).

The Service is not directed to, and we do not knowingly collect personal information from, children under the age of 18. If we become aware that a child under 18 has provided us with personal information, we will delete it immediately. If you believe a child has provided us with their information, please contact us at privacy@hayaweb.ai.

HayaWeb operates from the United States. If you access our Service from outside the United States, your information may be transferred to and processed in the United States, where data protection laws may differ from those in your country.

For users in the EU/EEA: When we transfer your personal data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission or other lawful transfer mechanisms.

Our platform and AI-generated websites may contain links to third-party websites, services, or resources. This Privacy Policy does not apply to those third-party sites. We encourage you to review the privacy policies of any third-party services you visit. HayaWeb is not responsible for the privacy practices of third-party services.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via email and update the effective date at the top of this page. We encourage you to review this Policy periodically. Your continued use of the Service after the updated Policy takes effect constitutes your acceptance of the changes.

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please reach out: