Privacy Policy.
This Privacy Policy explains how Webcite Technology Systems Ltd ("we", "us", "our") collects, uses, and protects personal data when you use Client Engine (ce.webcite.ai), our marketing site (clientengine.webcite.ai), and our company website (webcite.ai).
We are the data controller for personal data collected through our services. We are registered in England and Wales (Company No. 16580236) with our registered office at Workshed, 7 Carriage Works, London Street, Swindon, SN1 5FB. We are registered with the UK Information Commissioner's Office (Reg. No. ZC045226).
For any privacy questions, contact: info@webcite.ai
1 · Scope
This policy applies to:
- Visitors to clientengine.webcite.ai and webcite.ai
- Account holders and users of Client Engine (ce.webcite.ai)
- Prospect contact data uploaded or generated within Client Engine
A separate Data Processing Agreement (DPA) governs prospect data you process through Client Engine. Where Client Engine processes prospect data on your behalf, you are the controller and we are the processor.
2 · Data we collect
Account data. Name, work email, company name, role, password (hashed), authentication tokens. Collected at sign-up and during normal use.
Billing data. Card details are collected and stored by Stripe. We receive only the last four digits of the card, card brand, billing country, and subscription status. We do not store full payment card numbers.
Usage data. Pages visited, features used, credits consumed, API calls made, IP address, browser type, device type, timestamps. Collected automatically when you use the application.
Prospect data (processed on your behalf). Names, work emails, job titles, company names, LinkedIn URLs, phone numbers, enrichment data, signal data, sequence engagement events. You upload, import, or generate this data inside Client Engine. We process it as your data processor.
Communications. Messages you send to us via email, support, or in-app messaging.
3 · How we use your data
| Purpose | Lawful basis (UK GDPR Art. 6) |
|---|---|
| Provide and operate the service | Contract |
| Bill you and manage your subscription | Contract |
| Authenticate users and prevent fraud | Legitimate interests, Legal obligation |
| Send service emails (receipts, security, updates) | Contract |
| Send onboarding and product update emails | Legitimate interests (you can opt out) |
| Improve the product and debug issues | Legitimate interests |
| Comply with legal obligations | Legal obligation |
4 · Sub-processors
We use the following sub-processors to operate Client Engine. Each is bound by a written contract and is required to apply appropriate technical and organisational security measures.
Current sub-processors
| Sub-processor | Purpose | Region |
|---|---|---|
| Anthropic, PBC | LLM inference (signal detection, ICP analysis, sequence generation) | USA |
| OpenAI, LLC | LLM inference (fallback / enrichment) | USA |
| Moonshot AI (Kimi) | LLM inference | China / Singapore |
| Apollo.io | Prospect data and enrichment | USA |
| Exa Labs, Inc. | Web signal search | USA |
| ManyReach | Email sequencing infrastructure | USA |
| Resend | Transactional and marketing email | USA |
| Clerk, Inc. | User authentication | USA |
| Stripe Payments Europe Ltd | Payment processing and subscriptions | Ireland / USA |
| Railway Corp. | Application hosting | USA |
| Railway Postgres | Database hosting | USA |
Anticipated future sub-processors
We will update this list and notify customers in advance of any new sub-processor coming into use.
| Sub-processor | Purpose | Status |
|---|---|---|
| HeyReach | LinkedIn outreach execution | Planned (v2) |
| Pipedrive | CRM two-way sync | Planned (v2) |
We also access two UK public registers via outbound API calls only. No personal data is sent to either:
- Find a Tender Service (UK Government tender database)
- Companies House (UK company register)
5 · International transfers
Several of our sub-processors are based outside the UK. Where personal data is transferred outside the UK, we rely on one of the following safeguards under UK GDPR:
- UK adequacy regulations (where applicable)
- The UK International Data Transfer Addendum to the EU Standard Contractual Clauses
- The EU Standard Contractual Clauses
- The UK extension to the EU-US Data Privacy Framework (where the recipient is certified)
You can request a copy of the relevant transfer mechanism by emailing info@webcite.ai.
6 · How long we keep your data
| Category | Retention |
|---|---|
| Account data | For the life of your account, plus 12 months after closure |
| Billing records | 7 years (UK statutory requirement) |
| Prospect data inside your workspace | Controlled by you; deleted within 30 days of workspace deletion |
| Usage logs | 12 months |
| Email logs (sent, delivered, opened) | 24 months |
| Support correspondence | 24 months |
7 · Security
We apply appropriate technical and organisational measures including:
- Encryption in transit (TLS 1.2+) and at rest
- Hashed passwords (no plaintext storage)
- Role-based access control inside the application
- Least-privilege access to production systems
- Regular dependency and vulnerability monitoring
- Logging and audit trails for sensitive actions
- Secure key management for API credentials
No system is fully secure. If we become aware of a personal data breach affecting your data, we will notify you and the ICO within the timelines required by UK GDPR.
8 · Your rights
Under UK GDPR you have the right to:
- Access the personal data we hold about you
- Rectify inaccurate data
- Erase your data ("right to be forgotten") subject to legal exceptions
- Restrict processing
- Object to processing based on legitimate interests
- Data portability
- Withdraw consent where processing is based on consent
- Lodge a complaint with the UK ICO (ico.org.uk)
To exercise any of these rights, email info@webcite.ai. We will respond within one month.
9 · Cookies
Client Engine uses strictly necessary cookies for authentication and session management. Our marketing site uses no analytics or tracking cookies at the time of writing. If we add analytics in future, we will update this policy and where required ask for your consent.
10 · Children
Client Engine is a B2B product and is not directed at children under 16. We do not knowingly collect data from children.
11 · Changes to this policy
We may update this policy. The effective date at the top of this page will change. Material changes will be communicated by email to account holders at least 14 days in advance.
12 · Contact
Email: info@webcite.ai
ICO Reg. No. ZC045226
Company No. 16580236
