Privacy Policy

Quick read: WebForger is a hosting and site-building service operated on top of Cloudflare. We collect the information we need to run your account and to operate the platform, and we do not sell it. For visitors to your WebForger-hosted site, you are the data controller and we are the hosting processor; for your own WebForger account, we are the controller. We comply with the New Zealand Privacy Act 2020. If you operate in Australia, the Australian Privacy Principles also apply to you on your own site.

1. Who is responsible for what data

WebForger plays two different privacy roles depending on whose data is in question:

• Your WebForger account. When you sign up, log in, complete the wizard, pay invoices, or contact support, WebForger (operated by Always Digital Limited, New Zealand, trading as HornTech) is the data controller. This policy describes how we handle that data.
• Visitors to your hosted site. When someone visits a site we host for you, fills in your lead form, or browses your blog, you are the data controller for those visitors. We are a hosting and processing provider acting under our agreement with you. You should publish your own privacy notice on your site that tells those visitors what you collect and why.

This double-layer arrangement is the same model used by Cloudflare, AWS, Vercel and similar hosting platforms. It matters because rights requests from your customers go to you first, and we support you in answering them.

2. What we collect about you (the customer)

To operate your account we collect:

• Account information. Name, email, business name, phone (optional), country, the password hash for your login, and any profile details you add.
• Wizard and brief inputs. The information you provide while we generate your site (industry, service area, tone, target audience, content prompts, uploaded brand assets). These inputs are stored against your account so that you can iterate, regenerate and edit.
• Billing information. Invoice details, plan, currency, billing address, and the last four digits of your card or PayPal account identifier as returned to us by Stripe or PayPal. We do not store full card numbers; those stay with Stripe.
• Support and communication records. Emails to hello@webforger.ai, dashboard chats, and notes from calls or onboarding sessions.
• Service logs. Login timestamps, IP addresses for the dashboard, dashboard actions (publishing, regenerating, domain connect), and platform errors. Used for security, debugging, abuse prevention and capacity planning.
• Cookies and analytics on webforger.ai. Strictly-necessary cookies for login, plus first-party analytics to understand how prospects find and use the marketing site. We discuss this in section 8.

3. Why we collect it (lawful basis)

We collect the information above to:

• provide the service you signed up for (build, host, edit, publish your site) and to invoice you for it; this is necessary for the contract between us;
• keep the platform secure, prevent fraud and abuse, comply with our hosting and payment partners, and improve the product; this is our legitimate interest as a hosting provider, balanced against your rights;
• respond when you contact us, send service announcements, and (only if you opt in) send product updates and tips.

We do not sell your personal information, we do not rent your contact list, and we do not use your wizard inputs or content to train external AI models for unrelated parties.

4. AI-assisted drafting

WebForger uses large language models and image models to help you draft pages, blog posts, brand copy and imagery. The customer directs the prompts and decides what to publish; the customer is the publisher of the resulting site. Inputs and outputs pass through third-party AI providers operating under commercial agreements with us; those providers process the data on our behalf and do not own or train on the output. Specific vendor names are disclosed under our Data Processing Addendum on request. Treat AI assistance the way you would treat a copywriter: useful, fast, and your responsibility before it goes live.

5. Cloudflare and our infrastructure

Your site is hosted on the Cloudflare network. When a visitor opens your site, Cloudflare receives the request, applies caching, security and performance rules, and serves the response. Cloudflare necessarily processes the visitor's IP address, request headers, geolocation derived from IP, and similar technical metadata to deliver the page and to defend against attacks. This processing is governed by Cloudflare's privacy policy; we do not see, and do not retain, raw visitor IP addresses for hosted sites beyond what is needed for security incidents.

Static content for your site (HTML pages, images, configuration) is stored in Cloudflare R2 object storage in regions selected by Cloudflare. Cloudflare's network is global and your data may be cached at edge locations worldwide; for personal data, we rely on Cloudflare's standard contractual safeguards for cross-border transfer.

6. Other subprocessors

Beyond Cloudflare, we use a small set of vendors to operate the service:

• Third-party AI providers. Text and image generation for the wizard and editor.
• Payment processors. Card and PayPal subscription billing.
• Transactional email provider. Account, login and lead-form notifications.
• Analytics on webforger.ai. First-party analytics on the marketing site only, not on your hosted site unless you choose to install it yourself.

Categories and brief descriptions are listed at /subprocessors/. Specific vendor names are disclosed under our Data Processing Addendum on request. We will give 14 days' notice in the dashboard before adding a new subprocessor that materially affects how we process your data.

7. Your rights and choices

Under the New Zealand Privacy Act 2020 you have the right to ask us for a copy of the personal information we hold about you (IPP 6) and to ask us to correct anything that is wrong (IPP 7). If you operate in Australia, the equivalent rights under APP 12 and APP 13 apply. If you are based in the EEA or the UK, GDPR rights to access, rectify, erase, restrict, port and object also apply where they are not displaced by our legitimate interest in operating and securing the service.

You can:

• Update most account fields directly in the dashboard.
• Request a copy of your account record by emailing privacy@webforger.ai; we aim to respond within 20 working days.
• Close your account at any time. We retain billing records as required by tax law and may keep abuse-related records for security.
• Unsubscribe from marketing emails using the link at the foot of every marketing message; transactional emails (login, billing, security) cannot be turned off while you have an active account.

8. Cookies on webforger.ai

On the webforger.ai marketing site and dashboard we use:

• Strictly-necessary cookies for login, CSRF protection and session continuity. The service does not work without them.
• Analytics cookies set by our first-party analytics on webforger.ai. We use them to understand which content and channels work; we do not use them to build cross-site advertising profiles.
• Conversion cookies set when you arrive from one of our paid campaigns, so we can tell whether a campaign worked. They do not identify you and are not used to build cross-site advertising profiles.

Your own WebForger-hosted site does not run our analytics or advertising cookies. If you add Google Analytics, Meta Pixel, or similar to your site, you are responsible for the cookie notice and consent your audience is entitled to under their local law.

9. Retention, breaches and contact

Retention. Account and content records are kept for as long as your account is active and for up to 24 months after closure to support reactivation, dispute resolution and tax compliance. Service and security logs are kept for up to 12 months. Billing records are kept for the period New Zealand tax law requires (currently seven years).

Security incidents. If a notifiable privacy breach occurs (one likely to cause serious harm), we will notify the New Zealand Office of the Privacy Commissioner and affected customers without undue delay, in line with the Privacy Act 2020. If you are an EEA or UK data subject, we will also follow GDPR notification timelines where they apply.

Contact. Privacy questions, access requests, breach notifications: privacy@webforger.ai. General contact: hello@webforger.ai. Postal: Always Digital Limited (trading as HornTech / WebForger), Auckland, New Zealand. If you are not satisfied with our response, you can complain to the New Zealand Office of the Privacy Commissioner (privacy.org.nz).

Document version: 1.0, 29 April 2026.