Key points (read this first)
We never sell your data
No data brokers, no selling contact lists. We use analytics and ad-measurement tools only with your consent.
We never see your full card number
Stripe and Razorpay handle payment details — we only get tokens for receipts.
Your files are not used to train AI
Secrets (keys, keystores) stay with assigned engineers — not sent to AI providers.
You can ask us to delete data
Email from your account address — we respond within 30 days.
Who we are
AllsWeb runs allsweb.com. Privacy contact: support@allsweb.com.
We are the data controller for account and site data. For files you upload to deliver your project, we process data on your instructions to complete the order.
What we collect
Only what we need
We do not collect data “just in case.” Project uploads are used only to deliver and support your order.
- Account: name, email, Google profile if you use Google sign-in
- Orders & billing: project details, address, GSTIN, order ID, payment token from Stripe/Razorpay (not full card)
- Project uploads: logos, configs, server access, API keys, keystores, Firebase/Maps keys, store access when needed for submission
- Technical logs: IP, browser, locale, security logs
- Analytics & advertising (consent-based): usage events and ad-click identifiers (e.g. Google
gclid, Metafbclid) via Google Analytics 4, Google Ads and Meta — set only after you consent (see “Analytics & advertising” below)
How we use data
We use your data to:
- Deliver and support your orders
- Bill you and send invoices
- Communicate about projects and support
- Meet tax and legal duties
- Measure how our ads and marketing perform — only with your consent (see “Analytics & advertising”)
We do not sell your data. We share limited, mostly hashed or pseudonymous data with analytics and advertising providers solely to measure performance — never to sell your identity.
Who helps us (sub-processors)
Trusted providers that store or process data for us:
- Supabase — database and login
- Stripe — international payments
- Razorpay — India payments
- Resend — email
- Cloudflare R2 (or compatible S3) — private file storage
- Vercel + Cloudflare — hosting, CDN, and cookieless speed/usage analytics
- Google — optional Google login and Play Console access for submissions; and, with your consent, Google Analytics 4, Google Ads (conversion measurement) and Google Tag Manager
- Meta (Facebook) — with your consent, the Meta Pixel and Conversions API for ad measurement
- Apple — optional Developer access for iOS submissions
A detailed list with regions is available on request.
AI in our workflow
Your assets are not training data
Customer uploads are not used to train third-party AI models. Sensitive secrets are not sent to AI providers.
We use AI and automation internally to speed up delivery. Human engineers remain responsible for what we ship to you.
Analytics & advertising
Off by default in the EU/UK — you choose
For visitors in the EEA, UK and Switzerland, analytics and advertising cookies stay disabled until you accept them in our consent banner. Everywhere else they are enabled by default and you can still opt out.
We run Google and Meta ad campaigns and need to measure which ads lead to enquiries and orders. To do this we use, via Google Tag Manager and only in line with your consent choice:
- Google Analytics 4 — aggregated traffic and usage analysis
- Google Ads — conversion measurement, including Enhanced Conversions (your email is hashed before it reaches Google)
- Meta Pixel + Conversions API — ad measurement (your email is hashed before it reaches Meta)
We implement Google Consent Mode v2: until you consent, these tools receive no analytics or advertising cookies. When you buy, we also send a server-side conversion from our payment system to Google and Meta, matched to the browser event by your order ID so it is counted once, using hashed/pseudonymous identifiers only.
Change your mind anytime with the “Cookie settings” link in the footer, or by clearing the allsweb-consent cookie. Separately, Vercel Speed Insights and Web Analytics measure site speed and page views without cookies and need no consent. See the Cookie Policy for the full cookie list.
Payments
Card and UPI details are entered only on Stripe or Razorpay hosted checkout. We keep tokenized references (e.g. last 4 digits) for invoices and fraud prevention.
Security
Project files live in private storage with signed links after permission checks. Database access uses row-level security. Traffic uses TLS. Backups are encrypted.
How long we keep data
Active project data stays while your account exists. After deletion, invoices and tax records may be kept as required by law (often ~7 years in India), then removed. You can ask us to delete uploads and credentials anytime via support.
Analytics and advertising data follow the provider’s retention controls — typically up to 14 months in Google Analytics 4 and similar windows in Google Ads and Meta — after which they are aggregated or deleted.
Your rights
Depending on where you live (e.g. EU GDPR, India DPDP, California CCPA), you may have rights to access, correct, export, restrict, or delete your data.
Email support@allsweb.com from your account email. We respond within 30 days. EU/UK users may also complain to their local data authority.
Children
AllsWeb is a business service, not aimed at children under 16. If a child sent us data, contact us and we will delete it.
Policy updates
We may update this policy. Important changes are emailed to registered users at least 7 days ahead. The “Last updated” date at the top is always current.
Contact
Privacy requests: support@allsweb.com · WhatsApp +91 72328 80007.
Questions about this policy?
Email support@allsweb.com or message us on WhatsApp — we usually reply within one business day.