This policy explains what data wbal.io collects, how it is used, and your rights in relation to it. wbal.io is operated as a sole trader based in England. If you have questions, use the contact page.
1. What we collect
We collect only what is necessary to provide the service:
- Account data: email address and password hash when you create an account.
- Billing data: subscription status and payment reference. Card details are handled entirely by Stripe and never reach our servers.
- Power files: .fit and .csv files you upload are sent to the server for parsing only. They are not stored after the response is returned. We do not retain your training data.
- Usage data: basic server logs (IP address, timestamp, endpoint) retained for up to 30 days for security and debugging. No third-party analytics.
- Contact form submissions: name, email, and message content when you contact us.
2. How we use your data
- To provide and maintain your account and subscription.
- To process payments via Stripe.
- To respond to contact form submissions.
- To investigate errors or security incidents using server logs.
We do not sell your data. We do not use your data for advertising. We do not share it with third parties except as described below.
3. Third-party services
- Stripe: payment processing. Stripe's privacy policy applies to card and billing data. See stripe.com/gb/privacy.
- Hosting provider: the server runs on a VPS. Server logs are held on that infrastructure.
No other third-party services receive your data.
4. Cookies
We use a single session cookie to keep you logged in. No tracking cookies. No advertising cookies. No analytics cookies.
5. Your rights (UK GDPR)
Under UK GDPR you have the right to:
- Access the personal data we hold about you.
- Correct inaccurate data.
- Request deletion of your account and associated data.
- Object to processing or request we restrict it.
- Complain to the ICO (ico.org.uk) if you believe your rights have been breached.
To exercise any of these rights, use the contact page.
6. Data retention
- Account data: retained while your account is active, then deleted within 30 days of a deletion request.
- Power files: not retained beyond the current request.
- Server logs: deleted after 30 days.
- Billing records: retained for 7 years as required by HMRC.
7. Security
Passwords are stored as hashed values. All data is transmitted over HTTPS. We do not store card details. Access to production systems is restricted.
8. Changes to this policy
We may update this policy as the service evolves. Material changes will be notified by email to registered users. Continued use of the service after changes constitutes acceptance.