Privacy Policy

Last updated: April 2, 2026

1. Introduction

WapuuLink (“we,” “us,” or “our”) respects your privacy. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use the WapuuLink API, website (wapuulink.com), dashboard, WordPress plugins, npm SDK, and related services (the “Service”).

2. Information We Collect

2.1 Account Information

When you register, we collect:

  • Email address — used for authentication, email verification, password resets, and purchase receipts
  • Name (optional) — used to personalize your experience
  • Password — stored as a bcrypt hash (12 rounds); we never store or have access to your plaintext password

2.2 API Usage Data

When you use the API, we log:

  • Operation type — which API endpoint was called (e.g., page generation, plugin build)
  • Model used — standard or premium
  • Credits consumed — for billing and usage tracking
  • Prompt summary — a truncated version (up to 500 characters) of your input, used for usage history
  • Timestamp — when the operation occurred

2.3 Content You Submit

To provide the Service, we process content you submit through API calls:

  • Prompts and instructions — sent to AI models to generate content
  • Site URLs — used to fetch media libraries, capture screenshots, or generate contextual content
  • HTML content — sent for editing, visual QA, or page creation
  • WordPress site paths — used for WP-CLI operations you initiate
  • Sitemap URLs — fetched and parsed for blog generation with internal linking

This content is processed in real time to fulfill your request and is not stored after the response is returned, except for the truncated prompt summary noted above.

2.4 Payment Information

Payment processing is handled entirely by Stripe. We never receive, store, or have access to your credit card number or full payment details. We store only:

  • Stripe session ID (for transaction records)
  • Purchase amount and credits received

2.5 Analytics

Our website uses Google Analytics 4 (GA4) to understand how visitors use the site. GA4 may collect anonymized usage data such as page views, session duration, and general location. You can opt out using browser extensions or privacy settings. See Google's Privacy Policy.

3. How We Use Your Information

We use your information to:

  • Provide, operate, and maintain the Service
  • Authenticate your identity and manage your account
  • Process API requests and generate content
  • Track credit usage and process payments
  • Send transactional emails (verification, password resets, purchase receipts)
  • Monitor and enforce rate limits and acceptable use
  • Improve the Service based on aggregated, anonymized usage patterns

We do not use your prompts, content, or API inputs to train AI models. Your content is processed solely to fulfill your request.

4. Third-Party Services

To provide the Service, we share data with the following third parties:

ServicePurposeData Shared
Anthropic (Claude)AI content generationPrompts, site context
StripePayment processingEmail, purchase amount
ResendTransactional emailsEmail address, name
Google AnalyticsWebsite analyticsAnonymized usage data

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

5. WordPress Plugins

Our WordPress plugins (WapuuLink Page Generator, Plugin Builder, Visual QA, and Site Manager) connect to api.wapuulink.com to provide their functionality. Specifically:

  • No data is sent without user action — the plugins only communicate with our API when you explicitly click a button or submit a form
  • API key — stored locally in your WordPress database via wp_options
  • Page Generator — sends prompts, site name, and optional URLs to generate pages
  • Plugin Builder — sends prompts and plugin code for building/editing
  • Visual QA — sends page URLs for screenshot capture and scoring
  • Site Manager — sends WordPress installation paths for health checks and management operations

6. Data Security

We implement industry-standard security measures to protect your data:

  • All API communication is encrypted via HTTPS/TLS
  • Passwords are hashed with bcrypt (12 salt rounds)
  • API keys are unique per account
  • Authentication via JWT tokens with issuer/audience verification
  • Rate limiting to prevent abuse (per-IP and per-user)
  • SSRF protection on all URL inputs
  • Input validation and sanitization on all endpoints
  • Security headers (Helmet) on all API responses
  • Atomic credit transactions to prevent race conditions

7. Data Retention

  • Account data — retained while your account is active
  • Transaction records — retained for accounting and legal compliance
  • Generation logs — retained for usage history; contain only operation type, model, credits, truncated prompt, and timestamp
  • Submitted content (prompts, HTML, URLs) — processed in real time and not retained after the API response is returned

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your account and associated data
  • Export your data in a portable format
  • Object to processing of your data

To exercise any of these rights, contact us at privacy@wapuulink.com.

9. Children's Privacy

The Service is not directed at children under 13 (or under 16 in the EEA). We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, contact us and we will delete it.

10. International Data Transfers

Your data may be processed in the United States or other countries where our service providers operate. By using the Service, you consent to the transfer of your data to these jurisdictions.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a notice on the website. The “Last updated” date at the top reflects the most recent revision.

12. Contact

For privacy-related questions or requests: