Wiqly
Sign Up

Privacy Policy

How Wiqly collects, uses, and protects your data.

Last updated: 6 May 2026

This Privacy Policy explains how Wiqly (“we”, “us”, “our”) collects, uses, and shares personal data when you use the Wiqly dashboard at wiqly.io and the Wiqly video FAQ widget embedded on our customers’ websites.

We are committed to UK GDPR and the Data Protection Act 2018. If you have any questions about this policy or how your data is handled, contact us at hello@wiqly.io.

1. Who we are

Wiqly is a SaaS product that lets businesses embed a video FAQ widget on their website. The data controller for the dashboard is the Wiqly operator. For data captured through embedded widgets (such as visitor email addresses), the website operator using Wiqly is the data controller and Wiqly acts as a data processor on their behalf.

2. Data we collect

If you have a Wiqly account

  • Account information: email address, name (if provided), authentication tokens.
  • Widget configuration: the questions, scripts, spokesperson choice, and CTA settings you create.
  • Billing data: handled directly by Stripe. We receive subscription status and the last four digits of your card; we never see full card numbers.
  • Usage analytics: aggregate widget engagement metrics tied to your account.

If you visit a website using a Wiqly widget

  • Engagement events:when the widget loads, opens, a question is clicked, or a video is completed. We record an anonymous per-tab session ID stored in your browser’s sessionStorage (cleared when you close the tab).
  • Referrer hostname: the domain of the website you were on (e.g. example.com) — never the full URL, query strings, or path.
  • User-Agent string: truncated to 1,000 characters for analytics aggregation.
  • Lead submissions: if you submit the email-capture form, we collect the name, email, and message you provide. This data is forwarded to the website operator who configured the widget.

What we do not collect: we do not use cookies for tracking. We do not use IP-address tracking. We do not fingerprint visitors. We do not share data with advertising networks.

3. Why we use your data

  • To provide the service (lawful basis: contract performance) — running your dashboard, generating videos, serving your widget.
  • To process payments (lawful basis: contract performance) — via Stripe.
  • To analyse aggregate engagement (lawful basis: legitimate interest) — improving the service and giving customers the metrics they need.
  • To deliver lead notifications (lawful basis: legitimate interest of the website operator) — emailing the widget owner when a visitor submits the email-capture form.
  • To prevent abuse (lawful basis: legitimate interest) — rate limiting, fraud detection.

4. How long we keep data

  • Account data: retained while your account is active. Deleted within 30 days of account closure.
  • Lead data:retained for as long as the website operator’s account is active, or until they request deletion. Visitors can request deletion of their lead data — see section 7.
  • Analytics events: retained for 24 months in aggregated form.
  • Billing records: retained for 6 years to comply with UK tax law (HMRC requirements).

5. Subprocessors

Wiqly uses the following third-party services to operate. Each has its own privacy policy and security obligations.

  • Vercel (USA) — dashboard hosting.
  • Cloudflare (USA) — widget content delivery.
  • Supabase (USA) — database and authentication.
  • HeyGen (USA) — AI video generation. Receives widget scripts to render the spokesperson video. Does not receive visitor data.
  • Resend (USA) — outbound email delivery for lead notifications.
  • Stripe (USA) — subscription payment processing.
  • Upstash (USA) — Redis for rate limiting.

6. International data transfers

Several of our subprocessors are based in the United States. Where personal data is transferred outside the UK, we rely on the UK International Data Transfer Addendum or Standard Contractual Clauses to ensure equivalent protection.

7. Your rights

Under UK GDPR you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate personal data.
  • Delete your personal data (right to be forgotten).
  • Restrict or object to processing.
  • Data portability — receive your data in a machine-readable format.
  • Withdraw consent where consent was the lawful basis for processing.

To exercise any of these rights, email hello@wiqly.io. We aim to respond within 30 days.

If you submitted a lead through a Wiqly widget and want it deleted, you can also contact the website operator directly — they are the data controller for that record.

8. Cookies

The Wiqly dashboard uses essential cookies for authentication (Supabase session tokens). These are required for the dashboard to function and do not require consent under PECR.

The Wiqly widget does not use cookies. It uses sessionStorage to maintain a per-tab session ID for analytics; this is automatically cleared when the visitor closes the tab.

See our Cookie Policy for details.

9. Security

We use industry-standard practices: encrypted connections (TLS), row-level security on our database, scoped API keys, rate limiting on public endpoints, and least-privilege access for internal tooling. No system is perfectly secure — if we discover a breach affecting your data we will notify you within 72 hours per UK GDPR.

10. Complaints

If you’re unhappy with how we’ve handled your data, we’d like to hear from you first at hello@wiqly.io. You also have the right to complain to the UK Information Commissioner’s Office at ico.org.uk.

11. Changes to this policy

We’ll update this page if our practices change. The “Last updated” date at the top reflects the most recent change. For material changes affecting how we use your data, we’ll notify active customers by email.

12. Contact

Questions, requests, or concerns? Email hello@wiqly.io.