Get started

Privacy Policy

Last updated: 2025-05-01

Widgent ("we", "our", or "us") operates widgent.app and related services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, and authentication credentials (via Google OAuth or email/password). We store this to identify you and provide access to the dashboard.

Product Configuration

We store your product settings, system prompts, tool configurations, and widget appearance settings as part of the service. LLM API keys you provide are encrypted at rest using AES-256-GCM before storage.

Usage Data

We collect logs of API requests, conversation metadata (timestamps, message counts), and error traces to operate and improve the service. We do not store the content of end-user conversations by default.

Analytics

We use Cloudflare Web Analytics (privacy-first, no cookies, no fingerprinting) and PostHog (self-hosted option available) to understand how the marketing site and dashboard are used. No personally identifiable information is shared with these services.

2. How We Use Your Information

  • To provide, operate, and maintain the Widgent platform
  • To authenticate users and control access to products
  • To route LLM requests to your chosen provider using your encrypted API key
  • To send transactional emails (account verification, billing receipts)
  • To diagnose technical issues and improve reliability
  • To comply with legal obligations

3. Data Sharing

We do not sell your personal data. We share data only with:

  • LLM Providers (OpenAI, Anthropic, Google, OpenRouter) — your end-users' messages are forwarded to the provider you configured, under your API key. Widgent does not retain message content.
  • Infrastructure Providers — Railway (compute), Supabase (database), Cloudflare (CDN/Pages), Upstash (Redis). These are data processors bound by their own DPAs.
  • Legal Requirements — if required by law, court order, or governmental authority.

4. Data Security

All data is transmitted over HTTPS/TLS. LLM API keys are encrypted at rest using AES-256-GCM with a server-side key stored separately from the database. Service API keys are hashed (bcrypt) before storage.

Your data goes directly from your users to your LLM provider — Widgent is the wire, not the storage. We process messages in memory and do not persist conversation content on our servers unless you explicitly enable conversation history.

5. Cookies

The marketing site uses no third-party tracking cookies. The dashboard uses a single session cookie for authentication (HttpOnly, Secure, SameSite=Strict). Cloudflare Web Analytics is cookieless.

6. Your Rights

Depending on your location, you may have rights to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Delete your account and associated data
  • Export your data in a portable format
  • Object to certain processing

To exercise these rights, email us at [email protected].

7. Data Retention

We retain account data for as long as your account is active. When you delete your account, we permanently delete your data within 30 days, except where required by law.

8. Children's Privacy

Widgent is a developer platform not directed at children under 13. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, contact us immediately.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified by email or a prominent notice on the dashboard. The "Last updated" date at the top of this page reflects the most recent revision.

10. Contact

For privacy-related questions, email us at [email protected] or write to:
Widgent, widgent.app