Logo
Webround

Privacy Policy

Document drafted pursuant to Regulation (EU) 2016/679 (GDPR).

Last updated: February 13, 2026

1. Data Controller

  • Controller: Luca Siviero
  • Legal form: Sole proprietorship
  • VAT Number: 04917010615
  • Headquarters: Santa Maria Capua Vetere (CE), Vico Caserta, N. 4, Italy
  • Email: [email protected]
  • Technical Contacts: [email protected]

2. Nature of the Webround service

Webround is a multi-tenant software platform (SaaS/PaaS/IaaS) that enables the creation, management, and publishing of websites and e-commerce. The platform provides the technical infrastructure, source code, and tools necessary for data management.

Webround operates in a near "white-label" regime. It does not disclose the data of the Merchants' end customers to the outside world and does not interact in any way with their requests, except for technical auditing, system maintenance, and guaranteeing the functioning of the sites browsed on the platform.

3. Roles in Data Processing

Webround as Data Controller: Acts in this capacity exclusively for the personal data of registered Users (Merchants) who directly use webround.com and the management dashboard.

Webround as Data Processor: Regarding the data of end customers of the sites and e-commerce created via Webround (the "customers of customers"), Webround acts exclusively as an infrastructure provider. Individual Merchants operate as independent Data Controllers, determining the purposes and means of the processing itself.

4. Categories of Data Subjects

  • Users registered on the Webround platform (Merchants)
  • Visitors to the institutional website webround.com
  • End customers of Merchants (Final data subjects)
  • Visitors to websites and e-commerce created through Webround

5. Types of data processed

5.1 Webround Users

  • Identification and contact data (Email, First Name, Last Name)
  • Proprietary authentication credentials
  • Billing, administrative, and subscription-related data
  • Dashboard usage data and system logs

5.2 Merchant Customers (Customers of Customers)

  • Data entered in contact forms and customer accounts of Merchant sites
  • Data relating to orders, products, shipments, and payment statuses
  • Authentication data managed through Webround Auth (100% proprietary system that interacts only with proprietary databases without third parties)
  • Product reviews, which are displayed publicly showing only the name chosen by the data subject during registration

5.3 Technical and Logging Data

  • IP addresses and User Agents
  • Timestamps and granular access logs
  • Security events and system logs generated during navigation

6. Purposes and Legal Bases for Processing

  • Performance of a contract: For the technical provision of Webround and Webround Commerce services.
  • Tax compliance: For the management of subscriptions and transactions.
  • Security and abuse prevention: Monitoring system events to prevent fraud or attacks.
  • Technical maintenance: Operations necessary to ensure the correct functioning of hosted sites.

Webround does not perform direct marketing, newsletters, or commercial profiling of users.

7. Infrastructure, Localization, and Sub-Processors

All data are processed within the European Union (EU) on data centers located in European regions. Webround uses the following infrastructure providers:

ProviderService ProvidedPurpose
Google Cloud / FirebaseSaaS / IaaSAuth, Storage, Hosting, Analytics
Hetzner Online GmbHIaaS / ServerHosting computational infrastructure
Neon PostgresDatabaseStructured data storage (PostgreSQL)
Cloudflare, Inc.Network / SSL / ProxyDNS, SSL, and management of client site custom hostnames
Stripe Payments EuropePayment GatewayFinancial transaction processing
Bunny.netEdge CDNGlobal scale delivery of content and static assets
ResendEmail APIInfrastructure for transactional email delivery

8. Payment Management and Stripe Connect

Payments related to Webround subscriptions and Merchant sales are handled via Stripe Checkout. Webround does not store or directly process credit card data or other payment methods; management is entirely delegated to Stripe on secure pages hosted by the provider.

Webround uses Stripe Connect to allow Merchants to receive payments. Webround limits itself to processing technical events (Webhooks) to synchronize the order database and may act in creating the customer profile during the purchase phase on behalf of the merchant, without ever accessing sensitive financial data.

9. Webround Email and Transactional Communications

Webround integrates external providers as well as the proprietary Webround Email integration (which uses Resend). This service is intended exclusively for sending:

  • Transactional emails essential for site operation (e.g., account verification or cancellation emails)
  • Communication emails related to contact forms (which are forwarded to the designated addresses)

The integration operates in a neutral and transparent manner: Webround does not store permanent information on its systems regarding content passing through Resend or any other email providers, except for technical routing needs.

10. Cookies and Tracking Tools

Webround uses technical cookies necessary for the platform to function correctly. In addition to Google Analytics (via Firebase), Stripe tracking is present on both webround.com and customer sites.

These cookies are installed exclusively at the time of checkout and are indispensable for transaction execution and fraud prevention.

11. Custom Code and Responsibility

Webround is a creative platform that allows users to insert custom code. Webround is not responsible in any way for:

  • Code, information, or data independently uploaded by users.
  • Malware, malicious scripts, or other elements outside Webround's standard supply perimeter.
  • Poor storage by Merchants of secrets or authentication keys for their external Webhooks.
  • The destination and forwarding of events tracked via webhooks freely configured by users.

12. Data Retention and Deletion Policies

12.1 System Logs

Stored on the platforms of sub-processors (Google, Cloudflare, Neon, Resend) for a period between 7 days and one month.

12.2 Deletion of a Deployment (Public Site)

Involves the removal of all public data. However, static assets like images may remain reachable for a short period due to the edge caching of data centers.

12.3 Deletion of a Draft

  • Static Draft: Deletion is final, instantaneous, and without backup.
  • E-commerce Draft: Deletion is not final. Webround reserves the discretionary right to retain management data (orders, customers, products, images) for a period useful to ensure data continuity for the merchant. For immediate removal, the user must explicitly contact customer support.

13. Social Login and Third-Party Authentication

The platform supports authentication via Social Login limited to Google. This process occurs through standard secure authentication protocols.

14. Data Subject Rights

Pursuant to Artt. 15-22 of the GDPR, the data subject has the right to:

  • Access their data and request a copy
  • Obtain the rectification of inaccurate data
  • Request the deletion of data (right to be forgotten)
  • Obtain the restriction of processing or object to it
  • Exercise the right to data portability

To exercise these rights or for complaints, send an email to:[email protected].

15. Changes to this policy

The Controller reserves the right to modify this policy at any time to adapt it to the technical evolution of the platform. Changes will be published on this page.

© 2026 Webround.com - Owned by Luca Siviero

Informativa Cookie

Utilizziamo cookie tecnici e analitici (Firebase/GTM) per far funzionare Webround. Scegli se accettare il tracciamento o limitarti ai soli cookie necessari al sistema.