This Privacy Policy explains how Valera Enterprises, LLC dba AssemblyWP (“AssemblyWP,” “we,” “us,” or “our”) collects, uses, discloses, and protects personal information when you visit assemblywp.com or use our services (the “Services”).
If you are in the European Economic Area (EEA), the United Kingdom, or Switzerland, the “GDPR” section describes additional rights. If you are a California resident, the “California Privacy Rights” section describes your rights under the CCPA and CPRA.
1. Information We Collect
Information you provide directly. Account details (name, email, password), billing information (name, billing address, payment method) processed by our payment processor, communications you send us (email, support requests, form submissions), site and credential information you share with us to perform the Services, and any other information you choose to provide.
Information collected automatically. When you use the Services we automatically collect IP address, device/browser type, operating system, referring/exit pages, date/time of visit, pages viewed, and similar usage data. We use cookies and similar technologies (see Section 4) to collect this information.
Information from third parties. We may receive information from our service providers (for example, authentication details from Supabase, payment confirmations from Stripe, scheduling data from Cal.com) and from publicly available sources when relevant to delivering the Services.
AI features. If you use AI-powered features (proposals, scans, AI search optimization audits), we send the relevant inputs to our AI provider(s) to generate output. We choose providers that do not use customer data to train foundation models by default.
2. How We Use Information
- To provide, operate, and improve the Services.
- To process payments, manage subscriptions, and send billing communications.
- To communicate with you about your account, support requests, and changes to the Services.
- To send marketing communications about our Services (you can opt out at any time).
- To monitor and improve security, prevent fraud, and enforce our Terms of Service.
- To comply with legal obligations and respond to lawful requests.
- To produce aggregated or de-identified analytics that do not identify any individual.
3. Legal Bases for Processing (GDPR)
If you are in the EEA, UK, or Switzerland, we rely on the following legal bases:
- Contract. To deliver the Services you requested and to perform our obligations.
- Legitimate interests. To improve and secure the Services, prevent fraud, and operate our business, balanced against your rights and interests.
- Consent. For marketing emails, optional cookies, and other activities where required by law. You may withdraw consent at any time.
- Legal obligation. To comply with applicable laws and regulations.
4. Cookies and Similar Technologies
We use cookies and similar technologies to operate the Services, remember your preferences, and analyze usage. We use Vercel Analytics, which provides aggregated, privacy- respecting metrics about site usage. Most browsers let you block or delete cookies; doing so may affect functionality.
5. How We Share Information
We do not sell personal information. We share information with:
- Service providers (processors) that help us operate the Services, including:
- Vercel — hosting, deployment, and analytics.
- Supabase — database, file storage, and authentication.
- Stripe — payment processing.
- Resend — transactional and notification email delivery.
- Cal.com — meeting scheduling.
- AI / LLM providers (such as Anthropic and OpenAI) — to power AI-assisted features.
- Professional advisors (lawyers, accountants, auditors) under duties of confidentiality.
- Business transfers. If we are involved in a merger, acquisition, financing, or sale of assets, personal information may be transferred as part of that transaction.
- Legal and safety. When required by law, court order, or to protect our rights, the rights of others, or to investigate fraud or security incidents.
6. International Data Transfers
We are based in the United States and our service providers may process data in the United States and other countries. Where required, transfers from the EEA, UK, or Switzerland rely on appropriate safeguards (such as Standard Contractual Clauses) to protect personal information.
7. Data Retention
We retain personal information for as long as needed to provide the Services, comply with our legal obligations, resolve disputes, and enforce our agreements. When personal information is no longer needed, we delete or de-identify it. Specific retention periods vary based on the type of data and the purpose of processing.
8. Data Security
We use technical and organizational measures designed to protect personal information, including encryption in transit, access controls, audit logging, and least-privilege credentials. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
9. Your Rights (GDPR)
If you are in the EEA, UK, or Switzerland, you have the following rights, subject to applicable law:
- Access. Request a copy of the personal information we hold about you.
- Rectification. Request correction of inaccurate or incomplete data.
- Erasure. Request deletion of your personal information in certain circumstances.
- Restriction. Request that we limit how we process your data.
- Portability. Receive your personal information in a structured, commonly used, machine-readable format.
- Objection. Object to processing based on our legitimate interests or for direct marketing.
- Withdraw consent. Where processing is based on consent, withdraw it at any time.
- Lodge a complaint with your local supervisory authority.
To exercise these rights, email privacy@assemblywp.com. We will respond within the timeframes required by law.
10. California Privacy Rights (CCPA / CPRA)
If you are a California resident, the California Consumer Privacy Act and the California Privacy Rights Act give you the following rights:
- Right to know what categories of personal information we collect, the sources of that information, the purposes of collection, and the categories of third parties with whom we share it.
- Right to access the specific pieces of personal information we have collected about you.
- Right to correct inaccurate personal information.
- Right to delete personal information, subject to certain exceptions.
- Right to opt out of the sale or sharing of personal information. We do not sell personal information, and we do not share personal information for cross-context behavioral advertising.
- Right to limit the use of sensitive personal information.
- Right to non-discrimination for exercising your rights.
Categories collected in the past 12 months: identifiers (name, email, IP address), commercial information (subscription and billing records), internet or other electronic network activity (usage logs), and inferences drawn from the above to deliver the Services.
Sources: directly from you, automatically from your use of the Services, and from our service providers.
Purposes: as described in Section 2 (How We Use Information).
To exercise these rights, email privacy@assemblywp.com. You may also designate an authorized agent to submit a request on your behalf, subject to verification.
11. Children
The Services are not directed to children under 16, and we do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal information, contact us at privacy@assemblywp.com and we will delete it.
12. Updates to This Policy
We may update this Privacy Policy from time to time. We will update the “Last updated” date at the top and, for material changes, provide additional notice (for example, by email or in-product notice).
13. Contact
Privacy questions, requests, or complaints? Contact us at privacy@assemblywp.com.
Valera Enterprises, LLC
dba AssemblyWP
California, USA