Privacy policy

Plain language. No dark patterns.

We don't sell your data. We don't use it for anything beyond responding to you. This page tells you exactly what we collect, why, who else can see it, and what you can do about it.

Last updated: April 22, 2026 Effective: April 22, 2026 GDPR + CCPA aligned
The short version

If you only read this part:

  • We collect what you give us — your name, email, phone (if you provide it), and what you wrote about your project — when you fill in the contact form.
  • We use it for one thing: replying to you about a potential project. That's it.
  • We share it with three companies who help us deliver the email + the meeting invite (Resend, Telegram, Google Workspace). All listed below with what each one sees.
  • We keep your booking info for 24 months in case you come back. After that, it's deleted.
  • We don't sell your data, run remarketing pixels on you, or pass anything to "data partners."
  • We use Google Analytics 4 — only after you click "Accept" on the cookie banner. Decline and no tracking runs at all. Change your mind anytime via the footer's "Cookie settings" link.
  • You can ask us to delete everything we have on you at any time by emailing info@webmarket.io. We'll do it within 30 days.

01Who we are

"Webmarket" (or "we", "us") refers to the digital studio operating from Yerevan, Armenia, registered as a private business since 2014. We build digital products and run digital marketing, all AI-native. You can find us at webmarket.io.

For privacy questions, the human responsible is Mariam Mosinyan (co-founder). You can reach her directly at info@webmarket.io — no privacy ticket queue, no automated bounce.

02What we collect

We collect three things, in this order of importance:

1. What you give us when you fill in our contact form

This is the main thing. When you book a call via /contact, we ask for:

  • Your name — so we know who we're emailing
  • Your email — so we can reply
  • Your phone number (optional) — so we have a backup if email bounces
  • The project type you picked from the dropdown — so we route you to the right person on our side
  • What you wrote in the message field — so we can prep meaningfully for the call
  • Your booking date and time — so we know when to be there
Real talk The message field is also our spam filter — bots tend to skip it. We don't read your message and run sentiment analysis on it; we read it like a human reading a meeting prep note.

2. Standard server logs

When you visit any page on this site, our hosting provider (Vercel) records standard request logs: your IP address, the page you visited, your browser type, and the timestamp. These logs are retained for up to 30 days for security and debugging purposes, then deleted by Vercel automatically. We don't have direct database access to these logs — we only see aggregate analytics.

3. Functional state (no tracking)

Some interactive elements on the site (like the booking calendar) keep state in your browser's memory while you use the page. This state is wiped when you close the tab. We don't set tracking cookies, identifier cookies, or any cookies that persist between visits.

03How we use what we collect

The information you give us through the contact form is used for one purpose only: responding to you about your project. Specifically, that means:

  • Sending you a calendar confirmation with the meeting link
  • Reading your project description ahead of the call so we don't waste your 30 minutes
  • Routing your inquiry to whoever on our team is the best fit
  • Following up by email if we don't hear from you after the call
  • Adding you to a follow-up reminder if a project gets shelved (we'll only re-contact you about that specific project)

We do NOT:

  • Add you to a marketing newsletter
  • Add you to "lookalike audiences" on Meta, Google, or any ad platform
  • Share your information with sales-prospecting tools
  • Use your message content for AI training (more on that in section 04)

04Who we share your data with

To deliver the email confirmations and meeting invites, your data passes through three external services. Each one only sees what they need:

Sends the confirmation email to you and the booking notification to us. They see: your email address, your name, the meeting time, and the message body of those emails. They don't store the content beyond delivery logs (~30 days).
Telegram Bot APItelegram.org/privacy ↗
Sends an internal notification to our team chat when a booking comes in. Telegram processes the notification text in transit; we don't grant the bot any access beyond posting messages to one specific chat.
We use Google Calendar for meeting scheduling and Google Meet for the actual video call. When you join the call, Google sees your join time, IP, and any Google account you're signed in with. The meeting itself is not recorded.
Hosts our website and the form-submission serverless function. They see standard server logs (your IP, browser, request timestamp) for up to 30 days. They don't see the content of your form submission.
Tracks page views, scroll depth, button clicks, and form interactions — only after you click "Accept" on the cookie banner. Used to understand which pages and CTAs are working. IP is anonymized. No remarketing. See section 06 for full detail.

That's it. We don't share your data with anyone else — no analytics partners, no enrichment services, no CRM that sells contact data on the side.

What about AI?

We use frontier AI models internally to help us build software and prepare project briefs. We do not send your contact form data to any LLM as part of how we process your inquiry. If we ever decide we need to (for example, to auto-summarize long messages for our internal team), we'll update this policy first.

05How long we keep your data

Different categories, different retention windows:

  • Booking form submissions (your name, email, project description) — 24 months from your last interaction with us. This lets us pick up the thread if you come back to us a year later. After 24 months of silence, we delete your record.
  • Email correspondence (replies between you and us) — kept indefinitely in our email inbox unless you ask us to delete it. This is standard for business correspondence; we treat your emails the same way we'd treat any other client conversation.
  • Server logs — auto-deleted by Vercel after ~30 days.
  • Telegram notifications — kept in our team chat history indefinitely (low-detail by design — name, type, short excerpt, no full message body).

You can shorten any of these by emailing us; see your rights below.

06Cookies & analytics

The first time you visit any page on this site, you'll see a cookie banner with two buttons: Accept or Decline. We don't load any analytics until you choose.

If you click Accept

We load Google Analytics 4 (measurement ID G-DH9Y641QY0). It sets a few cookies on your device that let us count unique visits, see which pages you read, and which CTAs you click. Specifically, GA4 tracks:

  • Page views, scroll depth (25/50/75/100%), and time on page
  • Which "Book a build call" button you clicked, if any
  • Which interactive canvas elements you played with (lifecycle stages, automation Run flow, globe)
  • Form interactions on the contact page (date selected, time selected, fields focused, submit success/error)
  • Aggregate location (country/region from IP — IP itself is anonymized)
  • Device type, browser, and referrer

We use this to understand what's working on the page. We don't connect any of it to specific people. We don't run remarketing — there's no Meta Pixel, no Google Ads tag, no TikTok pixel, no LinkedIn Insight Tag.

If you click Decline

Google Analytics still loads in Consent Mode v2 "denied" mode, which means: no cookies are set, no identifiers are stored, only anonymous aggregate pings are sent (page count, country, nothing else). This is the privacy-preserving way GA4 works when consent is denied. You can verify this in your browser's DevTools → Application → Cookies — you'll see no `_ga*` cookies on this domain.

What we still don't use, ever

  • Session-recording or heatmap tools (no Hotjar, no FullStory, no Clarity)
  • Cross-site tracking pixels
  • Third-party advertising tags
  • Behavioral retargeting cookies

Changing your mind

Click "Cookie settings" in the footer of any page to re-open the consent banner and change your decision. We don't penalize either choice — the site works identically either way.

Real talk We picked GA4 because it's free, well-documented, and gives us the full conversion funnel data we need to actually improve this site. We added Consent Mode v2 so even users who decline can be counted in aggregate without any tracking — that's the closest thing to a privacy-friendly default GA4 offers. If you want zero pings of any kind, just block analytics scripts in your browser (most ad blockers do this automatically).

07Your rights

Under GDPR (if you're in the EU/EEA/UK) and CCPA (if you're in California), you have the right to:

  • Access — see what we have on you
  • Rectification — fix anything that's wrong
  • Erasure ("right to be forgotten") — ask us to delete everything
  • Restriction — ask us to stop processing your data while a question is being resolved
  • Portability — get a copy of your data in a machine-readable format
  • Object — say no to specific uses of your data
  • Lodge a complaint with a supervisory authority (in the EU, your national Data Protection Authority)

To exercise any of these rights, email info@webmarket.io with the subject line "Privacy request" and tell us which right you're exercising. We'll respond within 30 days (usually much faster). We don't charge a fee for this.

We'll need to verify it's actually you before we delete anything — usually we'll just reply to the email address you originally booked with, or ask one verifying question.

08Security

Standard hygiene:

  • The site runs over https:// with TLS encryption
  • API keys and secrets are stored in environment variables, not in source code
  • The team uses 2FA on every service that supports it
  • We don't store payment information — any payments go directly through Stripe (we never see your card)

If we ever experience a breach that affects your data, we'll notify you within 72 hours as required under GDPR Article 33 — by email if we have your email, or by a notice on this site if we don't.

09International data transfers

We're based in Armenia. Our service providers (Resend, Telegram, Google, Vercel) are based in the US and EU. Your data may be processed in any of these locations. All providers we use are bound by their own privacy commitments and (where applicable) Standard Contractual Clauses or equivalent transfer mechanisms under GDPR.

Armenia has its own data protection law (RA Law on Personal Data Protection ↗) which we comply with as well.

10Children's privacy

Webmarket isn't directed at people under 18. We don't knowingly collect data from children. If you believe a minor has submitted information through our site, email us at info@webmarket.io and we'll delete it.

11Changes to this policy

If we update this privacy policy in any meaningful way, we'll change the "Last updated" date at the top and — for substantive changes that affect existing users — we'll send a notice to anyone we have an active email relationship with.

Minor edits (typos, clarifications, adding a new tool that doesn't change what we do with your data) won't trigger an email but will be reflected in the "Last updated" date.

12Contact us about privacy

One human reads every privacy email. No ticketing system, no auto-responder, no "your privacy concern is important to us" templated reply.

  • Email: info@webmarket.io with subject "Privacy"
  • Response time: within 5 business days (usually 1-2)
  • Mailing address: Webmarket, Yerevan, Armenia (full registration address available on request — most people don't need it)

For EU residents specifically, you can also contact your local Data Protection Authority. Find yours here ↗.

Done reading the legal stuff?

Talk to us about your project.

We don't store anything we don't need to. We just want to know if we can help you ship something good.

Book a build call