Privacy Policy

Effective Date: April 21, 2026 · Last Updated: April 21, 2026

This Privacy Policy explains how Webido CTR ("Webido," "we," "us," or "our") collects, uses, discloses, and protects personal information when you interact with our website at webidoctr.com, our customer application at app.webidoctr.com, our marketplace listings (including Legiit), our booking system at calendly.com/webido, and any of our related services (collectively, the "Services"). This Privacy Policy applies to customers, prospective customers, agency partners, and website visitors in the United States, the United Kingdom, Canada, Australia, and elsewhere.

By using our Services, you confirm that you have read and understood this Privacy Policy. If you do not agree with this Policy, please do not use our Services.

1.Overview and Scope

Webido is a digital marketing company providing Done-For-You click-through rate (CTR) optimization, Google Business Profile ranking services, AI platform visibility services, GPS drive simulation, citation building, and related services to local businesses. This Privacy Policy covers personal information we collect from:

Business owners, marketing managers, and other representatives of our customers
Agency partners and resellers
Visitors to our websites and marketplace listings
Individuals who book consultations, subscribe to our communications, or contact us through any channel

Our Services are directed at businesses, not at individual consumers. However, because business representatives are individuals, personal information is collected and processed in the course of providing our Services, and applicable privacy laws therefore apply.

2.Who We Are

For purposes of data protection law, the controller of your personal information is:

Webido CTR

Collin County, Texas, United States

Email (general): [email protected]

Email (privacy requests): [email protected]

Website: https://webidoctr.com

3.Information We Collect

We collect the following categories of personal information:

3.1 Information You Provide Directly

Account and contact information: business name, contact person's name, email address, phone number, billing address, time zone, and country of operation.
Billing and payment information: payment card details (tokenized and stored by our payment processor — Webido does not retain full card numbers), billing history, invoices, and transaction records.
Campaign inputs: Google Business Profile URLs, website URLs, target keywords, service areas, business categories, hours of operation, and related information you provide to configure your campaign.
Access credentials: when you grant us Google Business Profile "Manager" access or Google Search Console access, we receive permissioned access to your connected accounts. We do not receive or store your Google account password.
Communications: support tickets, emails, Calendly bookings, chat messages, and any other correspondence with us.
Marketing preferences: newsletter subscriptions, opt-in status, and communication preferences.

3.2 Information Collected Automatically

Device and browser information: IP address, device type, operating system, browser type and version, screen size, language preference, and referring URL.
Usage information: pages viewed, links clicked, time spent on pages, dashboard interactions, feature usage, and other behavioral data.
Cookies and similar technologies: see Section 12 below.
Log data: server logs, error logs, and security event logs.

3.3 Information We Receive from Third Parties

Platform APIs: Google Business Profile data (Insights, reviews, posts, Q&A), Google Search Console data (queries, clicks, impressions, rankings), Bing Places data, and data from third-party rank-tracking services such as SEO Utils, Local Falcon, and Whitespark — all obtained pursuant to your authorization and the applicable platform terms.
AI platform signals: visibility and citation data from ChatGPT, Perplexity, Google Gemini, and similar platforms, via third-party monitoring tools (including Trackerly.ai and DataforSEO) where relevant to your campaign.
Referral data: if you were referred by an agency partner, marketplace, or affiliate, we may receive your name, email, and referral details from that partner.
Payment processors: transaction confirmations, fraud flags, and dispute notifications from our payment processors.

3.4 Sensitive Personal Data

Webido does not intentionally collect sensitive personal data (such as precise geolocation, racial or ethnic origin, religious beliefs, citizenship, genetic or biometric data, or data concerning health, sex life, or sexual orientation) from you. If you voluntarily provide such data (for example, in a support message), we do not process it beyond what is necessary to respond to your inquiry. We do not collect personal data of children knowingly — see Section 17.

4.How We Collect Information

We collect information:

Directly from you when you purchase a Service, create an account, request a quote, book a consultation, subscribe to our communications, or contact us
Automatically as you use our websites and application (via cookies, pixels, analytics tags, and server logs)
From your Google, Bing, and other connected accounts when you grant us access (with your permission and only within the scope you authorize)
From third-party service providers, marketplaces (including Legiit), referral partners, and analytics platforms
From publicly available sources (such as your Google Business Profile and website content) when relevant to your campaign

5.How We Use Your Information

We use your information for the following purposes:

Service delivery: to set up, operate, monitor, and report on your CTR, GBP, SERP, AI visibility, DriveForge, citation, audit, and other Services.
Billing and accounting: to process payments, issue invoices, manage subscriptions, and handle refunds or disputes.
Customer support: to respond to inquiries, troubleshoot issues, and provide campaign guidance.
Account management: to manage your account, authenticate your identity, and secure your dashboard.
Campaign reporting: to generate daily activity reports, monthly performance reports, GeoGrid maps, ResolveMap audits, and AI Visibility Audits.
Service improvement: to analyze aggregated usage patterns, improve our Services, develop new features, and optimize performance.
Marketing communications: to send you promotional emails, newsletters, and product updates — you may opt out at any time via the unsubscribe link in any email or by emailing [email protected].
Fraud prevention and security: to detect, prevent, and respond to fraud, abuse, unauthorized access, and security incidents.
Legal compliance and dispute defense: to comply with legal obligations, enforce our Terms of Service and Refund Policy, respond to legal process, and defend against chargebacks or other claims.
Business operations: general business administration, accounting, internal reporting, and auditing.

We do not use your personal information for automated decision-making with legal or similarly significant effects. We do not sell your personal information. We do not share personal information with third parties for targeted advertising on other websites.

6.Legal Bases for Processing (UK / EU Customers)

If you are located in the United Kingdom or the European Economic Area, we rely on the following legal bases to process your personal information under the UK GDPR and EU GDPR:

Performance of a contract — to deliver the Services you purchased and to manage your account.
Legitimate interests — to secure our Services, prevent fraud, improve our Services, respond to inquiries, and defend against disputes, in each case where our legitimate interests are not overridden by your rights.
Consent — for marketing communications and non-essential cookies, where applicable. You may withdraw consent at any time.
Legal obligation — to comply with applicable law (for example, tax records, responses to valid legal process).

We share personal information in the following limited circumstances:

With service providers: we engage third-party service providers who process personal information on our behalf for specific purposes (see Section 8). These providers are bound by contractual obligations to protect your information and use it only for the purposes we specify.
With platform APIs: when you authorize us to connect to Google Business Profile, Google Search Console, or similar platforms, we exchange data with those platforms as needed to deliver the Service.
With agency partners and white-label resellers: if your Services are delivered through or alongside an agency partner, we share campaign data and reporting with that partner as required for service delivery.
With legal and regulatory authorities: we may disclose information when required by law, subpoena, court order, or other valid legal process, or to protect the rights, property, or safety of Webido, our customers, or others.
In connection with a business transaction: if Webido is involved in a merger, acquisition, financing, or sale of assets, personal information may be transferred as part of that transaction, subject to the terms of this Privacy Policy.
With your consent: where you have given us consent to share your information.

We do not "sell" your personal information as that term is defined under applicable U.S. state privacy law, and we do not share personal information for cross-context behavioral advertising or targeted advertising.

8.Third-Party Service Providers

The following categories of service providers process personal information on our behalf. The specific vendors we use may change from time to time; a current list is available on request via [email protected].

Payment processing — processing payments, managing subscriptions, handling chargebacks
Invoicing / billing — generating invoices and managing accounts receivable (e.g., Wayfront)
Customer application — hosting app.webidoctr.com, order management, dashboard, reporting
Email and communications — transactional emails, support correspondence, newsletter delivery
Scheduling — booking consultations (Calendly)
Marketplace — marketplace listings and transactions (Legiit)
Analytics — website and application analytics
Rank tracking — monitoring keyword and GBP rankings (e.g., SEO Utils, Local Falcon, Whitespark)
Platform APIs — Google Business Profile, Google Search Console, Bing Places, and related platforms you authorize us to connect to
AI visibility monitoring — LLM citation monitoring (e.g., Trackerly.ai, DataforSEO)
Cloud infrastructure — data hosting, backup, and security
Fulfillment partners — specific one-time services (e.g., Wikidata entity creation) where we engage third-party specialists on your behalf

Each service provider is bound by a data processing agreement or equivalent contract requiring appropriate security measures and limiting their use of your information to the purposes we specify.

9.International Data Transfers

Webido is based in the United States. Personal information we collect may be transferred to, processed in, and stored in the United States and other countries where our service providers operate. Data protection laws in these countries may differ from those in your country.

When we transfer personal information from the United Kingdom, European Economic Area, or other jurisdictions with cross-border transfer restrictions, we rely on appropriate safeguards, including:

Standard Contractual Clauses approved by the European Commission (and UK International Data Transfer Agreement / Addendum for UK transfers)
Supplementary technical, contractual, and organizational measures where required
Your explicit consent, where applicable

You may request a copy of the relevant safeguards by contacting [email protected].

10.Data Retention

We retain personal information only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. Typical retention periods:

Active customer data: for the duration of your relationship with Webido.
Billing records: for seven (7) years after the transaction, as required by U.S. federal and Texas state tax and accounting law.
Campaign activity logs and reporting: up to three (3) years after campaign end, to support dispute defense and service-quality review.
Communications (email and support tickets): up to three (3) years.
Marketing data: until you unsubscribe or withdraw consent, plus a minimal suppression-list retention to honor unsubscribe requests.
Cookies: see Section 12 for typical lifespans.

When personal information is no longer needed, we either delete it or anonymize it so it can no longer be associated with you.

11.Data Security

We maintain reasonable administrative, technical, and physical safeguards designed to protect personal information against loss, misuse, unauthorized access, disclosure, alteration, and destruction. These measures include:

Encryption in transit (TLS/HTTPS) for all web and application traffic
Encryption at rest for stored sensitive data (including tokenized payment information, which is held by our payment processor — not by Webido)
Role-based access controls and the principle of least privilege for employees and contractors
Multi-factor authentication on administrative accounts
Regular backup, monitoring, and incident-response procedures
Vendor due diligence and contractual security requirements

No method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials and for notifying us promptly of any suspected unauthorized access.

12.Cookies and Tracking Technologies

We and our service providers use cookies, pixels, web beacons, and similar technologies to operate and analyze our Services. We use the following categories:

Strictly necessary cookies: required for the Services to function, including authentication, session management, checkout, and security. These cannot be disabled.
Functional cookies: remember your preferences (language, display, previously viewed items) to personalize your experience.
Analytics cookies: help us understand how visitors use our Services, so we can improve them. This may include cookies set by third-party analytics providers.
Marketing cookies: used only where consented and only for measurement of our own marketing campaigns. We do not use cookies for third-party targeted advertising or cross-context behavioral advertising.

You can control cookies through your browser settings. Most browsers allow you to refuse cookies, delete cookies, or receive a notification when cookies are set. Disabling strictly necessary cookies may impair the functionality of our Services. Where required by law, we display a cookie banner at your first visit to obtain consent for non-essential cookies.

13.Your Privacy Rights

Depending on where you live, you may have specific rights regarding your personal information. This section summarizes those rights. The rights you actually have depend on your jurisdiction.

13.1 Texas Residents (Texas Data Privacy and Security Act)

If you are a Texas resident, you have the following rights under the Texas Data Privacy and Security Act (TDPSA), effective since July 1, 2024:

Right to know / access: confirm whether we process your personal data and access the data we have about you.
Right to correct: correct inaccurate personal data.
Right to delete: request deletion of personal data we have about you.
Right to data portability: obtain a copy of your personal data in a portable, readily usable format.
Right to opt out of: (a) the sale of your personal data, (b) targeted advertising, and (c) profiling in furtherance of decisions that produce legal or similarly significant effects. Webido does not sell personal data, does not engage in targeted advertising using your personal data, and does not engage in such profiling.
Right to appeal: appeal our refusal to act on your request (see Section 15).

13.2 Other U.S. State Residents

If you are a resident of California, Virginia, Colorado, Connecticut, Utah, Oregon, Montana, Delaware, Iowa, Indiana, Tennessee, or another U.S. state with a comprehensive consumer privacy law, you generally have similar rights to those listed in Section 13.1 under your state's law. We honor requests under your state's law regardless of where you are located. California residents have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), including the right to limit the use of sensitive personal information (we do not process sensitive personal information for any secondary use).

13.3 UK / EEA Residents (UK GDPR / EU GDPR)

If you are located in the United Kingdom or the European Economic Area, you have the following rights:

Right of access to your personal data
Right to rectification of inaccurate data
Right to erasure ("right to be forgotten") in certain circumstances
Right to restriction of processing
Right to data portability
Right to object to processing based on legitimate interests or for direct marketing
Right not to be subject to solely automated decision-making
Right to withdraw consent at any time (where processing is based on consent)
Right to lodge a complaint with your supervisory authority — for UK residents, the Information Commissioner's Office (ICO) at ico.org.uk

13.4 Canadian Residents (PIPEDA and provincial equivalents)

If you are in Canada, you have rights under the Personal Information Protection and Electronic Documents Act (PIPEDA) and equivalent provincial laws, including the right to access, correct, and withdraw consent to the processing of your personal information. You may contact the Office of the Privacy Commissioner of Canada at priv.gc.ca.

13.5 Australian Residents (Privacy Act 1988)

If you are in Australia, you have rights under the Privacy Act 1988 and the Australian Privacy Principles, including the right to access and correct your personal information. You may contact the Office of the Australian Information Commissioner at oaic.gov.au.

14.How to Exercise Your Rights

To exercise any of the rights described in Section 13:

Email [email protected] with the subject line "Privacy Rights Request."
Include your full name, the email address on file, your country and (if applicable) state or province of residence, and a clear description of the right you are exercising.
We will verify your identity before acting on your request, which may involve confirming information we already have on file.

We will respond to your request within the timeframe required by applicable law (typically 45 days for U.S. state law requests, with a 45-day extension where reasonably necessary, and 30 days for UK GDPR requests, with extensions where permitted). There is no fee for reasonable requests. For unfounded, excessive, or repetitive requests, we may charge a reasonable fee or refuse to act, to the extent permitted by law.

You may designate an authorized agent to make a request on your behalf. We will require written proof of the agent's authority and may require direct verification from you.

15.Appeals

If we decline to act on your privacy rights request, you have the right to appeal. To appeal, email [email protected] with the subject line "Privacy Rights Appeal" and include (a) the original request, (b) our response, and (c) the basis for your appeal. We will review and respond to the appeal within the timeframe required by applicable law (typically 60 days for Texas residents under the TDPSA).

If your appeal is denied, Texas residents may contact the Texas Attorney General's consumer-protection division. UK residents may contact the Information Commissioner's Office. Residents of other jurisdictions may contact their applicable data protection authority.

16.Universal Opt-Out Mechanisms (Global Privacy Control)

In compliance with the Texas Data Privacy and Security Act and similar laws in California, Colorado, Connecticut, and other U.S. states, Webido recognizes universal opt-out signals. If your browser transmits a Global Privacy Control (GPC) signal or similar recognized opt-out mechanism, we treat that signal as a valid request to opt out of the sale of your personal data and targeted advertising.

Because Webido does not sell personal data and does not engage in targeted advertising, the practical effect of a GPC signal on our processing is limited. However, we honor the signal as a formal opt-out record and confirm that no sale or targeted-advertising processing occurs in any event.

17.Children's Privacy

Our Services are intended for businesses and business representatives who are at least 18 years old. We do not knowingly collect personal information from children under the age of 18 (or under the higher age specified by applicable law). If you believe that we may have collected personal information from a child, please contact us at [email protected] so we can promptly delete it. We comply with the Children's Online Privacy Protection Act (COPPA) where applicable.

18.Third-Party Links

Our Services may contain links to websites, applications, and services operated by third parties (such as Google, Bing, payment processors, marketplaces, and external content referenced in reports). We are not responsible for the privacy practices of those third parties. This Privacy Policy does not apply to information collected by third parties. We encourage you to review the privacy policies of any third-party services you use.

19.Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, our Services, or applicable law. When we make material changes, we will (a) update the "Last Updated" date at the top of this Policy and (b) notify you by email (to the address on file for active customers) or through a prominent notice on our website at least 14 days before the changes take effect, unless a shorter period is required by law. Your continued use of the Services after the effective date of an updated Privacy Policy constitutes your acceptance of the updated Policy.

20.Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us: