popwis
Start free

Privacy Policy

Last updated: March 8, 2026

1. Introduction

Popwis (“we”, “our”, “us”) respects your privacy and is committed to protecting the personal data of our users and their website visitors. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data.

2. Data We Collect

2.1 Account Data

When you create a Popwis account, we collect:

  • Email address
  • Name (if provided)
  • Password (securely hashed, never stored in plain text)
  • Organization and site information you configure

2.2 Visitor Data (Collected on Your Behalf)

When you install the Popwis tracking script on your website, we collect data from your visitors on your behalf, including:

  • Page views and widget interactions
  • Browser type, device type, and approximate location (country/region)
  • Form submissions (email, name, phone — as configured by you)
  • Cart and purchase events (if cart recovery is enabled)

You are the data controller for visitor data collected through your widgets. We act as a data processor on your behalf.

2.3 Usage Data

We collect anonymized usage data about how you interact with the Popwis dashboard, including pages visited, features used, and error logs, to improve the Service.

3. How We Use Your Data

We use collected data to:

  • Provide and maintain the Service
  • Process your subscription and billing
  • Display widgets, notifications, and forms on your website
  • Store and manage your contacts, deals, and calendar events
  • Execute AI-powered workflows you configure (which may send data to AI providers and connected integrations)
  • Send transactional emails (account verification, password resets, email sequences you configure)
  • Sync data with third-party platforms you connect (e-commerce stores, email marketing tools, social media, etc.)
  • Improve the Service and fix bugs
  • Respond to support requests

We do not sell your data or your visitors' data to third parties.

4. Third-Party Services

4.1 Infrastructure Services

We use the following services to operate Popwis:

  • Supabase — Database hosting and authentication. Your account data, contacts, and widget configurations are stored in Supabase's infrastructure.
  • Vercel — Application hosting and CDN. Serves the Popwis dashboard and widget scripts.
  • Lemon Squeezy — Payment processing. Handles subscription billing and payment information. We do not store your credit card details.
  • Resend — Email delivery. Sends transactional and sequence emails on your behalf.

4.2 AI Providers

If you use AI-powered workflows, your prompts and workflow context may be processed by the AI provider you select:

  • OpenAI — GPT models for text generation and analysis.
  • Anthropic — Claude models for text generation and analysis.
  • Google Gemini — Gemini models for text generation.
  • DeepSeek — DeepSeek models for text generation.

Data sent to AI providers includes only the context needed for your configured workflow actions (e.g., contact data, email content, order details). You can provide your own API key or use Popwis's shared key within your plan's token limits.

4.3 E-Commerce Platforms

If you connect your online store, we access product catalogs, orders, and customer data to power widgets and workflows:

  • Shopify — Products, orders, customers, and cart data via OAuth.
  • WooCommerce — Products, orders, and customers via REST API keys.
  • BigCommerce — Products, orders, and customers via API credentials.

4.4 Email Marketing Platforms

If you connect email marketing tools, contact data is synced according to your configuration:

  • Mailchimp — Contact sync, list management, and event webhooks.
  • Klaviyo — Contact profile sync, event tracking, and webhooks.

4.5 Google API Services

If you connect your Google account, we may access the following services based on the permissions you grant:

  • Gmail — Read incoming emails to trigger workflows, send replies on your behalf, archive messages, and apply labels.
  • Google Sheets — Read and write data in spreadsheets you specify for workflow automation.
  • Google Drive — Upload and manage files as part of workflow actions.
  • YouTube — Upload videos and manage metadata via workflow actions.

We only access the Google data necessary to perform the workflow actions you configure. OAuth tokens are stored in our database and used solely to execute your workflows. You can disconnect your Google account at any time from the Integrations page, which revokes our access.

Popwis's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

4.6 Microsoft Services

If you connect your Microsoft account:

  • Outlook — Read and send emails, manage calendar events as workflow actions.
  • OneDrive — Upload and manage files as workflow actions.

4.7 Social Media Platforms

If you connect social media accounts for content publishing workflows, we access your accounts to post content you configure:

  • Meta (Facebook & Instagram) — Post to Pages and Business accounts.
  • Twitter / X — Post tweets and media.
  • LinkedIn — Publish professional content.
  • TikTok — Publish videos.
  • Pinterest — Create pins.

4.8 Productivity & Database Tools

If you connect productivity tools, we read and write data as part of workflow actions:

  • Notion — Create and update pages and database records.
  • Airtable — Create and update table records.
  • MongoDB — Read and write documents via the Data API.
  • Firebase Firestore — Read and write documents.
  • PostgreSQL — Execute queries on your external databases.

4.9 Cloud Storage

  • AWS S3 / Cloudflare R2 — Upload and manage files in your buckets.
  • Dropbox — Upload and manage files.

4.10 Communication

  • Twilio — Send SMS and WhatsApp messages as workflow actions.

4.11 Automation

  • Zapier — Send and receive events for third-party automation.

For all user-connected integrations: we only access data necessary to perform the actions you configure. OAuth tokens and API credentials are stored in our database and used solely to execute your workflows. You can disconnect any integration at any time from the Integrations page. Each integration's data handling is also subject to that service's own privacy policy.

5. Google API Services — Limited Use Disclosure

Popwis's use of data received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We only use Google data to provide and improve the user-facing features you configure (automated workflows).
  • We do not transfer Google data to third parties, except as necessary to provide the Service, comply with applicable law, or as part of a merger/acquisition with adequate data protection.
  • We do not use Google data for advertising or to serve ads.
  • Humans only read Google data when you give us permission for support purposes, when required for security purposes, or to comply with applicable law.

6. Cookies and Tracking

The Popwis dashboard uses essential cookies for authentication and session management. These are strictly necessary and cannot be disabled.

The Popwis widget script installed on your website uses localStorage to track widget display frequency (e.g., preventing the same popup from showing repeatedly). We do not use third-party tracking cookies on your visitors.

7. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where retention is required by law.

Visitor analytics events are retained for the duration of your subscription. Contact data you collect is retained until you delete it or close your account.

8. Your Rights (GDPR)

If you are located in the European Economic Area, you have the right to:

  • Access — Request a copy of your personal data
  • Rectification — Request correction of inaccurate data
  • Erasure — Request deletion of your personal data
  • Portability — Export your data in a machine-readable format (CSV export is available in the dashboard)
  • Restriction — Request that we limit processing of your data
  • Objection — Object to processing based on legitimate interests

To exercise any of these rights, contact us at hello@popwis.net. We will respond within 30 days.

9. Data Security

We implement industry-standard security measures to protect your data, including encrypted connections (HTTPS/TLS), secure password hashing, row-level security policies on our database, and role-based access controls. However, no method of transmission over the Internet is 100% secure.

10. Children's Privacy

Popwis is not intended for use by anyone under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or a notice in the dashboard. The “Last updated” date at the top of this page indicates when the policy was last revised.

12. Contact Us

If you have questions about this Privacy Policy or your data, please contact us:

Email: hello@popwis.net
Website: popwis.net