Legal

Privacy Policy

Effective date: 1 June 2026  ·  Last updated: 1 June 2026

Back to home
Plain-language summary: Ullbek is simple — you sign up, describe what you want, and we build your website. We only collect what's needed to make that work. Your prompts are sent to AI model providers to generate your site; that's the core of how the product works. We don't sell your data, and we don't share it with anyone except as needed to operate the product or as required by law.

01 Overview

This Privacy Policy describes how Ullbek ("Ullbek", "we", "us", or "our") collects and uses information about you when you use the Ullbek platform and AI-powered website builder (the "Services").

Ullbek is a straightforward product: you create an account, describe your website, and our AI builds it for you. We keep the data we collect to the minimum necessary for that experience, and we're transparent about how it flows through our systems.

This policy should be read alongside our Terms & Conditions, which govern your use of the Services. By using the Services you acknowledge the practices described here.

02 What We Collect

We collect only what's needed to run the Services:

Category Examples How collected
Account data Email address and display name You provide it when you sign up
Prompts & instructions The text you type to describe your website or request changes You provide it during use; transmitted to LLM providers to generate your site
Generated content HTML, CSS, JS, and images the AI creates for you Created by the AI and stored in your account
Uploaded assets Images, fonts, or files you upload for your site You provide them directly
Usage data Pages visited, features used, error logs Automatically via our servers and analytics
Device & browser data IP address, browser type, OS Automatically when you connect to the Services

We do not collect sensitive personal data such as date of birth, home address, government-issued ID numbers, health information, or financial details. Please don't include such information in your prompts or uploaded content.

03 How We Use Your Data

We use the data we collect strictly to:

  • Operate the Services — authenticate your account, store your sites, and serve your published websites to visitors.
  • Run the AI agent — forward your prompts and relevant context to LLM providers so they can generate website code on your behalf (see Section 4).
  • Improve the product — analyse aggregated, anonymised usage patterns to identify bugs, improve performance, and develop new features.
  • Communicate with you — send transactional emails (password resets, service notices) and, where you've opted in, product updates.
  • Comply with legal obligations — retain records as required by applicable law and respond to lawful requests from authorities.
  • Prevent abuse — detect and block activity that violates our Acceptable Use Policy or poses a security risk.

We do not sell your personal data. We do not use your data for advertising or share it with data brokers.

04 AI & LLM Providers — Important Notice

This is the most important section for most users. When you type a prompt in Ullbek, that prompt — along with the context needed to build your site — is sent to a third-party AI model provider. This is the fundamental mechanism of the product; without it the AI agent cannot work.

Ullbek works by passing your instructions to large language model (LLM) providers. By using Ullbek you are therefore directly and indirectly interacting with those providers' systems, and their own privacy policies and terms of service govern how they handle your data.

What this means in practice:

  • Your prompts, conversation history, and relevant site context are transmitted to LLM providers to generate code and content.
  • Each provider has its own data retention and processing policies. We have no control over how they handle data once it is transmitted.
  • By using Ullbek, you also indirectly agree to the terms and privacy policies of the LLM providers we use. We encourage you to review those policies directly.
  • We use commercially available API access to these models, which typically includes enhanced data-protection terms (such as no-training commitments) compared to consumer-facing products.

The LLM providers we currently use include:

G
Google (Gemini models) Used for AI generation tasks via the Gemini API.
Google Privacy Policy ↗  ·  Gemini API Terms ↗
A
Anthropic (Claude models) Used for AI generation tasks via the Claude API.
Anthropic Privacy Policy ↗  ·  Anthropic Usage Policy ↗
O
OpenAI (GPT models) May be used for specific generation or fallback tasks via the OpenAI API.
OpenAI Privacy Policy ↗  ·  OpenAI Usage Policy ↗

We reserve the right to add, remove, or change LLM providers at any time and will update this section when we do so.

Data breaches at LLM providers: Ullbek is not responsible for any exposure of data resulting from a security incident at an LLM provider. If you are notified of a breach by a provider, please also contact us at support@ullbek.com so we can assess any impact on our systems.

05 Third-Party Data Sharing

We do not sell, rent, or trade your personal data. We share data with third parties only in the following limited circumstances:

  • LLM providers — as described in Section 4, your prompts and context are transmitted to AI model providers as the core operational requirement of the product.
  • Infrastructure & hosting — we use cloud infrastructure providers (servers, CDN, file storage) that process data on our behalf under data processing agreements. They act as processors, not independent controllers of your data.
  • Analytics — we may use privacy-respecting analytics tools to understand aggregate usage patterns. These tools receive anonymised or pseudonymised data only.
  • Legal & regulatory requirements — we may disclose data if required by a valid court order, legal process, or government authority, or to protect the rights and safety of Ullbek, its users, or the public.
  • Business transfers — in the event of a merger, acquisition, or sale of our assets, your data may transfer as part of that transaction. We will provide notice before your data becomes subject to a different privacy policy.

06 Cookies & Tracking Technologies

We use a minimal set of cookies:

  • Essential cookies — required for authentication (keeping you logged in), session management, and security. These cannot be disabled without breaking the Services.
  • Preference cookies — remember your settings such as dark/light mode. These are stored locally on your device.
  • Analytics cookies — used to understand how visitors use our site in aggregate. We use privacy-first analytics that do not track you across other websites.

We do not use advertising or tracking cookies and do not use third-party ad networks or retargeting pixels.

You can control or delete cookies through your browser settings. Blocking essential cookies will impair your ability to use the Services.

07 Data Retention

We retain your data for as long as your account is active or as needed to provide the Services:

  • Account data — retained for the life of your account plus up to 30 days after deletion to allow for recovery, then permanently deleted.
  • Site content & assets — retained while your account is active. On account deletion, scheduled for permanent deletion within 30 days.
  • Usage logs — aggregated and anonymised within 90 days; raw logs deleted within 12 months.
  • Support correspondence — retained for up to 3 years to maintain context for future support interactions.
  • Prompt history — retained in your account for build history and context. You may delete individual sessions from your dashboard at any time.

When data is deleted we take reasonable steps to ensure it is removed from active systems. Residual copies in encrypted backups may persist for up to 90 days before being overwritten.

08 Security

We implement industry-standard security measures to protect your data, including:

  • Encryption in transit (TLS 1.2+) for all data between your browser and our servers;
  • Encryption at rest for stored data and backups;
  • Hashed and salted password storage — we never store plain-text passwords;
  • Access controls ensuring only authorised personnel can access production systems;
  • Regular security reviews and dependency updates.

No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. In the event of a breach affecting your personal data, we will notify you and the relevant authorities as required by applicable law.

You are responsible for maintaining the security of your account credentials. If you suspect unauthorised access, contact us immediately at support@ullbek.com.

09 Your Rights

Depending on where you are located, you may have the following rights regarding your personal data. We honour these rights regardless of your location where technically feasible:

  • Access — request a copy of the personal data we hold about you.
  • Correction — ask us to correct inaccurate or incomplete data.
  • Deletion — request that we delete your personal data, subject to legal retention obligations.
  • Portability — receive your data in a structured, machine-readable format.
  • Restriction — ask us to restrict processing of your data in certain circumstances.
  • Objection — object to processing of your data based on legitimate interests.

To exercise any of these rights, contact us at support@ullbek.com. We will respond within 30 days. We may ask you to verify your identity before acting on a request.

Note on LLM provider data: We cannot retrieve, correct, or delete data already transmitted to and processed by LLM providers. For those rights, please contact the relevant provider directly using the links in Section 4.

If you are in the EEA, UK, or Switzerland and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection authority.

10 International Data Transfers

Ullbek operates globally, and your data may be transferred to and processed in countries other than your own, including countries that may not provide the same level of data protection.

When we transfer personal data across borders, we rely on appropriate safeguards such as:

  • Standard Contractual Clauses (SCCs) approved by the European Commission for transfers from the EEA;
  • the UK International Data Transfer Agreement (IDTA) for transfers from the UK;
  • data processing agreements with sub-processors that include appropriate transfer mechanisms.

By using the Services, you acknowledge that your data may be transferred internationally as part of the product's operation, including to the servers of the LLM providers listed in Section 4.

11 Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

  • update the "Last updated" date at the top of this page;
  • notify registered users by email or in-app notice at least 14 days before the change takes effect, except where immediate changes are required by law.

Your continued use of the Services after the effective date constitutes acceptance of the updated policy. If you do not agree, please stop using the Services and close your account.

12 Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy, please reach out:

Ullbek — Privacy Data & Privacy enquiries support@ullbek.com We aim to respond to all privacy requests within 30 days.