Privacy Policy

Last updated: 2026-06-04

1. Who we are

Bubble WU Auditor is operated by AVBoost Agency. This policy explains how we collect, use, and protect data when you use WU Auditor to audit your Bubble.io application's workflow cost.

2. Data we collect

From you (the Bubble developer)

  • Account email address and authentication credentials.
  • Your Bubble app's Data API key — used read-only to fetch workflow definitions and usage stats. The key is encrypted at rest (AES-256-GCM with a per-tenant key). We never log the raw key value.
  • Your self-reported WU overage rate (used for cost dollarization; you can update it anytime).
  • Billing information processed by Stripe (we do not store raw card data).

From your Bubble app (via the Data API)

  • Workflow definitions — the names and action types in your workflow graph. We use this for static analysis only.
  • Aggregated action-execution counts from Bubble's Usage Logs API (last 14 days). These are aggregate stats, not individual user records.

We do not access your data tables, user records, customer content, or any personal data stored in your Bubble app.

3. How we use data

  • To run workflow cost analysis and generate dollar-ranked recommendations.
  • To display audit results, trend charts, and scorecard grades in your dashboard.
  • To run scheduled weekly re-scans (Standard plan).
  • To operate billing, support, and service notifications.

We do not sell or share your data with third parties for advertising purposes.

4. Data storage and security

  • All data stored in EU (Hetzner Falkenstein, Germany).
  • Row-level security enforced per account (tenant) in Postgres.
  • Bubble Data API key encrypted at rest (AES-256-GCM with per-tenant key).
  • HTTPS enforced on all endpoints.

5. Data retention

  • Full audit detail (workflow-level findings): 90 days.
  • Aggregated savings statistics (no PII): retained indefinitely for trend analysis.
  • Account data: retained until you request deletion.

6. Third-party services

  • Bubble.io — we access your app's Data API on your behalf with your key.
  • Stripe — payment processing. Governed by Stripe's privacy policy.

7. Your rights (GDPR)

You may request access to, correction of, or erasure of your data at any time. Email [email protected]. We will respond within 30 days.

8. Cookies

We use a session cookie for authenticated dashboard access only. No advertising or tracking cookies.

9. Contact

Questions about this policy: [email protected]