Privacy Policy

Last updated: April 16, 2026

WhatIMade.app ("we", "us", "our") operates the website hosting platform at whatimade.app. This policy explains what data we collect, why, and how we handle it.

What We Collect

We keep data collection to a minimum. Here is what we store:

• Account data: When you sign in with Google, we receive your name, email address, and profile picture from Google. We use this solely to identify your account.
• Site files: Files you upload are stored by our hosting provider, Cloudflare, so visitors to your site can load them.
• Visit counts: We count how many times each of your pages is viewed, using a tiny invisible image. We do not set cookies for this, we do not follow visitors from one of your sites to another, and we do not keep visitor IP addresses or any "device fingerprint" for this counting.
• Connection logs: Cloudflare may briefly keep a record of every request (the visitor's IP address, which browser they used, and when) so they can spot attacks and abuse. These short-term logs are held by Cloudflare, not by us, and are not kept long-term.

What We Do Not Collect

• We do not use third-party analytics services (no Google Analytics, no Facebook Pixel, no trackers).
• We do not sell, rent, or share your personal data with advertisers or data brokers.
• We do not track you across websites.
• We do not read the textual content of your files for analytics, training, or any data-mining purpose.

Content Safety Scanning

For anonymous uploads only (sites put up without signing in to an account), we run a narrow automated check for known viruses and for pages that look like they are trying to trick visitors into handing over bank or card details while pretending to be another company. The check runs once at upload, delivers a simple "allow", "flag", or "block" result, and the uploaded files are not read for any other reason. Signed-in users are trusted and their uploads are not scanned. The check exists to stop the free no-account service from being used to host scam pages on addresses ending in .whatimade.app.

How We Use Your Data

• Account data is used to authenticate you and associate sites with your account.
• Site files are stored to serve your website to the public (or to password-protected visitors, if you set a password).
• Page view counts are shown to you in your dashboard so you can see how your site is performing.

Cookies

We use a single cookie (called wim_session) when you sign in. It exists so we can tell it is still you when you click around the dashboard. In plain English, we have set it up so that:

• It cannot be read by any script running in the page - only the server sees it.
• It is only ever sent over an encrypted connection, never in the clear.
• It is not sent to us if another website sends you somewhere that would post to us from outside.
• It clears itself after 7 days of you not using it.

We do not use advertising cookies, we do not use tracking cookies, and we do not allow any outside company to set cookies on our pages.

Outside companies we rely on

• Google: We use "Sign in with Google" so you do not need another password. Google confirms to us that it is you. Google's policy: Google's Privacy Policy.
• Cloudflare: The company whose servers we run on. Every request to us passes through their network. Cloudflare's policy: Cloudflare's Privacy Policy.
• Stripe: Only used if you buy a domain name from us. Card details go straight to Stripe and never touch our systems. Stripe's policy: Stripe's Privacy Policy.

Where your data lives, and how it is protected

Your files and your account records are kept on Cloudflare's network (the same company most of the world's large websites rely on). If you set a password on one of your sites, we never keep the password itself: we scramble it in a way that would take an attacker far too long to unpick, even if they got hold of our database. The same is true for any access keys you create. Our sign-in session tokens are built from random numbers a computer cannot guess.

Data Deletion

You can delete any site from your dashboard at any time. This permanently removes the site record and all associated files. If you want your entire account deleted, contact us at support@whatimade.app and we will remove all your data within 30 days.

Children's Privacy

WhatIMade.app is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

Changes to This Policy

We may update this policy from time to time. When we do, we will update the "Last updated" date at the top. Continued use of the service after changes constitutes acceptance of the updated policy.

Contact

Questions about this privacy policy? Email us at support@whatimade.app.