Now accepting new projects — Get a free prototype →

Privacy Policy

Last updated: April 9, 2026

1. Introduction

Wildcore Studio (“we,” “us,” or “our”) is a web design and development studio based in the State of Florida, United States. We provide website design, development, hosting, and managed website services to businesses throughout the United States and internationally.

This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you visit our website, use our services, or otherwise interact with us. We've tried to write it in plain English. If anything is unclear, email us — we'll explain it.

2. Information We Collect

2.1 Information You Provide

We collect information that you voluntarily provide to us, including:

  • Contact information (name, email address, phone number, business address)
  • Business information (business name, website URL, business type, industry)
  • Project-related information (design preferences, content, images, branding materials)
  • Communications (emails, messages sent through our contact forms or client portal)
  • Payment and billing information (processed securely through Stripe; we do not store credit card numbers)
  • Account credentials (for our client portal, stored securely with industry-standard encryption)
  • Change requests and feedback submitted through our client portal

2.2 Information Collected Automatically

When you visit our website, we may automatically collect:

  • Device and browser information (browser type, operating system, screen resolution)
  • Usage data (pages visited, time spent on pages, click patterns, scroll depth)
  • IP address and approximate geographic location (city/region/country level)
  • Referral source (how you found our website)
  • Cookies and similar tracking technologies (see Section 9)

2.3 Information from Third Parties and Public Sources

We collect information about your business from publicly available sources and third-party data providers, including:

  • Your existing business website (content, design, structure, performance metrics)
  • Google Business Profile (ratings, reviews, photos, business hours, address)
  • Social media profiles (publicly available business pages on Facebook, Instagram, LinkedIn, etc.)
  • Public business directories and listings (Yelp, Yellow Pages, local chambers of commerce)
  • B2B data enrichment services (such as Apollo.io, Clearbit, Hunter.io) which may provide business contact information from publicly available sources
  • Reverse IP lookup services (such as RB2B, Vector, Leadfeeder) which may identify the business associated with a visitor's IP address

This information is collected to evaluate your current web presence, understand your business context, and provide you with relevant website design, development, and proposal services.

3. Automated Website Analysis and Proposal Generation

A core part of what we do is automatically analyze the websites of businesses we believe could benefit from our services, and generate sample prototypes and proposals as part of our outreach and sales process. Specifically:

  • Public website scraping: We use automated tools to fetch and analyze publicly accessible content from business websites, including page structure, copy, images, design patterns, performance metrics, SEO data, and visible business information.
  • Business profile enrichment: We combine that with publicly available data from sources listed in Section 2.3 to build a profile of the business.
  • AI-assisted analysis:We use AI services (see Section 4) to evaluate the business's current web presence and generate suggestions, copy, and design ideas.
  • Prototype generation: We may build a working prototype website using the information collected, and send it to the business as part of our outreach.

We only collect publicly available information for this purpose. If you are a business owner and would prefer that we not analyze your website, generate a prototype, or contact you about our services, please email us and we will remove your business from our pipeline and delete any information we have collected. See Section 11 (Your Rights) for details.

4. AI and Automated Processing

We use third-party AI services to analyze websites, draft copy, generate design ideas, summarize communications, and assist with internal operations. The AI services we currently use or may use include:

  • Anthropic (Claude API) — natural language analysis, copywriting, and code generation. Our primary AI vendor.
  • OpenAI (ChatGPT API) — supplementary language tasks
  • Google Gemini — supplementary language and image tasks
  • Fin.AI — customer support automation and conversation summarization
  • Other AI vendors as the field evolves and new tools become available

We will never train AI models on your data.We access these AI services through their commercial APIs, which by default do not use customer prompts or outputs to train the vendor's general-purpose models. Specifically, Anthropic's API terms state that customer data submitted via the Claude API is not used to train Anthropic's models, and we do not opt into any program that would change that. The same is true of OpenAI's API, Google's Gemini API, and the other vendors above when accessed via their business or developer APIs. We never enable training-feedback toggles on any AI service.

We do not feed sensitive personal information (passwords, payment details, government IDs, health information) into any AI service. If you would like a list of which specific AI services were used to process information related to your business, contact us and we will provide it.

5. Visitor Identification and Anonymous Tracking

To improve our website and provide a better experience, we track general browsing activity including page views, scroll depth, time spent on pages, and interactions with buttons and forms. This data is collected using a randomly generated identifier stored in a cookie.

Reverse IP and visitor de-anonymization:We may use third-party services (such as RB2B, Vector, Leadfeeder, or similar) that attempt to identify the business associated with a visitor's IP address. These services maintain databases that map known IP ranges to corporate networks. When a match is found, we may receive the business name, domain, industry, and (in some cases) contact information for individuals associated with that business.

We use this identification to (a) understand which businesses are interested in our services, (b) automatically generate proposals and prototypes for those businesses, and (c) reach out via email or other channels to offer our services. We do not use this identification for advertising without your explicit consent.

Important: If you are an individual visitor and we identify your associated business, you can opt out of all such identification and outreach at any time by emailing us. See Section 11. Visitors located in the European Union, United Kingdom, Switzerland, or Brazil are excluded from reverse IP lookup unless they have given explicit consent.

When you voluntarily submit a contact form or other inquiry, the information you provide (such as your name and email address) is linked to your previous browsing activity so we can understand your journey and serve you better.

6. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide, maintain, and improve our web design and development services
  • To create and deliver website prototypes, designs, and final products
  • To analyze publicly available business information and generate proposals
  • To identify businesses that may benefit from our services and conduct outreach
  • To communicate with you about your project, account, or our services
  • To process payments and manage billing for our services
  • To provide customer support and respond to inquiries
  • To manage your client portal account and change requests
  • To analyze and improve our website and business operations
  • To send service-related notices, marketing communications, and updates (you can opt out of marketing at any time)
  • To measure the performance of our marketing campaigns and advertising
  • To comply with legal obligations and enforce our terms
  • To detect, prevent, and address fraud, security issues, or technical problems

7. How We Share Your Information

We share your information with the following categories of recipients. We do not sell your information to data brokers, and we never put your personal information up for sale on any marketplace. However, under California's broad legal definitions, some of the sharing described below may technically qualify as “selling” or “sharing.” You have the right to opt out — see Section 12.

7.1 Service Providers and Processors

We use third-party services to operate our business. These providers only access your information as necessary to perform their services and are contractually obligated to protect it. They include:

  • Vercel — website hosting and edge computing
  • AWS Amplify — admin application hosting
  • Supabase — database and authentication
  • Stripe — payment processing
  • Resend — transactional and marketing email delivery
  • ConvertKit (Kit) — email newsletter and marketing automation (opt-in only)
  • Cloudflare — DNS and security (where applicable)
  • IONOS — domain DNS management

7.2 Analytics, Product Analytics, and Advertising Partners

We use the following services to understand site usage and (in the future) run advertising:

  • Google Analytics 4 (Google LLC) — measures site usage and traffic patterns
  • Microsoft Clarity (Microsoft Corporation) — captures how visitors interact with our website through behavioral metrics, heatmaps, and session replay so we can improve our products and services. Website usage data is captured using first- and third-party cookies and other tracking technologies to determine the popularity of pages, identify friction points, and detect usability issues. Clarity also helps us with site optimization, fraud and security purposes, and (where enabled) advertising. For more information about how Microsoft collects and uses this data, see the Microsoft Privacy Statement.
  • PostHog (PostHog Inc.) — product analytics, session replay, feature flag targeting, and A/B testing. PostHog helps us understand how visitors actually use the site (clicks, navigation paths, conversion funnels) so we can improve onboarding, fix broken flows, and ship better features. We use PostHog Cloud and have configured the SDK to mask text inputs and sensitive form fields by default. For more information, see the PostHog Privacy Policy.
  • Custom first-party visitor tracking — we operate our own lightweight tracking system (using a randomly generated wc_vid identifier stored in a first-party cookie) that records page views, scroll depth, time on page, and form interactions. This data is stored in our own database (Supabase) and is not shared with any third party except as described elsewhere in this policy. See Section 5 and Section 9.1.
  • Google Ads (Google LLC) — when enabled, measures ad performance and may be used for retargeting via Google Customer Match
  • Meta (Facebook/Instagram) advertising tools — when enabled, for retargeting
  • LinkedIn advertising tools — when enabled, for B2B outreach

When advertising tools are enabled, the data shared with those providers may be used by them for cross-context behavioral advertising and may technically qualify as “sharing” or “selling” under California law. You can opt out via the “Your Privacy Choices” link in our footer. Microsoft Clarity and PostHog are used for product improvement only and are not used to enable cross-context behavioral advertising on your behalf.

By using our website, you agree that we, Microsoft, and PostHog can collect and use the data described above. Visitors located in the European Union, United Kingdom, Switzerland, or Brazil are not opted into Microsoft Clarity, PostHog, or any analytics tracking until they give explicit consent through our cookie banner.

7.3 AI Service Providers

We share information with the AI service providers listed in Section 4 in order to perform language analysis, copywriting, and code generation. These providers process information on our behalf under terms that prohibit them from training their general-purpose models on your data, where such terms are available.

7.4 Data Enrichment and Identification Providers

We share IP addresses and basic visit data with reverse IP and B2B enrichment services (Section 2.3 and Section 5) in order to identify the businesses visiting our site and enrich our prospect database.

7.5 Other Disclosures

  • Legal requirements: We may disclose your information if required by law, regulation, legal process, or governmental request.
  • Protection of rights: We may disclose information to protect the rights, property, or safety of Wildcore Studio, our clients, or others.
  • Business transfers: If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.
  • With your consent: We may share your information with third parties when you have given us explicit consent.

8. Data Security

We implement industry-standard security measures to protect your personal information, including:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Secure password hashing (bcrypt) for client portal accounts
  • Row-level security policies on our database
  • Access controls limiting who can view and modify your information
  • Regular security assessments of our systems
  • Secure payment processing through PCI-compliant third parties (Stripe)

While we take reasonable measures to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

9. Cookies and Tracking Technologies

Our website uses cookies and similar technologies. We respect Global Privacy Control (GPC) signals from your browser as a request to opt out of cross-context behavioral advertising.

9.1 Types of Cookies

Strictly Necessary

  • wc_consent — stores your cookie preference so we respect it across visits
  • Session and security cookies required for the website and client portal to function

Analytics and Product Analytics

  • wc_vid, wc_sid — randomly generated first-party visitor and session identifiers used internally for our own tracking system. Stored for 90 days.
  • _ga, _ga_* — Google Analytics 4 cookies
  • _clck, _clsk, CLID, MUID, ANONCHK, MR, SM — Microsoft Clarity cookies used for session replay, heatmaps, and behavioral metrics. Set by both Clarity and Microsoft's shared advertising domains.
  • ph_*, posthog — PostHog cookies and local-storage entries used for product analytics, feature flags, and session replay

Marketing / Advertising

  • Google Ads conversion and remarketing cookies (when enabled)
  • Meta Pixel and LinkedIn Insight Tag (when enabled)

9.2 Managing Your Preferences

You can update your cookie preferences at any time by clicking “Cookie Settings” in the footer of any page. You can also control cookies through your browser settings. EU, UK, Swiss, and Brazilian visitors are shown a consent banner on first visit. Visitors elsewhere can opt out at any time via the same footer link.

9.3 Cookie Data Retention

  • Anonymous browsing data is retained for 90 days and then automatically deleted.
  • If you become an identified visitor (via form submission or reverse IP lookup), your browsing data linked to your contact information is retained for the duration of our business relationship plus a reasonable period thereafter.

10. Data Retention

We retain your personal information for as long as your account is active, as needed to provide you services, or as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. Project files, website content, and design assets are retained for the duration of your service agreement and for a reasonable period thereafter.

If you request deletion of your account or personal information, we will process your request within 30 days, subject to any legal obligations requiring us to retain certain information (such as tax records or fraud-prevention logs).

10a. Client Portal Activity Logging

When you sign in to the Wildcore Studio client portal (at admin.wildcore.studio/portal) using a magic link or password, we log your authenticated activity so we can provide, improve, and support the services you've engaged us to deliver. Specifically, we log:

  • Sign-in events (method — magic link or password — and timestamp)
  • Pages you view within the portal (dashboard, quote, messages, requests, settings)
  • Interactions with your personalized quote (which pricing tiers you select, which add-ons you toggle, which payment plan you choose, when you start checkout)
  • Files you download and invoices you view
  • Actions you take (submitting change requests, updating your profile, scheduling calls, changing your subscription)

Lawful basis (GDPR/UK GDPR): We process this activity data on the basis of contract performance — logging authenticated portal activity is necessary for us to deliver the web design, managed hosting, and support services set out in our agreement with you — and legitimate interest in operating, improving, and securing the portal.

Retention: Portal activity logs are retained for the duration of our working relationship with you, plus a reasonable period afterward for record-keeping, tax, and legal compliance. You can request deletion at any time (see Section 11).

Who sees this data: Only Wildcore Studio staff (which at the time of writing is Corey). We do not sell or share portal activity data with advertisers. Portal activity is not dual-written to Google Analytics or advertising tools.

11. Your Rights

Regardless of where you live, you have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate or incomplete information.
  • Deletion: Request deletion of your personal information. We will honor this request within 30 days, subject to legal obligations. This includes deletion of any prototype, proposal, or analysis we have generated about your business.
  • Portability: Request your data in a portable, machine-readable format.
  • Opt-out of marketing: Opt out of marketing communications at any time by clicking unsubscribe in any email or contacting us.
  • Opt-out of identification: Request that we exclude your business from reverse IP lookup, automated proposal generation, and outreach.
  • Restriction: Request restriction of processing in certain circumstances.
  • Withdraw consent: Where we rely on consent, you can withdraw it at any time.

To exercise any of these rights, email us at Corey@wildcore.studio. We will respond within 30 days. We will not discriminate against you for exercising any of these rights.

12. California Privacy Rights (CCPA / CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

  • Right to know what personal information we collect, how we use it, and who we share it with.
  • Right to delete your personal information, subject to legal exceptions.
  • Right to correct inaccurate personal information.
  • Right to opt out of sale or sharing. California defines “sale” and “sharing” very broadly. Some of our use of analytics, advertising, and reverse IP lookup may technically qualify. You can opt out at any time using the “Your Privacy Choices” link in our footer, or by emailing privacy@wildcore.studio. We will process your request within 15 business days.
  • Right to limit use of sensitive personal information.
  • Right to non-discrimination for exercising your privacy rights.

Global Privacy Control: We honor the GPC browser signal as a valid opt-out request. If your browser sends a GPC signal, we will not enable cross-context behavioral advertising for your visit.

13. EU, UK, Swiss, and Brazilian Privacy Rights

If you are located in the European Union, United Kingdom, Switzerland, or Brazil, you are protected by the GDPR, UK GDPR, FADP, or LGPD respectively. In addition to the rights listed in Section 11, you have:

  • The right to lodge a complaint with your local data protection authority
  • The right to know the legal basis on which we process your information (typically: legitimate interest, consent, or contract)
  • The right to object to processing based on legitimate interest

For visitors in these regions, we will not enable analytics or advertising cookies, and will not perform reverse IP lookup, until you have given explicit consent through our cookie banner.

14. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child under 18, we will delete that information promptly.

15. Third-Party Links

Our website and the websites we build for clients may contain links to third-party websites. We are not responsible for the privacy practices or content of those websites. We encourage you to read the privacy policies of any third-party websites you visit.

16. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the “Last updated” date. Your continued use of our services after any changes constitutes your acceptance of the updated policy.

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices — including requests to delete your data, opt out of sale or sharing, or get a list of third parties we've shared information with — you can reach us by:

  • Using the “Your Privacy Choices” link in our website footer to opt out immediately
  • Emailing us at Corey@wildcore.studio

Wildcore Studio
State of Florida, United States
We will respond to all privacy-related requests within 15 business days.