web-agent-bridge 1.1.2 → 2.0.0

package/public/privacy.html

@@ -1,295 +1,295 @@
-<!DOCTYPE html>
-<html lang="en" dir="ltr">
-<head>
-  <meta charset="UTF-8">
-  <meta name="viewport" content="width=device-width, initial-scale=1.0">
-  <title>Privacy Policy — Web Agent Bridge</title>
-  <meta name="description" content="Privacy Policy for Web Agent Bridge. GDPR and AVG compliant.">
-  <link rel="preconnect" href="https://fonts.googleapis.com">
-  <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
-  <link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700;800;900&family=JetBrains+Mono:wght@400;500;600&display=swap" rel="stylesheet">
-  <link rel="stylesheet" href="/css/styles.css">
-</head>
-<body>
-
-  <nav class="navbar" id="navbar">
-    <div class="container">
-      <a href="/" class="navbar-brand">
-        <div class="brand-icon">⚡</div>
-        <span>WAB</span>
-      </a>
-      <ul class="navbar-links">
-        <li><a href="/#features">Features</a></li>
-        <li><a href="/#pricing">Pricing</a></li>
-        <li><a href="/docs">Docs</a></li>
-      </ul>
-      <div class="navbar-actions">
-        <a href="/login" class="btn btn-ghost">Sign In</a>
-        <a href="/register" class="btn btn-primary btn-sm">Get Started</a>
-      </div>
-    </div>
-  </nav>
-
-  <div class="container" style="padding-top: 120px; padding-bottom: 80px; max-width: 800px;">
-    <div class="section-header" style="text-align: left;">
-      <span class="label">Legal</span>
-      <h1 style="font-size: 2.2rem;">Privacy Policy</h1>
-      <p style="max-width: 100%;">Last updated: March 22, 2026</p>
-    </div>
-
-    <div class="docs-content">
-
-      <h2 id="introduction">1. Introduction</h2>
-      <p>
-        Web Agent Bridge ("WAB", "we", "us", "our") is an open-source middleware platform operated from the Netherlands. 
-        We are committed to protecting your personal data in accordance with the <strong>General Data Protection Regulation (GDPR — EU 2016/679)</strong> 
-        and the <strong>Dutch Implementation Act (Uitvoeringswet AVG / UAVG)</strong>.
-      </p>
-      <p>
-        This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our website 
-        (<strong>webagentbridge.com</strong>), our services, and our open-source software.
-      </p>
-
-      <h2 id="controller">2. Data Controller</h2>
-      <p>The data controller responsible for your personal data is:</p>
-      <div style="background: var(--bg-surface); border: 1px solid var(--border-color); border-radius: var(--radius-md); padding: 20px; margin: 16px 0;">
-        <strong>Web Agent Bridge</strong><br>
-        The Netherlands<br>
-        Email: <a href="mailto:privacy@webagentbridge.com" style="color: var(--accent-blue);">privacy@webagentbridge.com</a>
-      </div>
-
-      <h2 id="data-collected">3. What Data We Collect</h2>
-      <h3>3.1 Account Data</h3>
-      <p>When you register for an account, we collect:</p>
-      <ul>
-        <li><strong>Name</strong> — to personalize your account</li>
-        <li><strong>Email address</strong> — for authentication and communication</li>
-        <li><strong>Password</strong> — stored as a bcrypt hash (we never store plain-text passwords)</li>
-        <li><strong>Company name</strong> (optional) — for billing purposes</li>
-      </ul>
-
-      <h3>3.2 Site & License Data</h3>
-      <p>When you add a site to WAB, we collect:</p>
-      <ul>
-        <li>Domain name and site name</li>
-        <li>Configuration preferences (permissions, restrictions)</li>
-        <li>Generated license keys (unique identifiers)</li>
-        <li>Subscription tier information</li>
-      </ul>
-
-      <h3>3.3 Analytics Data</h3>
-      <p>When the WAB bridge script is active on your website, we collect anonymous interaction data:</p>
-      <ul>
-        <li>Action names triggered by AI agents (e.g., "click-signup")</li>
-        <li>Agent identifiers (if provided by the agent)</li>
-        <li>Trigger type (click, fill, scroll, etc.)</li>
-        <li>Success/failure status</li>
-        <li>Timestamps</li>
-      </ul>
-      <p><strong>We do not collect personal data from your website's end users.</strong> Analytics are about AI agent behavior only.</p>
-
-      <h3>3.4 Payment Data</h3>
-      <p>
-        Payment processing is handled by <strong>Stripe, Inc.</strong> We do not store your credit card details. 
-        Stripe processes payments in accordance with PCI DSS standards. See 
-        <a href="https://stripe.com/privacy" style="color: var(--accent-blue);" target="_blank" rel="noopener">Stripe's Privacy Policy</a>.
-      </p>
-
-      <h3>3.5 Technical Data</h3>
-      <p>Our server automatically collects:</p>
-      <ul>
-        <li>IP address (used for rate limiting and security only, not stored long-term)</li>
-        <li>HTTP request logs (retained for 30 days for security monitoring)</li>
-      </ul>
-
-      <h2 id="legal-basis">4. Legal Basis for Processing (GDPR Art. 6)</h2>
-      <table style="width: 100%; border-collapse: collapse; margin: 16px 0;">
-        <thead>
-          <tr style="border-bottom: 2px solid var(--border-color);">
-            <th style="text-align: left; padding: 12px; color: var(--text-primary);">Purpose</th>
-            <th style="text-align: left; padding: 12px; color: var(--text-primary);">Legal Basis</th>
-          </tr>
-        </thead>
-        <tbody>
-          <tr style="border-bottom: 1px solid var(--border-color);">
-            <td style="padding: 12px; color: var(--text-secondary);">Account creation & service delivery</td>
-            <td style="padding: 12px; color: var(--text-secondary);">Contract performance (Art. 6(1)(b))</td>
-          </tr>
-          <tr style="border-bottom: 1px solid var(--border-color);">
-            <td style="padding: 12px; color: var(--text-secondary);">Payment processing</td>
-            <td style="padding: 12px; color: var(--text-secondary);">Contract performance (Art. 6(1)(b))</td>
-          </tr>
-          <tr style="border-bottom: 1px solid var(--border-color);">
-            <td style="padding: 12px; color: var(--text-secondary);">Security & abuse prevention</td>
-            <td style="padding: 12px; color: var(--text-secondary);">Legitimate interest (Art. 6(1)(f))</td>
-          </tr>
-          <tr style="border-bottom: 1px solid var(--border-color);">
-            <td style="padding: 12px; color: var(--text-secondary);">Analytics (AI agent behavior)</td>
-            <td style="padding: 12px; color: var(--text-secondary);">Legitimate interest (Art. 6(1)(f))</td>
-          </tr>
-          <tr style="border-bottom: 1px solid var(--border-color);">
-            <td style="padding: 12px; color: var(--text-secondary);">Cookies (non-essential)</td>
-            <td style="padding: 12px; color: var(--text-secondary);">Consent (Art. 6(1)(a))</td>
-          </tr>
-          <tr>
-            <td style="padding: 12px; color: var(--text-secondary);">Legal obligations (Dutch tax law)</td>
-            <td style="padding: 12px; color: var(--text-secondary);">Legal obligation (Art. 6(1)(c))</td>
-          </tr>
-        </tbody>
-      </table>
-
-      <h2 id="data-sharing">5. Data Sharing & Transfers</h2>
-      <p>We share personal data only with:</p>
-      <ul>
-        <li><strong>Stripe, Inc.</strong> (USA) — Payment processing, with EU Standard Contractual Clauses (SCCs)</li>
-        <li><strong>Server hosting provider</strong> — Infrastructure only, no access to application data</li>
-      </ul>
-      <p>We do not sell, rent, or trade your personal data to third parties.</p>
-      <p>
-        Where data is transferred outside the EEA, we ensure appropriate safeguards are in place 
-        (Standard Contractual Clauses or adequacy decisions per GDPR Art. 46).
-      </p>
-
-      <h2 id="retention">6. Data Retention</h2>
-      <table style="width: 100%; border-collapse: collapse; margin: 16px 0;">
-        <thead>
-          <tr style="border-bottom: 2px solid var(--border-color);">
-            <th style="text-align: left; padding: 12px; color: var(--text-primary);">Data Type</th>
-            <th style="text-align: left; padding: 12px; color: var(--text-primary);">Retention Period</th>
-          </tr>
-        </thead>
-        <tbody>
-          <tr style="border-bottom: 1px solid var(--border-color);">
-            <td style="padding: 12px; color: var(--text-secondary);">Account data</td>
-            <td style="padding: 12px; color: var(--text-secondary);">Until account deletion + 30 days</td>
-          </tr>
-          <tr style="border-bottom: 1px solid var(--border-color);">
-            <td style="padding: 12px; color: var(--text-secondary);">Analytics data</td>
-            <td style="padding: 12px; color: var(--text-secondary);">90 days (auto-purged)</td>
-          </tr>
-          <tr style="border-bottom: 1px solid var(--border-color);">
-            <td style="padding: 12px; color: var(--text-secondary);">Payment records</td>
-            <td style="padding: 12px; color: var(--text-secondary);">7 years (Dutch fiscal obligation — Belastingdienst)</td>
-          </tr>
-          <tr>
-            <td style="padding: 12px; color: var(--text-secondary);">Server logs</td>
-            <td style="padding: 12px; color: var(--text-secondary);">30 days</td>
-          </tr>
-        </tbody>
-      </table>
-
-      <h2 id="rights">7. Your Rights (GDPR Art. 15–22)</h2>
-      <p>As an EU/EEA resident, you have the right to:</p>
-      <ul>
-        <li><strong>Access</strong> — Request a copy of your personal data</li>
-        <li><strong>Rectification</strong> — Correct inaccurate data</li>
-        <li><strong>Erasure</strong> ("Right to be forgotten") — Request deletion of your data</li>
-        <li><strong>Restriction</strong> — Restrict processing of your data</li>
-        <li><strong>Data portability</strong> — Receive your data in a structured, machine-readable format</li>
-        <li><strong>Object</strong> — Object to processing based on legitimate interest</li>
-        <li><strong>Withdraw consent</strong> — At any time, without affecting prior processing</li>
-      </ul>
-      <p>
-        To exercise any of these rights, contact us at 
-        <a href="mailto:privacy@webagentbridge.com" style="color: var(--accent-blue);">privacy@webagentbridge.com</a>. 
-        We will respond within <strong>30 days</strong> as required by GDPR.
-      </p>
-
-      <h2 id="cookies">8. Cookies</h2>
-      <p>
-        We use minimal cookies. For full details, see our <a href="/cookies" style="color: var(--accent-blue);">Cookie Policy</a>.
-      </p>
-      <ul>
-        <li><strong>Essential cookies</strong> — Authentication session (JWT token) — no consent required</li>
-        <li><strong>No tracking cookies</strong> — We do not use Google Analytics, Facebook Pixel, or similar trackers</li>
-      </ul>
-
-      <h2 id="open-source">9. Open Source & Self-Hosting</h2>
-      <p>
-        WAB is open-source software licensed under the <strong>MIT License</strong>. If you self-host WAB, 
-        <strong>you become the data controller</strong> for any personal data processed by your instance. 
-        This privacy policy applies only to the hosted service at <strong>webagentbridge.com</strong>.
-      </p>
-
-      <h2 id="children">10. Children's Data</h2>
-      <p>
-        WAB is not directed at children under 16 years of age (per Dutch UAVG Art. 5). 
-        We do not knowingly collect personal data from children. If we learn we have collected 
-        data from a child, we will delete it promptly.
-      </p>
-
-      <h2 id="security">11. Security Measures</h2>
-      <p>We implement appropriate technical and organizational measures including:</p>
-      <ul>
-        <li>TLS/SSL encryption for all connections</li>
-        <li>Bcrypt password hashing</li>
-        <li>Domain-locked session tokens</li>
-        <li>Rate limiting and abuse detection</li>
-        <li>Regular security updates</li>
-      </ul>
-
-      <h2 id="dpa">12. Supervisory Authority</h2>
-      <p>
-        If you believe we have not handled your data correctly, you have the right to lodge a complaint with the 
-        Dutch Data Protection Authority (Autoriteit Persoonsgegevens):
-      </p>
-      <div style="background: var(--bg-surface); border: 1px solid var(--border-color); border-radius: var(--radius-md); padding: 20px; margin: 16px 0;">
-        <strong>Autoriteit Persoonsgegevens</strong><br>
-        Postbus 93374, 2509 AJ Den Haag<br>
-        Website: <a href="https://autoriteitpersoonsgegevens.nl" style="color: var(--accent-blue);" target="_blank" rel="noopener">autoriteitpersoonsgegevens.nl</a><br>
-        Phone: +31 (0)70 888 8500
-      </div>
-
-      <h2 id="changes">13. Changes to This Policy</h2>
-      <p>
-        We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated 
-        "Last updated" date. For significant changes, we will notify registered users via email.
-      </p>
-
-      <h2 id="contact">14. Contact</h2>
-      <p>
-        For privacy-related questions or to exercise your data rights:<br>
-        Email: <a href="mailto:privacy@webagentbridge.com" style="color: var(--accent-blue);">privacy@webagentbridge.com</a>
-      </p>
-    </div>
-  </div>
-
-  <footer class="footer">
-    <div class="container">
-      <div class="footer-grid">
-        <div class="footer-brand">
-          <a href="/" class="navbar-brand"><div class="brand-icon">⚡</div><span>Web Agent Bridge</span></a>
-          <p>Open protocol + runtime for AI agent ↔ website interaction.</p>
-        </div>
-        <div class="footer-col">
-          <h4>Product</h4>
-          <ul>
-            <li><a href="/#features">Features</a></li>
-            <li><a href="/#pricing">Pricing</a></li>
-            <li><a href="/docs">Documentation</a></li>
-          </ul>
-        </div>
-        <div class="footer-col">
-          <h4>Developers</h4>
-          <ul>
-            <li><a href="/docs#quick-start">Quick Start</a></li>
-            <li><a href="/docs#api-reference">API Reference</a></li>
-            <li><a href="https://github.com/abokenan444/web-agent-bridge" target="_blank" rel="noopener">GitHub</a></li>
-          </ul>
-        </div>
-        <div class="footer-col">
-          <h4>Legal</h4>
-          <ul>
-            <li><a href="/privacy">Privacy Policy</a></li>
-            <li><a href="/terms">Terms of Service</a></li>
-            <li><a href="/cookies">Cookie Policy</a></li>
-          </ul>
-        </div>
-      </div>
-      <div class="footer-bottom">
-        <span>&copy; 2026 Web Agent Bridge. MIT License. Operated from the Netherlands.</span>
-      </div>
-    </div>
-  </footer>
-</body>
-</html>
+<!DOCTYPE html>
+<html lang="en" dir="ltr">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>Privacy Policy — Web Agent Bridge</title>
+  <meta name="description" content="Privacy Policy for Web Agent Bridge. GDPR and AVG compliant.">
+  <link rel="preconnect" href="https://fonts.googleapis.com">
+  <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
+  <link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700;800;900&family=JetBrains+Mono:wght@400;500;600&display=swap" rel="stylesheet">
+  <link rel="stylesheet" href="/css/styles.css">
+</head>
+<body>
+
+  <nav class="navbar" id="navbar">
+    <div class="container">
+      <a href="/" class="navbar-brand">
+        <div class="brand-icon">⚡</div>
+        <span>WAB</span>
+      </a>
+      <ul class="navbar-links">
+        <li><a href="/#features">Features</a></li>
+        <li><a href="/#pricing">Pricing</a></li>
+        <li><a href="/docs">Docs</a></li>
+      </ul>
+      <div class="navbar-actions">
+        <a href="/login" class="btn btn-ghost">Sign In</a>
+        <a href="/register" class="btn btn-primary btn-sm">Get Started</a>
+      </div>
+    </div>
+  </nav>
+
+  <div class="container" style="padding-top: 120px; padding-bottom: 80px; max-width: 800px;">
+    <div class="section-header" style="text-align: left;">
+      <span class="label">Legal</span>
+      <h1 style="font-size: 2.2rem;">Privacy Policy</h1>
+      <p style="max-width: 100%;">Last updated: March 22, 2026</p>
+    </div>
+
+    <div class="docs-content">
+
+      <h2 id="introduction">1. Introduction</h2>
+      <p>
+        Web Agent Bridge ("WAB", "we", "us", "our") is an open-source middleware platform operated from the Netherlands. 
+        We are committed to protecting your personal data in accordance with the <strong>General Data Protection Regulation (GDPR — EU 2016/679)</strong> 
+        and the <strong>Dutch Implementation Act (Uitvoeringswet AVG / UAVG)</strong>.
+      </p>
+      <p>
+        This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our website 
+        (<strong>webagentbridge.com</strong>), our services, and our open-source software.
+      </p>
+
+      <h2 id="controller">2. Data Controller</h2>
+      <p>The data controller responsible for your personal data is:</p>
+      <div style="background: var(--bg-surface); border: 1px solid var(--border-color); border-radius: var(--radius-md); padding: 20px; margin: 16px 0;">
+        <strong>Web Agent Bridge</strong><br>
+        The Netherlands<br>
+        Email: <a href="mailto:privacy@webagentbridge.com" style="color: var(--accent-blue);">privacy@webagentbridge.com</a>
+      </div>
+
+      <h2 id="data-collected">3. What Data We Collect</h2>
+      <h3>3.1 Account Data</h3>
+      <p>When you register for an account, we collect:</p>
+      <ul>
+        <li><strong>Name</strong> — to personalize your account</li>
+        <li><strong>Email address</strong> — for authentication and communication</li>
+        <li><strong>Password</strong> — stored as a bcrypt hash (we never store plain-text passwords)</li>
+        <li><strong>Company name</strong> (optional) — for billing purposes</li>
+      </ul>
+
+      <h3>3.2 Site & License Data</h3>
+      <p>When you add a site to WAB, we collect:</p>
+      <ul>
+        <li>Domain name and site name</li>
+        <li>Configuration preferences (permissions, restrictions)</li>
+        <li>Generated license keys (unique identifiers)</li>
+        <li>Subscription tier information</li>
+      </ul>
+
+      <h3>3.3 Analytics Data</h3>
+      <p>When the WAB bridge script is active on your website, we collect anonymous interaction data:</p>
+      <ul>
+        <li>Action names triggered by AI agents (e.g., "click-signup")</li>
+        <li>Agent identifiers (if provided by the agent)</li>
+        <li>Trigger type (click, fill, scroll, etc.)</li>
+        <li>Success/failure status</li>
+        <li>Timestamps</li>
+      </ul>
+      <p><strong>We do not collect personal data from your website's end users.</strong> Analytics are about AI agent behavior only.</p>
+
+      <h3>3.4 Payment Data</h3>
+      <p>
+        Payment processing is handled by <strong>Stripe, Inc.</strong> We do not store your credit card details. 
+        Stripe processes payments in accordance with PCI DSS standards. See 
+        <a href="https://stripe.com/privacy" style="color: var(--accent-blue);" target="_blank" rel="noopener">Stripe's Privacy Policy</a>.
+      </p>
+
+      <h3>3.5 Technical Data</h3>
+      <p>Our server automatically collects:</p>
+      <ul>
+        <li>IP address (used for rate limiting and security only, not stored long-term)</li>
+        <li>HTTP request logs (retained for 30 days for security monitoring)</li>
+      </ul>
+
+      <h2 id="legal-basis">4. Legal Basis for Processing (GDPR Art. 6)</h2>
+      <table style="width: 100%; border-collapse: collapse; margin: 16px 0;">
+        <thead>
+          <tr style="border-bottom: 2px solid var(--border-color);">
+            <th style="text-align: left; padding: 12px; color: var(--text-primary);">Purpose</th>
+            <th style="text-align: left; padding: 12px; color: var(--text-primary);">Legal Basis</th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr style="border-bottom: 1px solid var(--border-color);">
+            <td style="padding: 12px; color: var(--text-secondary);">Account creation & service delivery</td>
+            <td style="padding: 12px; color: var(--text-secondary);">Contract performance (Art. 6(1)(b))</td>
+          </tr>
+          <tr style="border-bottom: 1px solid var(--border-color);">
+            <td style="padding: 12px; color: var(--text-secondary);">Payment processing</td>
+            <td style="padding: 12px; color: var(--text-secondary);">Contract performance (Art. 6(1)(b))</td>
+          </tr>
+          <tr style="border-bottom: 1px solid var(--border-color);">
+            <td style="padding: 12px; color: var(--text-secondary);">Security & abuse prevention</td>
+            <td style="padding: 12px; color: var(--text-secondary);">Legitimate interest (Art. 6(1)(f))</td>
+          </tr>
+          <tr style="border-bottom: 1px solid var(--border-color);">
+            <td style="padding: 12px; color: var(--text-secondary);">Analytics (AI agent behavior)</td>
+            <td style="padding: 12px; color: var(--text-secondary);">Legitimate interest (Art. 6(1)(f))</td>
+          </tr>
+          <tr style="border-bottom: 1px solid var(--border-color);">
+            <td style="padding: 12px; color: var(--text-secondary);">Cookies (non-essential)</td>
+            <td style="padding: 12px; color: var(--text-secondary);">Consent (Art. 6(1)(a))</td>
+          </tr>
+          <tr>
+            <td style="padding: 12px; color: var(--text-secondary);">Legal obligations (Dutch tax law)</td>
+            <td style="padding: 12px; color: var(--text-secondary);">Legal obligation (Art. 6(1)(c))</td>
+          </tr>
+        </tbody>
+      </table>
+
+      <h2 id="data-sharing">5. Data Sharing & Transfers</h2>
+      <p>We share personal data only with:</p>
+      <ul>
+        <li><strong>Stripe, Inc.</strong> (USA) — Payment processing, with EU Standard Contractual Clauses (SCCs)</li>
+        <li><strong>Server hosting provider</strong> — Infrastructure only, no access to application data</li>
+      </ul>
+      <p>We do not sell, rent, or trade your personal data to third parties.</p>
+      <p>
+        Where data is transferred outside the EEA, we ensure appropriate safeguards are in place 
+        (Standard Contractual Clauses or adequacy decisions per GDPR Art. 46).
+      </p>
+
+      <h2 id="retention">6. Data Retention</h2>
+      <table style="width: 100%; border-collapse: collapse; margin: 16px 0;">
+        <thead>
+          <tr style="border-bottom: 2px solid var(--border-color);">
+            <th style="text-align: left; padding: 12px; color: var(--text-primary);">Data Type</th>
+            <th style="text-align: left; padding: 12px; color: var(--text-primary);">Retention Period</th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr style="border-bottom: 1px solid var(--border-color);">
+            <td style="padding: 12px; color: var(--text-secondary);">Account data</td>
+            <td style="padding: 12px; color: var(--text-secondary);">Until account deletion + 30 days</td>
+          </tr>
+          <tr style="border-bottom: 1px solid var(--border-color);">
+            <td style="padding: 12px; color: var(--text-secondary);">Analytics data</td>
+            <td style="padding: 12px; color: var(--text-secondary);">90 days (auto-purged)</td>
+          </tr>
+          <tr style="border-bottom: 1px solid var(--border-color);">
+            <td style="padding: 12px; color: var(--text-secondary);">Payment records</td>
+            <td style="padding: 12px; color: var(--text-secondary);">7 years (Dutch fiscal obligation — Belastingdienst)</td>
+          </tr>
+          <tr>
+            <td style="padding: 12px; color: var(--text-secondary);">Server logs</td>
+            <td style="padding: 12px; color: var(--text-secondary);">30 days</td>
+          </tr>
+        </tbody>
+      </table>
+
+      <h2 id="rights">7. Your Rights (GDPR Art. 15–22)</h2>
+      <p>As an EU/EEA resident, you have the right to:</p>
+      <ul>
+        <li><strong>Access</strong> — Request a copy of your personal data</li>
+        <li><strong>Rectification</strong> — Correct inaccurate data</li>
+        <li><strong>Erasure</strong> ("Right to be forgotten") — Request deletion of your data</li>
+        <li><strong>Restriction</strong> — Restrict processing of your data</li>
+        <li><strong>Data portability</strong> — Receive your data in a structured, machine-readable format</li>
+        <li><strong>Object</strong> — Object to processing based on legitimate interest</li>
+        <li><strong>Withdraw consent</strong> — At any time, without affecting prior processing</li>
+      </ul>
+      <p>
+        To exercise any of these rights, contact us at 
+        <a href="mailto:privacy@webagentbridge.com" style="color: var(--accent-blue);">privacy@webagentbridge.com</a>. 
+        We will respond within <strong>30 days</strong> as required by GDPR.
+      </p>
+
+      <h2 id="cookies">8. Cookies</h2>
+      <p>
+        We use minimal cookies. For full details, see our <a href="/cookies" style="color: var(--accent-blue);">Cookie Policy</a>.
+      </p>
+      <ul>
+        <li><strong>Essential cookies</strong> — Authentication session (JWT token) — no consent required</li>
+        <li><strong>No tracking cookies</strong> — We do not use Google Analytics, Facebook Pixel, or similar trackers</li>
+      </ul>
+
+      <h2 id="open-source">9. Open Source & Self-Hosting</h2>
+      <p>
+        WAB is open-source software licensed under the <strong>MIT License</strong>. If you self-host WAB, 
+        <strong>you become the data controller</strong> for any personal data processed by your instance. 
+        This privacy policy applies only to the hosted service at <strong>webagentbridge.com</strong>.
+      </p>
+
+      <h2 id="children">10. Children's Data</h2>
+      <p>
+        WAB is not directed at children under 16 years of age (per Dutch UAVG Art. 5). 
+        We do not knowingly collect personal data from children. If we learn we have collected 
+        data from a child, we will delete it promptly.
+      </p>
+
+      <h2 id="security">11. Security Measures</h2>
+      <p>We implement appropriate technical and organizational measures including:</p>
+      <ul>
+        <li>TLS/SSL encryption for all connections</li>
+        <li>Bcrypt password hashing</li>
+        <li>Domain-locked session tokens</li>
+        <li>Rate limiting and abuse detection</li>
+        <li>Regular security updates</li>
+      </ul>
+
+      <h2 id="dpa">12. Supervisory Authority</h2>
+      <p>
+        If you believe we have not handled your data correctly, you have the right to lodge a complaint with the 
+        Dutch Data Protection Authority (Autoriteit Persoonsgegevens):
+      </p>
+      <div style="background: var(--bg-surface); border: 1px solid var(--border-color); border-radius: var(--radius-md); padding: 20px; margin: 16px 0;">
+        <strong>Autoriteit Persoonsgegevens</strong><br>
+        Postbus 93374, 2509 AJ Den Haag<br>
+        Website: <a href="https://autoriteitpersoonsgegevens.nl" style="color: var(--accent-blue);" target="_blank" rel="noopener">autoriteitpersoonsgegevens.nl</a><br>
+        Phone: +31 (0)70 888 8500
+      </div>
+
+      <h2 id="changes">13. Changes to This Policy</h2>
+      <p>
+        We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated 
+        "Last updated" date. For significant changes, we will notify registered users via email.
+      </p>
+
+      <h2 id="contact">14. Contact</h2>
+      <p>
+        For privacy-related questions or to exercise your data rights:<br>
+        Email: <a href="mailto:privacy@webagentbridge.com" style="color: var(--accent-blue);">privacy@webagentbridge.com</a>
+      </p>
+    </div>
+  </div>
+
+  <footer class="footer">
+    <div class="container">
+      <div class="footer-grid">
+        <div class="footer-brand">
+          <a href="/" class="navbar-brand"><div class="brand-icon">⚡</div><span>Web Agent Bridge</span></a>
+          <p>Open-source middleware for AI agent and website interaction.</p>
+        </div>
+        <div class="footer-col">
+          <h4>Product</h4>
+          <ul>
+            <li><a href="/#features">Features</a></li>
+            <li><a href="/#pricing">Pricing</a></li>
+            <li><a href="/docs">Documentation</a></li>
+          </ul>
+        </div>
+        <div class="footer-col">
+          <h4>Developers</h4>
+          <ul>
+            <li><a href="/docs#quick-start">Quick Start</a></li>
+            <li><a href="/docs#api-reference">API Reference</a></li>
+            <li><a href="https://github.com/abokenan444/web-agent-bridge" target="_blank" rel="noopener">GitHub</a></li>
+          </ul>
+        </div>
+        <div class="footer-col">
+          <h4>Legal</h4>
+          <ul>
+            <li><a href="/privacy">Privacy Policy</a></li>
+            <li><a href="/terms">Terms of Service</a></li>
+            <li><a href="/cookies">Cookie Policy</a></li>
+          </ul>
+        </div>
+      </div>
+      <div class="footer-bottom">
+        <span>&copy; 2026 Web Agent Bridge. MIT License. Operated from the Netherlands.</span>
+      </div>
+    </div>
+  </footer>
+</body>
+</html>