Privacy Policy
Last updated: 2026-05-16
WikiBusines ("we", "us", "WikiBusines") operates the website https://www.wikibusines.net and provides Wikipedia page creation, editing, monitoring, Wikidata, Reddit, Quora and AI visibility services. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and the rights you have over it.
If you have any questions about this Privacy Policy or how we handle your data, contact us at team@wikibusines.com.
1. Who is the data controller
The data controller for personal data processed in connection with this website and our services is:
WikiBusines Oresta Levytskoho Str, 11 Desnianskyi District 02116 Kyiv Ukraine Email: team@wikibusines.com
References to "GDPR" mean Regulation (EU) 2016/679 (General Data Protection Regulation), as supplemented by national implementing law in the country where you are located, including the UK GDPR for individuals in the United Kingdom.
2. What personal data we collect
We collect personal data in the following situations:
2.1 When you submit a lead form, contact form, or eligibility audit form
- Full name
- Email address
- Phone number or messenger handle (Telegram, WhatsApp, Viber, Messenger — optional)
- Company name and website (where applicable)
- Job title (enterprise form)
- Country of operation
- Service of interest, budget range, urgency, decision timeline
- Wikipedia page URLs you provide for assessment
- Reference URLs you provide as media sources for notability
- Any free-text message or notes you include
2.2 When you place an order through our self-checkout (Phase 2/3 product)
In addition to the data above:
- Billing name and billing address (for invoicing)
- VAT identification number (for B2B buyers)
- Payment method selection
- Payment-instrument details processed by our payment provider (we do not store full card numbers — see §6 on processors)
- Order metadata: items purchased, price, currency, timestamps, order status
2.3 When you visit the website
- IP address (truncated where lawful)
- Browser type, device type, operating system
- Pages visited, referrer URL, time spent
- UTM parameters and campaign attribution
- Cookies and similar technologies — see §9
2.4 When you contact us by email or messenger
The contents of the messages you send us, plus the metadata your client and ours attach (timestamps, sender identifier).
2.5 Data we do not intentionally collect
We do not knowingly collect:
- Special category data under Art. 9 GDPR (health, religion, political opinions, sexual orientation, biometrics, etc.) unless you voluntarily include it in a message to us — please avoid doing so.
- Data of children under 16. Our services are aimed at companies, professionals and adults. If you believe a child has provided us personal data, contact us and we will delete it.
3. Why we collect personal data and our legal bases
We process personal data on the legal bases set out in Art. 6(1) GDPR:
| Purpose | Legal basis |
|---|---|
| Responding to inquiries and lead forms | Art. 6(1)(b) — necessary to take steps at your request prior to entering a contract |
| Sending you a quote, scope document, or proposal | Art. 6(1)(b) — pre-contractual measures |
| Delivering services you've engaged us for | Art. 6(1)(b) — performance of contract |
| Invoicing, payment processing, accounting and tax compliance | Art. 6(1)(c) — legal obligation; Art. 6(1)(b) — contract |
| Sending service-related operational emails (delivery status, support replies) | Art. 6(1)(b) — performance of contract |
| Sending marketing emails to existing clients about similar services | Art. 6(1)(f) — legitimate interest; with right to object at any time |
| Sending marketing emails to non-clients (newsletter) | Art. 6(1)(a) — consent, freely opted-in via website form |
| Analytics and improving the website | Art. 6(1)(f) — legitimate interest; only privacy-friendly analytics by default, see §9 |
| Security, abuse prevention, rate-limiting | Art. 6(1)(f) — legitimate interest |
| Defending against legal claims | Art. 6(1)(f) — legitimate interest |
| Complying with court orders or regulator requests | Art. 6(1)(c) — legal obligation |
You can withdraw consent under Art. 6(1)(a) at any time without affecting the lawfulness of processing prior to withdrawal.
4. Who has access inside WikiBusines
Personal data is accessed inside WikiBusines on a need-to-know basis by:
- Sales and account management — for lead handling, quote preparation, and client communication.
- Editorial / production team — for content research, Wikipedia editing, Wikidata work, and monitoring. They access only the data needed to complete your project.
- Finance and operations — for invoicing, payments, and accounting.
- Engineering and IT — for site maintenance and incident response; routine work is performed on aggregated or anonymized data where possible.
All staff are bound by a confidentiality obligation.
5. Sharing with third parties
We do not sell personal data. We share personal data only with carefully selected processors and only as needed to deliver our services.
Categories of recipients
- Hosting and infrastructure — our website is hosted in the EU.
- Communication tools — email, messengers (we reply via the channel you used to contact us).
- Payment processors — for self-checkout orders.
- CRM / project management — for organising client work.
- Analytics — privacy-friendly analytics by default.
- Wikipedia / Wikidata / Reddit / Quora — these are public knowledge platforms. We do not share your private personal data with them. Anything we publish there is content you have approved as appropriate for public release, in accordance with each platform's own terms.
- Professional advisers — accountants, auditors, lawyers, subject to confidentiality.
- Public authorities — only where legally required.
See §6 for the named list of processors.
6. Named processors
| Processor | Purpose | Region | Safeguard |
|---|---|---|---|
| Hetzner Online GmbH | Web hosting | Germany (EU) | EU-based |
| Stripe Payments Europe, Ltd. | Card and SEPA payments | Ireland (EU) | EU-based |
| Telegram FZ-LLC | Operational notifications to internal ops chat | UAE | Standard Contractual Clauses |
| Postmark / SendGrid / [TODO: confirm SMTP provider] | Transactional email | US | Standard Contractual Clauses + DPF |
| Plausible Analytics / Google Analytics 4 | Website analytics | EU (Plausible) or EEA (GA4) | EU-based (Plausible) or DPF + SCCs (GA4) |
| ClickUp Inc. or equivalent | Project management of client work | US | Standard Contractual Clauses + DPF |
| n8n Cloud GmbH (or similar) | Workflow automation / CRM webhooks | EU | EU-based |
| Tron blockchain validators | USDT (TRC-20) payment routing | Public chain | Public ledger — no personal data attached to wallet addresses |
7. How long we keep personal data
| Type of data | Retention period |
|---|---|
| Lead forms we did not convert to a paid engagement | 24 months from last contact, then deleted |
| Lead forms where you asked us to delete them sooner | Deleted within 30 days of your request |
| Active client communications and project files | For the duration of our engagement + 24 months for service continuity |
| Invoices and accounting records | 10 years under German GoBD / HGB requirements |
| Self-checkout orders and payment records | 10 years (tax / accounting law) |
| Web analytics (aggregated, anonymized) | 26 months (GA4 default) or 0 days (Plausible — no individual visitor records) |
| Marketing newsletter consent records | Until you unsubscribe, then 12 months in suppression list |
| Security logs (web server, rate-limit, fraud) | 90 days, then aggregated or deleted |
8. International transfers
Where personal data is transferred outside the European Economic Area, we rely on one of the following safeguards under Chapter V GDPR:
- An adequacy decision by the European Commission (e.g., UK, Switzerland, EU-US Data Privacy Framework where applicable),
- Standard Contractual Clauses approved by the European Commission, with any necessary supplementary measures following Schrems II case-law,
- Your explicit consent under Art. 49(1)(a) GDPR for a specific transfer where no other safeguard applies.
You may request a copy of the safeguards in place by emailing team@wikibusines.com.
9. Cookies and tracking technologies
When you first visit our website you'll see a cookie consent banner. We use:
- Strictly necessary cookies — required for the site to function (e.g., CSRF tokens, cart persistence on self-checkout, consent state). These do not require consent under Art. 5(3) of the ePrivacy Directive.
- Analytics cookies / similar tech — only loaded after you give consent. By default we run Plausible Analytics (cookie-less, no personal-data collection). If we run Google Analytics 4 it is loaded only after consent.
- Marketing pixels (Meta Pixel, etc.) — only loaded after explicit consent.
You can change your consent at any time by clicking the "Cookie settings" link in the website footer. Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.
10. Your rights
Under the GDPR and equivalent laws, you have the following rights:
- Right of access (Art. 15) — to know what personal data we hold about you and obtain a copy.
- Right to rectification (Art. 16) — to have inaccurate data corrected.
- Right to erasure (Art. 17, "right to be forgotten") — to have your personal data deleted, subject to the legal bases under which we hold it.
- Right to restriction of processing (Art. 18).
- Right to data portability (Art. 20) — to receive your data in a structured, commonly used, machine-readable format.
- Right to object (Art. 21) — including to direct marketing at any time.
- Right not to be subject to automated decision-making (Art. 22). We do not make decisions about you that produce legal or similarly significant effects solely based on automated processing.
- Right to withdraw consent (Art. 7(3)) — where processing is based on consent.
- Right to lodge a complaint with a supervisory authority — see §13.
To exercise any of these rights, email team@wikibusines.com from the address you previously used to contact us, or include enough information for us to identify you reliably. We will respond within one month of receiving a verified request (extendable by two further months for complex requests).
We do not charge for exercising your rights, except where a request is manifestly unfounded or excessive (Art. 12(5) GDPR).
11. Wikipedia, Wikidata, Reddit, Quora and AI systems
A note specific to our work:
- The articles we help create or edit on Wikipedia, Wikidata, Reddit, Quora and similar platforms are governed by those platforms' own policies and community processes, not by us. We do not control how those platforms handle the content after publication.
- The content we publish on those platforms typically describes companies, brands, products and public figures based on public, verifiable sources. We do not publish private personal data about our clients without their explicit instruction.
- Large language model providers (OpenAI, Anthropic, Google, xAI, Perplexity and others) may include public Wikipedia / Wikidata / Reddit / Quora content in their training and retrieval systems. This is independent of WikiBusines and is governed by those providers' policies.
- If you are a subject of an article we have helped create and wish to request changes, the proper route under Wikipedia policy is to disclose any conflict of interest on the article's talk page or to request edits through the platform's standard processes. We can advise you on the policy-compliant route and prepare the proposed text.
12. Security
We apply technical and organisational measures appropriate to the risk (Art. 32 GDPR), including:
- TLS encryption for all traffic to our website and APIs.
- Encrypted storage at rest for our databases and backups.
- Access control on a least-privilege basis with multi-factor authentication for administrative interfaces.
- Regular updates and security patching of dependencies.
- Rate-limiting and bot/abuse detection on lead and checkout endpoints.
- Logging and monitoring of administrative activity.
- Vendor due-diligence and Data Processing Agreements with our processors.
No system is fully immune to attack. In case of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority within 72 hours under Art. 33 GDPR, and, where required, inform you under Art. 34 GDPR.
13. How to lodge a complaint
If you believe our processing of your personal data infringes the GDPR, you have the right to complain to a supervisory authority — in particular in the country where you live, work, or where the alleged infringement took place.
The lead authority for our operations (data controller established in Ukraine) is:
Ukrainian Parliament Commissioner for Human Rights (Ombudsman) 21/8 Instytutska Str., 01008 Kyiv, Ukraine https://www.ombudsman.gov.ua
If you are located in the European Union, you may also lodge a complaint with the data protection authority of your EU member state of habitual residence, place of work, or place of the alleged infringement (Art. 77 GDPR). If you are in the United Kingdom, you may contact the Information Commissioner's Office (ICO) at https://ico.org.uk.
We would, however, appreciate the chance to address your concerns directly first — email team@wikibusines.com.
14. Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, services, processors, or applicable law. We will post the updated version at this URL with a new "Last updated" date. If the change is material, we will additionally notify clients with active engagements by email.
You can review prior versions of this Privacy Policy by contacting team@wikibusines.com.
15. Contact
For any privacy-related question, request, or complaint:
WikiBusines — Privacy contact Email: team@wikibusines.com Postal: Oresta Levytskoho Str, 11, Desnianskyi District, 02116 Kyiv, Ukraine