← Back to Website Bonanza

Privacy Policy

Last updated: May 2, 2026

Website Bonanza ("we," "us," or "our") is a brand operated by MF Automations LLC, the data controller for the personal information described in this Policy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use thewebsitebonanza.com and our services.

1. Data Controller & Contact

• Controller: MF Automations LLC, a Florida limited liability company
• Mailing address: 8025 NW 4th Ave, Miami, FL 33150, United States
• Email: support@thewebsitebonanza.com
• Phone: +1 (305) 204-3886
• Data Protection Officer (DPO): not appointed (we are not engaged in large-scale processing of special-category data; if our processing changes such that a DPO is required, we will publish DPO contact details here).
• EU / UK representative: we do not currently maintain an Article 27 representative in the EU or UK; if you are an EU/UK data subject and need to reach a representative, email support@thewebsitebonanza.com and we will route your request directly.

2. Information We Collect

Information you provide directly:

• Email address — collected when you use the Spin-to-Win wheel, enter the checkout flow, or contact support
• Name and phone number — optionally collected during checkout
• Creative brief content — business information, design preferences, content, and uploaded assets you provide for your project
• Support communications — emails and messages sent to our support team

Information collected automatically:

• Usage data — pages visited, time on site, referral source (via Cloudflare analytics)
• Device and browser data — browser type, operating system, screen resolution
• IP address — used for rate limiting and fraud prevention
• Cookies — session cookies for functionality; analytics cookies for usage tracking

Payment information: We do not store your credit card number, CVV, or full payment details. All payments are processed by Stripe, Inc. Stripe's privacy policy governs the handling of your payment data: stripe.com/privacy.

3. Categories of Personal Information We Collect (CCPA / CPRA §1798.110)

In the past 12 months we have collected the following statutory categories of personal information from California residents:

• Identifiers — name, email address, phone number, IP address.
• Customer records (Cal. Civ. Code §1798.80) — billing name and address provided to Stripe.
• Commercial information — products/services purchased, deposits paid, subscription status.
• Internet or other electronic network activity — pages viewed, time on site, referral source, device/browser metadata, cookie identifiers.
• Geolocation data — coarse, IP-derived (city / region only); we do not collect precise geolocation.
• Audio, electronic, visual, or similar information — content you upload to your creative brief (logos, photos, videos, recordings).
• Professional or employment-related information — only if you voluntarily provide it in your brief (e.g., business name, role).
• Inferences — coarse interest categories drawn from your stated business type, used to suggest design templates.

We do not collect: biometric information, education records, sensitive personal information (under CPRA, this includes precise geolocation, racial/ethnic origin, religious beliefs, union membership, genetic data, contents of your mail/email/text messages not directed to us, or sexual orientation/sex-life).

4. Lawful Bases for Processing (GDPR Article 6)

If you are in the European Economic Area, the United Kingdom, or another GDPR-aligned jurisdiction, we rely on the following legal bases:

• Performance of a contract (Art. 6(1)(b)) — to deliver the website you ordered and to communicate about your project.
• Consent (Art. 6(1)(a)) — for marketing emails opted into via the Spin-to-Win wheel; you may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
• Legitimate interests (Art. 6(1)(f)) — for fraud prevention, IP-based rate limiting, and aggregate usage analytics. Our interest is in keeping the service available and free of abuse; this is balanced against your privacy rights, and you may object under Section 8.
• Legal obligation (Art. 6(1)(c)) — for tax recordkeeping and responding to lawful requests from authorities.

5. How We Use Your Information

• To process your deposit and deliver your website project
• To communicate with you about your project status, revisions, and delivery
• To send order confirmations and receipts
• To provide customer support
• To send occasional marketing emails if you opted in via the Spin-to-Win wheel (you can unsubscribe at any time)
• To detect and prevent fraud and abuse
• To improve our website and services
• To comply with legal obligations

6. Email Marketing & Consent

If you opt in via the Spin-to-Win wheel (the consent checkbox is unchecked by default — opt-in is affirmative and granular: you may complete checkout without subscribing), you may receive up to 4 marketing emails per month from MF Automations LLC about promotions, new slots, and product updates. Transactional emails about your project are separate from marketing and do not require this consent. We will never sell your email address. You can withdraw consent and unsubscribe at any time by:

• Clicking the "Unsubscribe" link present in every marketing email (RFC 8058 List-Unsubscribe header is also set), or
• Emailing support@thewebsitebonanza.com with the subject "Unsubscribe."

7. Data Sharing & Sub-Processors

We do not sell your personal information. We share data only with the following sub-processors, each contractually bound by a Data Processing Agreement (DPA):

• Stripe, Inc. (United States) — payment processing
• Supabase, Inc. (United States) — database / project data storage
• Resend, Inc. (United States) — transactional email delivery
• Cloudflare, Inc. (United States) — website hosting, DDoS protection, and analytics
• Law enforcement or courts — when required by law (we will notify you unless legally prohibited from doing so)

International transfers (GDPR Chapter V): Each of the U.S.-based sub-processors above receives personal information transferred from the EU/UK. We rely on the European Commission's Standard Contractual Clauses (SCCs, 2021/914/EU) and the UK International Data Transfer Addendum executed with each sub-processor as the Article 46 transfer safeguard. For Stripe and Cloudflare, we additionally rely on their EU-U.S. Data Privacy Framework certifications where applicable. Contact us to request a copy of the relevant SCCs.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access — request a copy of the personal data we hold about you
• Correction — request correction of inaccurate data
• Deletion — request deletion of your personal data
• Portability — receive your data in a portable format
• Restriction / Objection — object to or restrict processing based on legitimate interests (GDPR Art. 21)
• Withdrawal of consent — for any processing based on consent
• Opt-out — opt out of marketing communications at any time
• Right to lodge a complaint — file a complaint with your local data protection authority (EU/UK residents)

To exercise any of these rights, contact us at support@thewebsitebonanza.com. We will respond within 30 days (or 45 days for complex CCPA requests, with notice).

9. California Residents (CCPA / CPRA) — Notice of Rights & "Do Not Sell or Share"

If you are a California resident, you have the right under the CCPA (as amended by the CPRA) to:

• Know what personal information we collect (see Section 3 above for the statutory categories)
• Request access to and deletion of your personal information
• Correct inaccurate personal information
• Limit the use of sensitive personal information (we do not collect any — see Section 3)
• Opt out of the sale or sharing of your personal information
• Be free from retaliation for exercising any of these rights

Do Not Sell or Share My Personal Information: We do not sell or share personal information as those terms are defined under the CCPA/CPRA, and we have not done so in the preceding 12 months. To make this election explicit, you may submit a "Do Not Sell or Share" request to support@thewebsitebonanza.com with the subject line "Do Not Sell or Share My Personal Information," or visit our dedicated page at /do-not-sell. We honor Global Privacy Control (GPC) signals as opt-out preference signals.

To submit any other CCPA/CPRA request, contact support@thewebsitebonanza.com. You may also designate an authorized agent to make a request on your behalf; we will require reasonable verification of the agent's authority and your identity.

10. Data Retention

We retain your data for as long as necessary to fulfill your project and meet our legal obligations. Project data (briefs, deliverables, communications) is retained for 2 years after project completion. Email addresses collected via the spin wheel are retained until you unsubscribe. You may request deletion of your data at any time (see Section 8).

11. Cookies

We use cookies for:

• Essential cookies — required for the site to function (session management, checkout state)
• Analytics cookies — to understand how visitors use the site (page views, traffic sources)

You can disable cookies in your browser settings. Note that disabling essential cookies may affect checkout functionality. Where required by ePrivacy Directive / PECR, we obtain consent for non-essential cookies via our cookie banner before they are set.

12. Children's Privacy

Our services are not directed to children under 13 (or under 16 for residents of the European Union, where applicable under GDPR Article 8). We do not knowingly collect personal information from children in those age groups. If you believe a child has provided us with personal information, contact us immediately and we will delete it.

13. Security

We implement appropriate technical and organizational measures to protect your personal information, including encryption in transit (HTTPS), access controls, and secure storage via Supabase. However, no internet transmission is 100% secure, and we cannot guarantee absolute security.

14. Data Breach Notification

If we become aware of a personal-data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware (per GDPR Article 33), and we will notify affected individuals without undue delay where the breach is likely to result in a high risk (per Article 34). For California residents, we comply with the breach-notification timelines under Cal. Civ. Code §1798.82.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page with an updated date. For active project clients, we will notify you by email of material changes.

16. Contact Us

For privacy-related questions, data requests, or concerns:

Email: support@thewebsitebonanza.com
Phone: +1 (305) 204-3886
Mail: MF Automations LLC, 8025 NW 4th Ave, Miami, FL 33150, USA
Website: thewebsitebonanza.com