Privacy Policy
Effective February 23, 2026
MBSoft Systems LLC (“Company,” “we,” “us,” or “our”), a Colorado limited liability company, operates UnWeb (“Service”). This Privacy Policy explains how we collect, use, disclose, and protect your information when you use the Service.
By using the Service, you consent to the practices described in this Privacy Policy.
1. Information We Collect
1.1 Information You Provide
- Account Information: When you register, we collect your email address, first name, last name, and password (stored as a bcrypt hash — we never store plaintext passwords).
- Payment Information: When you subscribe to a paid plan, payment is processed by our third-party payment providers (LemonSqueezy and/or Stripe). We do not directly store your credit card number or full payment details. We receive and store your subscription status, plan tier, and payment provider customer/subscription identifiers.
- API Keys: We generate and store API keys associated with your account for programmatic access.
- Support Communications: If you contact us, we may retain the content of your messages.
1.2 Information Collected Automatically
- Usage Records: We record metadata about each conversion request, including timestamp, content size (bytes), conversion type (paste, upload, URL, or crawl), and the API key or account used. We do not store the HTML content you submit or the Markdown output we generate. Content is processed in memory and discarded after the response is returned.
- Crawler Job Data: For web crawler jobs, we store the start URL, crawl configuration, job status, and page count. Crawl results (converted Markdown files) are stored temporarily and made available for download, then deleted according to our retention schedule.
- Server Logs: Our servers automatically record information such as your IP address, browser type, operating system, referring URLs, and request timestamps.
- Application Telemetry: We use Azure Application Insights to collect performance telemetry, including request durations, error rates, and dependency call metrics.
- Analytics: We use Google Analytics to collect anonymized usage data about how visitors interact with our website, including pages visited, session duration, and general geographic location.
1.3 Cookies and Similar Technologies
- Essential Cookies: We use localStorage to store your JWT authentication token for session management. This is necessary for the Service to function.
- Analytics Cookies: Google Analytics sets cookies to distinguish unique users and track sessions. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.
2. How We Use Your Information
We use the information we collect to:
- Provide and maintain the Service — process conversions, manage your account, enforce quotas.
- Process payments — manage subscriptions and billing through our payment providers.
- Monitor and improve the Service — analyze usage patterns, identify performance issues, and improve conversion quality.
- Enforce our Terms — detect abuse, prevent fraud, and enforce rate limits and acceptable use policies.
- Communicate with you — respond to support requests, send service-related notifications (e.g., quota warnings, plan changes).
- Comply with legal obligations — respond to lawful requests from authorities and fulfill regulatory requirements.
We do not use your information for:
- Selling your personal data to third parties
- Targeted advertising
- Training machine learning models on your submitted content
3. How We Share Your Information
We do not sell your personal information. We may share information in the following circumstances:
3.1 Service Providers
We share information with third-party service providers who assist us in operating the Service:
| Provider | Purpose | Data Shared |
|---|---|---|
| LemonSqueezy | Payment processing | Email, subscription details |
| Stripe | Payment processing | Email, subscription details |
| Microsoft Azure | Cloud hosting, Application Insights | Server logs, telemetry |
| Google Analytics | Website analytics | Anonymized usage data, IP address (anonymized) |
| PostgreSQL (self-hosted) | Database | Account data, usage records |
3.2 Legal Requirements
We may disclose your information if required by law, subpoena, court order, or governmental request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
3.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.
4. Data Retention
| Data Type | Retention Period |
|---|---|
| Account information | Until you delete your account + 30 days |
| Usage records (metadata) | 12 months from creation |
| Conversion content (HTML/Markdown) | Not stored — processed in memory only |
| Crawler results (ZIP files) | 7 days after job completion |
| Server logs | 90 days |
| Application Insights telemetry | 90 days |
| Payment records | As required by tax/accounting law (typically 7 years) |
| Database backups | 30 days (automated rotation) |
After the retention period, data is permanently deleted or anonymized.
5. Data Security
We implement appropriate technical and organizational measures to protect your information:
- Encryption in transit: All data transmitted between your device and our servers is encrypted using TLS/HTTPS.
- Password hashing: Passwords are hashed using bcrypt before storage.
- API key security: Only a prefix of your API key is displayed in the dashboard; the full key is shown only once at creation.
- Database security: PostgreSQL database access is restricted and credentials are securely managed.
- Automated backups: Database backups are encrypted and stored in Azure Blob Storage with a 30-day retention policy.
- Infrastructure security: The Service runs on hardened Azure infrastructure with network security controls.
Despite these measures, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security of your information.
6. Your Rights
Depending on your location, you may have the following rights regarding your personal information:
6.1 Rights for All Users
- Access: Request a copy of the personal information we hold about you.
- Correction: Request correction of inaccurate or incomplete information.
- Deletion: Request deletion of your account and associated data.
- Data Portability: Request your data in a structured, machine-readable format.
6.2 Additional Rights for EEA/UK Residents (GDPR)
If you are located in the European Economic Area or United Kingdom, you also have the right to:
- Restrict processing of your personal information in certain circumstances.
- Object to processing based on legitimate interests.
- Withdraw consent where processing is based on consent, without affecting the lawfulness of prior processing.
- Lodge a complaint with your local data protection authority.
Legal Basis for Processing (GDPR):
- Contract performance: Processing your conversions, managing your account and subscription.
- Legitimate interests: Service improvement, security monitoring, fraud prevention.
- Consent: Analytics cookies (you may opt out at any time).
- Legal obligation: Tax and accounting record retention.
6.3 Additional Rights for California Residents (CCPA/CPRA)
If you are a California resident, you have the right to:
- Know what personal information we collect, use, and disclose.
- Delete your personal information, subject to certain exceptions.
- Opt out of sale of personal information — we do not sell your personal information.
- Non-discrimination — we will not discriminate against you for exercising your CCPA rights.
Categories of Personal Information Collected (CCPA):
- Identifiers (email address, name, IP address)
- Commercial information (subscription and payment history)
- Internet/electronic activity (usage records, server logs)
We have not sold personal information in the preceding 12 months.
6.4 Exercising Your Rights
To exercise any of these rights, contact us at:
- Email: support@mbsoftsystems.com
We will respond to verified requests within 30 days (or within the timeframe required by applicable law). We may ask you to verify your identity before fulfilling a request.
7. International Data Transfers
The Service is hosted in the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States. By using the Service, you consent to this transfer. For EEA/UK users, we rely on Standard Contractual Clauses or other approved transfer mechanisms where required by GDPR.
8. Children’s Privacy
The Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete that information promptly. If you believe a child under 16 has provided us with personal information, please contact us at support@mbsoftsystems.com.
9. Browser Extensions
Our Chrome and Firefox browser extensions collect the following information:
- API key: Stored locally in your browser’s secure storage (browser.storage.sync) and sent with conversion requests to authenticate you.
- Page content: When you click “Convert,” the extension sends the current page’s HTML to our API for conversion. This content is processed in memory and not stored (see Section 4).
- No browsing history: The extensions do not track your browsing history or activity on other websites.
10. Third-Party Links
The Service may contain links to third-party websites. We are not responsible for the privacy practices of those websites. We encourage you to review their privacy policies before providing any personal information.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Posting the updated policy on the Service with a new “Last Updated” date
- Sending an email notification for significant changes (if you have an account)
Your continued use of the Service after changes take effect constitutes acceptance of the updated Privacy Policy.
12. Contact Us
For questions, concerns, or requests regarding this Privacy Policy, contact us at:
MBSoft Systems LLC Email: support@mbsoftsystems.com
For GDPR-related inquiries, you may also contact your local data protection authority.
This Privacy Policy was last updated on February 23, 2026.