Privacy Policy

Last updated: May 2026

1. Information We Collect

We collect information you provide directly to us when you create an account, subscribe to a plan, or contact us for support. This includes:

• Name and email address
• Billing information (processed and stored by our payment provider, Stripe)
• Website URLs and domain names you add to SiteHealth for monitoring
• Account preferences and settings

We also collect information automatically when you use the service, including:

• Log data such as IP address, browser type, pages visited, and timestamps
• Device information including operating system and screen resolution
• Usage data such as features accessed and scan results viewed
• Cookies and similar tracking technologies (see the Cookies section below)

2. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the SiteHealth monitoring service
• Process transactions and send related information including purchase confirmations and invoices
• Send transactional emails such as scan alerts, downtime notifications, and account security notices
• Send marketing communications if you have opted in (you may unsubscribe at any time)
• Respond to support requests and communicate with you about your account
• Monitor and analyze usage patterns to improve the service
• Detect, prevent, and address technical issues, abuse, and security threats
• Comply with legal obligations

We do not sell your personal data to third parties. We do not use your website scan data for any purpose other than delivering the monitoring service to you.

3. Cookies

We use cookies and similar tracking technologies to operate and improve SiteHealth. Cookies are small text files stored on your device by your browser.

We use the following types of cookies:

• Essential cookies — required for the service to function, including authentication session cookies and security tokens.
• Preference cookies — remember your settings such as theme or dashboard preferences.
• Analytics cookies — we use privacy-first analytics (Plausible) that do not track individuals or use persistent identifiers. No consent banner is required for these.

You can control cookies through your browser settings. Disabling essential cookies will prevent you from logging in to the service.

4. Third-Party Services

We share data with third-party service providers only as necessary to operate the service:

• Stripe — payment processing. Stripe stores your card details and billing information under their own privacy policy and PCI-DSS compliance program.
• Supabase — authentication and database hosting. Your account data and scan results are stored in Supabase-managed infrastructure.
• Digital Ocean — cloud infrastructure provider hosting our application servers.
• Plausible Analytics — privacy-preserving, cookieless analytics. No personal data is collected or shared.
• Sentry — error monitoring to detect and diagnose application bugs. Error reports may include anonymized request data.

We do not share your data with advertising networks, data brokers, or social media platforms.

5. Data Retention

We retain your account data for as long as your account is active. If you cancel your subscription, your account data is retained for 90 days to allow for reactivation, after which it is permanently deleted.

Scan history and health check results are retained according to your plan tier. You may export or delete your data at any time from your account settings.

Billing records are retained for seven years as required by applicable tax and accounting regulations.

6. Your Rights (GDPR & CCPA)

Depending on your location, you may have the following rights regarding your personal data:

• Right to access — request a copy of the personal data we hold about you.
• Right to rectification — request correction of inaccurate or incomplete data.
• Right to erasure — request deletion of your personal data, subject to legal retention requirements.
• Right to restriction — request that we limit how we process your data.
• Right to portability — receive your data in a structured, machine-readable format.
• Right to object — object to processing based on legitimate interests or for direct marketing.
• Right to opt out of sale — California residents: we do not sell personal information as defined under CCPA.

To exercise any of these rights, please contact us at the address below. We will respond within 30 days.

7. Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These include encryption in transit (TLS), encryption at rest, access controls, and regular security monitoring.

No method of transmission over the internet is 100% secure. If you discover a security vulnerability, please disclose it responsibly to hello@sitehealth.app.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice in the dashboard at least 14 days before the change takes effect. Continued use of the service after the effective date constitutes acceptance of the updated policy.

9. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at:

SiteHealth
hello@sitehealth.app