SiteProof AI

Privacy Policy

Last updated: April 2026

1. Information We Collect

Account Information

When you create an account, we collect your email address and encrypted password. We do not collect your name, phone number, or physical address unless you voluntarily provide it.

Scan Data

When you submit a URL for scanning, we collect the URL and analyze the publicly available content on that website. We do NOT store the full HTML of scanned pages. We retain only the URL, identified findings, compliance scores, and generated report data.

Usage Data

We automatically collect certain technical information including your IP address, browser type, device type, pages visited within our Service, and timestamps. This data is used for analytics and to improve the Service.

Payment Information

Payment processing is handled by Stripe. We do not store your credit card number, CVV, or full payment details on our servers. We retain only your Stripe customer ID and subscription status.

2. How We Use Your Information

  • To provide and operate the scanning Service
  • To generate compliance reports and scores
  • To manage your account and subscriptions
  • To send transactional emails (confirmations, reports, alerts)
  • To improve and optimize the Service
  • To detect and prevent fraud or abuse
  • To comply with legal obligations

We do NOT sell your personal data. We do NOT use your data for advertising. We do NOT share your scan results with third parties.

3. Data Retention

  • Free scans: Results are retained for 24 hours and then permanently deleted
  • Single Reports: Results are retained for 90 days from purchase date
  • Subscriptions (Starter/Pro): Results are retained while your subscription is active and for 30 days after cancellation
  • Account data: Retained while your account is active. You may request deletion at any time

4. Third-Party Services

We use the following third-party services to operate:

  • Supabase — Authentication and database hosting (data stored in secure, SOC 2 compliant infrastructure)
  • Vercel — Application hosting and deployment
  • Stripe — Payment processing (PCI DSS Level 1 compliant)
  • Anthropic (Claude) — AI analysis engine used to evaluate website content for compliance issues. See our AI Usage Policy for details on what data is sent to AI systems

5. Cookies

We use the following types of cookies:

  • Essential cookies: Required for authentication and core functionality. These cannot be disabled.
  • Analytics cookies: Used to understand how visitors interact with the Service. You may opt out of these.

We do NOT use advertising cookies or tracking pixels. We do NOT share cookie data with third-party advertisers.

6. Your Rights

Under GDPR (EU/EEA residents):

  • Right of access — request a copy of your data
  • Right to rectification — correct inaccurate data
  • Right to erasure — request deletion of your data
  • Right to data portability — receive your data in a structured format
  • Right to restrict processing
  • Right to object to processing
  • Right to withdraw consent at any time

Under CCPA/CPRA (California residents):

  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to opt out of the sale of personal information (we do not sell your data)
  • Right to non-discrimination for exercising your rights

To exercise any of these rights, contact us at support@siteproof.ai. We will respond within 30 days.

7. Data Security

We implement appropriate technical and organizational measures to protect your data, including encryption in transit (TLS 1.2+) and at rest, secure authentication via Supabase, regular security reviews, and access controls limiting who can access user data.

While we strive to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

8. International Data Transfers

Your data may be processed in countries outside your country of residence, including the United States. When we transfer data internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) where required by GDPR.

9. Children's Privacy

The Service is not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 16, we will take steps to delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated to registered users via email. Non-material changes will be reflected by updating the "Last updated" date at the top of this page.

11. Contact

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at:

support@siteproof.ai