Skip to main content
SiteGrader

Legal

Privacy Policy

Last updated: March 2026

SiteGrader (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, application, and services (collectively, the “Service”). By using the Service, you consent to the practices described in this policy.

1. Information We Collect

Information You Provide

  • Email address — if you purchase a report (provided to Stripe during checkout) or contact us.
  • URLs submitted for scanning — the web addresses you enter into the Service.
  • Payment information — if you purchase a report, payment is processed securely by Stripe. We do not store your credit card number, expiration date, or CVV on our servers. Stripe's privacy practices are governed by Stripe's Privacy Policy.
  • Support communications — any information you provide when contacting us.

Information Collected Automatically

  • IP address — used for rate limiting, abuse prevention, and basic geographic analytics.
  • Browser type and operating system — standard HTTP headers.
  • Scan results and metadata — the outputs generated by our analysis of submitted URLs.

2. What We Do Not Collect

  • We do not use tracking cookies beyond essential session cookies required for the Service to function.
  • We do not use invasive third-party analytics trackers (e.g., Google Analytics, Facebook Pixel). We use Plausible Analytics, a cookieless, privacy-friendly analytics tool that does not track individual users or collect personal data.
  • We do not sell, rent, or trade your personal data to any third party.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Service delivery — to process your scan requests, generate reports, and provide the features of the Service.
  • Rate limiting and abuse prevention — to enforce usage limits and protect the Service from misuse.
  • Product improvement — to analyze aggregate usage patterns and improve the accuracy and performance of our analysis algorithms.
  • Customer support — to respond to your inquiries and resolve issues.
  • Billing — to process one-time report payments (via Stripe).
  • Communications — to send transactional emails (e.g., receipts, password resets) and, with your consent, marketing emails about product updates.

4. Third-Party Services

We share information with the following third-party service providers, solely as necessary to operate the Service:

  • Stripe — payment processing. Stripe receives your payment information directly and is a PCI-DSS Level 1 compliant service provider.
  • Vercel — hosting and infrastructure. Vercel processes requests and may have access to IP addresses and request metadata as part of standard hosting operations.
  • Plausible Analytics — privacy-friendly, cookieless website analytics. Plausible does not use cookies, does not collect personal data, and is fully GDPR, CCPA, and PECR compliant. No consent banner is required.

We do not share, sell, or disclose your personal information to any other third parties except as required by law (e.g., in response to a valid subpoena, court order, or government request).

5. Data Retention

  • Scan results — not stored. Every scan runs fresh in real time and results are not persisted on our servers.
  • Purchase records — retained as long as necessary to fulfill the purchase and provide access to purchased reports. Upon request, your personal data will be removed within 30 days, except where retention is required by law.
  • Billing records — retained as required by applicable tax and accounting laws.
  • Aggregated, anonymized data — may be retained indefinitely for analytics and product improvement purposes.

6. Your Rights

You have the following rights regarding your personal data:

  • Access and export — you may request a copy of the personal data we hold about you.
  • Deletion — you may request that we delete your personal data. We will comply within 30 days, except where we are required by law to retain certain information.
  • Correction — you may request that we correct inaccurate personal data.
  • Marketing opt-out — you may unsubscribe from marketing emails at any time using the unsubscribe link in any marketing email, or by contacting us directly.

To exercise any of these rights, please contact us at support@sitegrader.dev.

7. GDPR (European Economic Area Users)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, the following additional provisions apply:

  • Legal basis for processing: We process your personal data on the basis of (a) contract performance (to provide the Service you have requested), (b) legitimate interests (to improve our Service and prevent abuse), and (c) your consent (for marketing communications).
  • Data transfers: Your data may be transferred to and processed in the United States. We rely on appropriate safeguards, including standard contractual clauses, to protect your data during such transfers.
  • Data Protection Officer: For GDPR-related inquiries, contact us at privacy@sitegrader.dev.
  • Right to lodge a complaint: You have the right to lodge a complaint with your local data protection authority.

8. CCPA (California Users)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

  • Right to know — you may request information about the categories and specific pieces of personal data we have collected about you.
  • Right to delete — you may request deletion of your personal data, subject to certain exceptions.
  • Right to non-discrimination — we will not discriminate against you for exercising your CCPA rights.
  • No sale of personal information — we do not sell your personal information as defined by the CCPA.

To exercise your CCPA rights, please contact us at support@sitegrader.dev.

9. Security

We implement reasonable technical and organizational measures to protect your personal data against unauthorized access, loss, misuse, or alteration. However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

10. Children's Privacy

The Service is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child, we will take steps to delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email or by posting a notice on the Service. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated policy.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

Terms of Service|Accuracy Disclaimer|Back to Home