Privacy Policy
Effective date: June 27, 2026
Last updated: June 27, 2026
1. Who we are
SiteDeck ("SiteDeck," "we," "us," or "our") is a website operations (WebOps) platform that helps agencies and IT teams monitor and manage portfolios of websites. SiteDeck is currently operated as an independent project based in Florida, United States.
For the purposes of the EU and UK General Data Protection Regulation (GDPR), SiteDeck is the data controller for personal data we collect about our account holders, and a data processor for the website and end-user data our customers choose to manage through the service.
If you have any questions about this policy or your personal data, contact us at privacy@sitedeck.dev.
2. Scope
This policy explains what personal data we collect, how we use it, who we share it with, how long we keep it, and the rights you have. It applies to the SiteDeck application and related services. It does not apply to third-party websites that our customers monitor using SiteDeck, or to third-party services that maintain their own privacy policies.
3. Information we collect
Account information. SiteDeck is invite-only. When an administrator invites you and you accept, we collect your email address, your name, your role within your organization, and your organization affiliation. You may add a profile avatar image. We store your account status, invitation status, and your notification preferences.
Content you create. As you use SiteDeck, we store the content you and your team generate, including support tickets and their descriptions, comments, time-tracking entries and notes, saved insights, and resources you add.
Website and monitoring data. SiteDeck stores information about the websites your organization monitors, including domains, performance and uptime results, SSL certificate status, and similar operational data. This is your business data about the sites you manage.
Technical and usage data. We use privacy-conscious, cookieless analytics to understand aggregate usage (such as page views, referring pages, device and browser type, and site performance metrics). We use an error-monitoring service that records technical diagnostics when something goes wrong (such as error messages, the page where an error occurred, and browser and operating system information).
What we do not collect. We do not collect your phone number, postal address, date of birth, or payment card information. We do not maintain application-level logs of your IP address or browsing activity within the product, though infrastructure providers such as Cloudflare, Vercel, Supabase, or Sentry may process IP addresses and request metadata as necessary to deliver, secure, or troubleshoot the service. We do not use advertising or cross-site tracking cookies.
4. How we use your information, and our legal bases
We use personal data to:
- Provide, operate, and maintain the SiteDeck service (legal basis: performance of a contract).
- Authenticate you and keep your account secure (legal basis: performance of a contract and our legitimate interest in security).
- Send you transactional messages such as invitations, password resets, notifications, and digests you have enabled (legal basis: performance of a contract and, where applicable, your consent).
- Monitor, diagnose, and improve the reliability and performance of the service (legal basis: our legitimate interests).
- Comply with legal obligations (legal basis: legal obligation).
We do not sell your personal data. We do not use your data to train artificial intelligence models, and SiteDeck does not send your data to any third-party AI or large language model provider.
5. How we share your information (sub-processors)
We share personal data only with the service providers that help us run SiteDeck. Each acts on our instructions under appropriate data-protection terms. Our current sub-processors are:
| Provider | Purpose | Data involved | Location |
|---|---|---|---|
| Supabase | Primary database, authentication, file storage, and backend functions | Account data, content you create, and monitoring data | United States (us-east-1) |
| Vercel | Application hosting and cookieless usage analytics | Aggregate usage and performance metrics | United States (global edge network) |
| Cloudflare | DNS and content delivery in front of our domains | Network request metadata, including visitor IP at the network layer | Global |
| Brevo | Delivery of transactional email | Recipient email, name, and message content | European Union (France) |
| Sentry | Error and performance monitoring | Technical diagnostics; configured not to attach user identifiers | United States |
| Browser push services (Google, Mozilla, Apple) | Delivery of web push notifications, where you enable and opt into them | Push endpoint and notification content | Per your browser vendor |
In addition, to perform website monitoring on your behalf, SiteDeck sends the website addresses and domains your organization chooses to monitor to the following services. These receive your business data about the sites you manage, not the personal data of SiteDeck users: Google PageSpeed Insights (performance), UptimeRobot (uptime), ssl-checker.io (certificate status), rdap.org (domain registration data), and the WordPress.org plugin directory (plugin version information).
We may also disclose information if required by law, to protect our rights or the safety of others, or in connection with a business transfer (such as a merger or acquisition), in which case we will provide notice.
6. International data transfers
SiteDeck is operated from the United States, and our primary data store (Supabase) is located in the United States. Some providers, such as our email provider, process data in the European Union. If you are located in the European Economic Area, the United Kingdom, or Switzerland, your personal data may be transferred to and processed in the United States and other countries that may not provide the same level of data protection as your home country.
Where personal data is transferred from the EEA, United Kingdom, or Switzerland to a country that has not been found to provide adequate protection, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum or International Data Transfer Agreement, or other lawful transfer mechanisms. Where a provider participates in an applicable adequacy framework, such as the EU-U.S. Data Privacy Framework, we may rely on that framework for transfers to that provider.
7. How long we keep your data
We keep your personal data for as long as your account is active and as needed to provide the service. When an account is removed, we offer two stages: a reversible soft-deletion that disables access, and a permanent deletion that erases the account and removes or anonymizes associated personal data. We may retain limited information where necessary to comply with legal obligations, resolve disputes, or enforce our agreements. Operational records that are not personally identifying (such as anonymized time entries shown as "Deleted user") may be retained for legitimate business purposes.
8. Your rights
Depending on where you live, you may have the right to:
- Access the personal data we hold about you.
- Correct inaccurate or incomplete data.
- Delete your data ("right to be forgotten"). SiteDeck includes a permanent-deletion function that erases an account and scrubs associated identifying information.
- Restrict or object to certain processing.
- Port your data to another provider.
- Withdraw consent at any time, where processing is based on consent.
Because SiteDeck is invite-only and administered by your organization, the quickest route for most requests is your organization's administrator, who can manage or delete your account directly. You may also contact us at privacy@sitedeck.dev and we will respond within the timeframe required by applicable law. If you are in the EEA or UK and believe we have not handled your data properly, you have the right to lodge a complaint with your local data-protection supervisory authority.
9. Security
We take reasonable technical and organizational measures to protect your data, including encryption in transit, hashed and salted password storage, row-level access controls that isolate each organization's data, and access restrictions on our backend. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.
10. Cookies and analytics
SiteDeck uses only strictly necessary and functional browser storage to keep users signed in and remember in-app preferences. We do not use advertising cookies, cross-site tracking cookies, or analytics cookies. Our usage analytics are cookieless and do not use a persistent identifier.
11. Children
SiteDeck is a business tool that is not directed to children, and we do not knowingly collect personal data from anyone under the age of 16. If you believe a child has provided us with personal data, contact us and we will delete it.
12. Changes to this policy
We may update this policy from time to time. When we make material changes, we will update the "Last updated" date above and, where appropriate, notify you through the service. Your continued use of SiteDeck after a change takes effect means you accept the updated policy.
13. Contact
Questions, requests, or concerns about this policy or your personal data:
SiteDeck
privacy@sitedeck.dev