Privacy Policy

Last updated: April 6, 2026

SiteDeck ("we", "our", or "us") operates the sitedeck.dev website and the SiteDeck WebOps platform accessible at *.sitedeck.dev (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By using SiteDeck, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, and organization name. If you contact us through our website, we also collect any information you provide in the contact form (company name, number of websites, message content).

Usage Data

We automatically collect information about how you interact with the Service, including pages viewed, features used, timestamps, browser type, and device information. This helps us improve the platform and troubleshoot issues.

Website Monitoring Data

SiteDeck performs external health checks on websites you add to the platform. This includes SSL certificate status, HTTP response codes, PageSpeed scores, domain WHOIS/RDAP data, sitemap-based link crawling, and WordPress version detection. All monitoring is performed externally. We never access your hosting environment, CMS admin panels, or server files.

Cookies and Local Storage

We use essential cookies and local storage for authentication and session management. We do not use third-party advertising cookies or tracking pixels.

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Send transactional notifications (task assignments, ticket updates, health alerts, account invitations)
  • Monitor and analyze usage patterns to improve the Service
  • Respond to your inquiries and support requests
  • Detect, prevent, and address technical issues and security threats
  • Comply with legal obligations

We do not sell your personal information. We do not use your data for advertising. We do not share your data with third parties for their marketing purposes.

3. Data Isolation and Multi-Tenancy

SiteDeck is a multi-tenant platform. Each organization's data is isolated using PostgreSQL row-level security (RLS) policies enforced at the database level. Your organization's websites, tasks, tickets, audit data, resources, and team information are invisible to other organizations. This isolation is enforced at the database layer, not just the application layer.

4. Third-Party Services

We use the following third-party services to operate the platform:

  • Supabase (database hosting, authentication, edge functions). Your data is stored in Supabase-managed PostgreSQL infrastructure
  • Vercel (application hosting and CDN)
  • Cloudflare (DNS and DDoS protection)
  • Brevo (transactional email and push notification delivery)
  • Google PageSpeed Insights API (website performance scoring)
  • Anthropic (AI-powered analysis via the Echo AI feature). When Echo AI is enabled for your organization, platform data, including website health metrics, ticket summaries, task status, and audit progress, is sent to Anthropic's Claude API to generate insights, recommendations, and natural language responses. This data is processed in real-time and is not used by Anthropic to train AI models. Echo AI is an optional add-on; organizations that do not enable Echo AI have no data sent to Anthropic.
  • ElevenLabs (optional voice playback via the Echo AI feature). When voice playback is enabled, Echo AI responses are converted to audio using ElevenLabs' text-to-speech API. Only the text of Echo's responses is sent to ElevenLabs. No user data, organization data, or website data is transmitted. Voice playback is an optional user preference within the Echo AI add-on.

These providers process data on our behalf under their respective privacy policies and data processing agreements. We do not share your data with any other third parties.

5. Data Retention

We retain your account and usage data for as long as your account is active. If you request account deletion, we will remove your personal data and organization data within 30 days, except where retention is required by law. Health monitoring historical data (uptime checks, SSL status, PageSpeed scores, etc.) is retained for approximately 90 days to support trend analysis and reporting, after which it is automatically purged.

6. Data Security

We implement industry-standard security measures including:

  • TLS encryption for all data in transit
  • Encrypted database storage at rest
  • Row-level security policies for organizational data isolation
  • Rate limiting on authentication endpoints
  • Session timeout and idle session management
  • Input validation and sanitization
  • Security headers (HSTS, CSP, X-Frame-Options, Permissions-Policy)
  • File upload validation (type, size, filename sanitization)
  • Complete audit logging of all platform actions

No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Export your data (CSV exports are available for tasks, tickets, audits, and activity logs)
  • Object to certain processing of your data
  • Withdraw consent where processing is based on consent

To exercise any of these rights, contact us at privacy@sitedeck.dev.

8. Children's Privacy

SiteDeck is a professional business platform not intended for use by individuals under the age of 18. We do not knowingly collect personal information from minors. If we learn that we have collected information from an individual under 18, we will take steps to delete that information promptly.

9. International Data Transfers

Our infrastructure providers operate globally. Your data may be transferred to and processed in countries other than your own. By using the Service, you consent to such transfers. We ensure appropriate safeguards are in place with our service providers.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service after changes are posted constitutes your acceptance of the revised policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

Email: privacy@sitedeck.dev
Website: https://sitedeck.dev