Privacy Policy

Siteport is a website creation and hosting service operated from Tallinn, Estonia. In this Privacy Policy, “Siteport,” “we,” “our,” and “us” refer to the operator of siteport.co and the Siteport service.

Contact: hello@siteport.co

This Privacy Policy explains how we process personal data when you:

• visit siteport.co;
• create or use a Siteport account;
• create, publish, or manage a website through Siteport;
• communicate with Sam or our support channels; or
• use payment and billing features connected to the service.

This Privacy Policy does not replace the privacy policy that a Siteport customer may need to publish on their own website for their own visitors.

For most account, billing, support, product, and security data, Siteport is the data controller.

For personal data submitted by visitors through a customer’s Siteport-powered website, such as contact-form leads, the customer operating that website is generally the data controller, and Siteport acts mainly as a processor or service provider on that customer’s behalf to host the site, route submissions, and provide the service.

A. Account and profile data

We may collect:

• name;
• email address;
• profile image;
• authentication provider identifiers;
• account settings and preferences.

If you sign in with Google or another provider, we receive the profile data that provider makes available to us.

B. Site and business data

We collect and store the content you provide to build and run your site, including:

• business name;
• business description;
• text content;
• uploaded images and files;
• logo;
• address;
• phone number;
• email address;
• opening hours;
• social links;
• page content and settings.

C. Chat, voice, and instruction data

We collect:

• text messages you send to Sam;
• audio you submit for transcription or voice interactions;
• generated outputs, edit history, and related context needed to process your instructions and improve service reliability.

D. Lead and visitor-submission data

For Siteport-powered customer websites, we may process data submitted by visitors, such as:

• name;
• email address;
• phone number;
• message content;
• metadata needed to deliver or store the submission.

E. Billing data

Payments are processed by Stripe or other payment providers. We do not store full card numbers. We may store limited billing and subscription data such as:

• Stripe customer ID;
• subscription status;
• plan;
• invoice metadata;
• payment status.

F. Usage, device, and log data

We may collect limited operational and diagnostic data such as:

• IP address;
• browser and device data;
• timestamps;
• request logs;
• page views;
• error logs;
• security events;
• rough geolocation derived from IP.

G. Cookies and similar technologies

We use essential cookies and similar technologies required to authenticate users, maintain sessions, secure the service, and remember core settings. We may also use limited, privacy-respecting operational analytics needed to run and protect the service.

We use personal data to:

• create and manage accounts;
• authenticate users;
• generate, host, publish, and update websites;
• process instructions sent to Sam by text or voice;
• deliver contact-form notifications and lead data;
• provide customer support;
• process billing and subscriptions;
• secure the service, prevent abuse, detect fraud, and troubleshoot issues;
• maintain backups, logs, and service continuity;
• comply with legal obligations; and
• enforce our Terms and other policies.

We do not sell personal data. We do not sell or share personal information as those terms are defined under the California Consumer Privacy Act or other applicable US state privacy laws.

Where GDPR or similar laws apply, we process personal data on one or more of these bases:

• performance of a contract — to provide the Siteport service you request;
• legitimate interests — to secure, maintain, improve, and administer the service;
• legal obligation — where we must retain or disclose data by law;
• consent — where we specifically ask for it, such as certain optional communications or features.

To generate and edit website content, process instructions, and support chat and voice features, we send data to third-party AI providers via their API-tier services (not consumer products).

This may include business information, page content, prompts, uploaded materials, and user instructions.

We do not use customer data to train AI models. However, third-party AI providers process data according to their own API terms and data handling policies, which may include limited retention for safety monitoring, abuse prevention, or service improvement. We select providers whose API terms are designed for commercial and production use, but we cannot guarantee how third-party providers handle data once transmitted.

You should not submit highly sensitive personal data (such as financial account numbers, government identifiers, health information, or other data subject to heightened legal protections) to the service unless it is genuinely necessary and legally appropriate for your use case.

We may share personal data with service providers that help us operate Siteport, including providers for:

• hosting and serverless infrastructure;
• content delivery and DNS;
• image and file storage;
• authentication;
• payments and billing;
• email delivery;
• logging, monitoring, and security;
• AI generation, transcription, and related processing.

Based on our current stack, these providers may include companies such as Stripe, Cloudflare, Vercel, Google, and OpenAI, as applicable to the feature used.

We may also disclose data:

• if required by law, court order, or lawful request;
• to protect rights, safety, security, or property;
• in connection with a merger, acquisition, financing, or asset sale; or
• with your direction or consent.

Your personal data may be processed in countries outside your country of residence, including outside the EEA, UK, or Switzerland.

Where required by law, we use appropriate safeguards for international transfers, such as adequacy decisions, contractual protections, or other lawful transfer mechanisms offered by our providers.

We keep personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide the service, meet legal obligations, resolve disputes, and enforce agreements.

In general:

• account and site data are retained while your account is active;
• support, chat, and operational logs may be retained for a limited period needed for support, security, and reliability;
• billing and transaction records may be retained for longer where required by tax, accounting, or legal rules;
• deleted account data is removed or anonymized within 30 days, unless longer retention is required for legal, security, fraud-prevention, backup, or dispute-resolution reasons.

We use commercially reasonable technical and organizational measures to protect personal data. However, no system is completely secure, and we do not guarantee that unauthorized access, loss, or alteration will never occur.

You are responsible for keeping your login credentials secure and for safeguarding any data you choose to publish on your website.

Depending on your location, you may have the right to:

• access your personal data;
• correct inaccurate data;
• delete data;
• restrict or object to certain processing;
• receive a portable copy of certain data;
• withdraw consent where processing is based on consent; and
• lodge a complaint with your local data protection authority.

To exercise rights, contact: hello@siteport.co

We may need to verify your identity before acting on a request.

If you are a resident of California, Virginia, Colorado, Connecticut, or another US state with applicable consumer privacy legislation, you may have additional rights under those laws, including the right to:

• know what personal information we collect and how it is used;
• request deletion of your personal information;
• opt out of the sale or sharing of personal information;
• not be discriminated against for exercising your rights.

We do not sell personal information. We do not share personal information for cross-context behavioral advertising as defined under California law (CCPA/CPRA).

Categories of personal information we collect are described in Section 4 above. We collect this information for the business and operational purposes described in Section 5.

To exercise your rights under US state privacy laws, contact: hello@siteport.co

We will verify your identity before fulfilling a request. You may designate an authorized agent to submit a request on your behalf, subject to verification.

If you operate a website on Siteport, you are responsible for:

• ensuring you have a lawful basis to collect visitor data;
• publishing any privacy notice required for your own visitors;
• responding to rights requests relating to visitor data you control; and
• configuring your site and content in a lawful way.

We may assist customers with deletion or export requests where we act on their instructions.

Siteport is not directed to children under the age of 16, and we do not knowingly collect personal data from children under 16. If you believe a child has provided personal data, contact us and we will investigate and take appropriate action, including deletion where required.

Customer websites and the Siteport service may link to third-party services. We are not responsible for third-party privacy practices, content, or security. Their own terms and privacy notices apply.

We may update this Privacy Policy from time to time. If we make material changes, we may notify users by email, dashboard notice, or by updating the “Last updated” date above.

For privacy questions or requests, contact: hello@siteport.co