Legal

Privacy Policy

Last updated: March 1, 2026

Privacy at a Glance

  • We do not sell your data
  • We do not use your content for AI training
  • No advertising or tracking cookies
  • GDPR-compliant data processing

1. Overview

SiteICO ("we", "our", "us") operates the siteico.com platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. By using the Service, you agree to the collection and use of information in accordance with this policy. We are committed to protecting your personal data and processing it in compliance with applicable data protection laws, including the EU General Data Protection Regulation (GDPR) where applicable.

2. Information We Collect

We collect the following categories of information: Account information — your name, email address, and password when you register. Billing information — payment method details processed by Stripe (we never store raw card numbers). Usage data — logs of actions taken within the platform, site performance metrics, and API access logs. Technical data — IP address, browser type, device information, and Cloudflare request logs. Content — WordPress site content that you host on our platform. Communications — emails and support messages you send us.

3. How We Use Your Information

We use your information to: provide and maintain the Service; process payments and manage your subscription; send transactional emails (account verification, invoices, alerts); monitor platform health and prevent abuse; improve the platform based on aggregated usage patterns; and respond to your support requests. We do not sell your personal data to third parties. We do not use your hosted site content for AI training or any purpose other than providing the hosting service.

4. Third-Party Data Processors

We share your data with a limited number of trusted processors necessary to operate the Service. Stripe — payment processing (PCI-DSS compliant). Cloudflare — CDN, DDoS protection, and DNS (acting as a data processor under EU Standard Contractual Clauses). SendGrid / AWS SES — transactional email delivery. Anthropic (Claude) — AI content generation features only (your content is not used for model training per Anthropic's API terms). All processors are bound by data processing agreements and appropriate safeguards. We do not share your personal data with advertisers or data brokers.

5. Cookies

We use a small number of essential cookies to operate the Service. Authentication cookies maintain your logged-in session. Locale preference cookies store your language choice. No third-party tracking or advertising cookies are set. For full details, see our Cookie Policy.

6. Data Retention

We retain your account data for as long as your account is active. After account closure, personal data is deleted within 30 days. Hosted site data is deleted within 30 days of account closure. Anonymised usage statistics and aggregated metrics may be retained indefinitely. Billing records are retained for 7 years as required by applicable accounting and tax laws.

7. Your Rights

Under applicable data protection law (including GDPR for EU residents), you have the following rights: Access — request a copy of the personal data we hold about you. Rectification — request correction of inaccurate data. Erasure — request deletion of your data, subject to legal retention requirements. Portability — request an export of your data in a machine-readable format. Objection — object to processing based on legitimate interests. Restriction — request that we restrict processing in certain circumstances. To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

8. Security

We implement industry-standard security measures including TLS encryption in transit, AES-256 encryption for sensitive stored data, regular security audits, and access controls limiting employee access to personal data. No method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify affected users and relevant authorities within the legally required timeframe.

9. International Transfers

We are based in the EU. If you access our Service from outside the EU, your data may be transferred to and processed in the EU. For transfers from the EU to third countries (e.g., AWS SES in the US), we rely on Standard Contractual Clauses approved by the European Commission or other legally valid transfer mechanisms.

10. Children

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us and we will delete it.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by email or by posting a notice in the dashboard. The "Last updated" date at the top of this page reflects the most recent revision. Your continued use of the Service after changes are posted constitutes acceptance.

12. Contact

For privacy-related questions or to exercise your data rights, contact us at [email protected]. We will respond within 30 days.

Privacy questions? Email us. See also: Cookie Policy and Terms of Service.