Privacy Policy

SiteCroft — sitecroft.com • Effective Date: March 27, 2026

SiteCroft (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, and your choices regarding your data. By using our website or services, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Information You Provide Directly

When you purchase a service, fill out our intake form, or contact us, we collect information you provide, including:

  • Contact information: your name, business name, email address, phone number, and business address
  • Business information: services, target market, brand assets, social media profiles, and Google Business Profile URL
  • Uploaded files: logos, photos, and other images you submit via our intake form
  • Payment information: billing details processed securely by Stripe (we never store full card numbers)
  • Communications: messages you send via our contact form or email

1.2 Information Collected Automatically

When you visit sitecroft.com, our hosting infrastructure may automatically collect:

  • IP address and approximate location (country/region)
  • Browser type and version
  • Pages visited and time spent on the site
  • Referring URL

This information is collected by Vercel (our hosting provider) as part of normal server operation. We do not use this data to identify individual visitors.

2. How We Use Your Information

We use the information we collect to:

  • Build and deliver your website as agreed
  • Communicate with you about your project, invoices, and support
  • Send transactional emails (order confirmations, intake form receipts, preview notifications)
  • Process payments and manage your Care Plan subscription
  • Improve our services and website based on aggregate usage data
  • Comply with legal obligations

We do not sell, rent, or trade your personal information to third parties. We do not use your information for advertising or retargeting.

3. Third-Party Services

We rely on the following third-party services to operate SiteCroft. Each service has its own privacy policy that governs how they handle data:

3.1 Stripe

Stripe processes all payments on our platform. When you purchase a service, Stripe collects your billing information, including credit card details. We receive a payment confirmation and your email address from Stripe but never handle your raw card data. See Stripe’s Privacy Policy.

3.2 SendGrid (Twilio)

We use SendGrid to send transactional emails such as order confirmations, intake form receipts, and project notifications. Your email address and message content are transmitted through SendGrid’s servers. See Twilio’s Privacy Policy.

3.3 Vercel

Our website and your project website are hosted on Vercel’s global CDN. Vercel may process request metadata (IP addresses, headers) as part of serving web traffic. See Vercel’s Privacy Policy.

3.4 Vercel Blob Storage

Files you upload via our intake form (logos, photos, etc.) are stored using Vercel Blob Storage. Files are stored securely and are only accessible to SiteCroft staff for the purpose of building your website.

4. Cookies & Tracking

SiteCroft uses minimal cookies. We do not use advertising cookies, third-party tracking pixels, or behavioral analytics. Our cookie usage is limited to:

  • Session / functional cookies: used by our hosting infrastructure (Vercel) to serve content efficiently
  • Stripe cookies: used during the checkout process to maintain your payment session

You can disable cookies in your browser settings. Disabling cookies may affect the checkout experience.

5. Data Retention

We retain your information for as long as necessary to:

  • Deliver and support your website project
  • Maintain your Care Plan subscription
  • Comply with legal and accounting obligations (typically 7 years for financial records)

Uploaded files associated with completed and cancelled projects are retained for 90 days after project closure, after which they may be permanently deleted. If you need copies of your assets, please request them before this window closes.

You may request deletion of your personal data at any time by emailing hello@sitecroft.com. Deletion requests will be honored within 30 days, subject to our legal retention obligations.

6. Data Security

We take reasonable technical and organizational measures to protect your data, including:

  • HTTPS encryption for all data in transit
  • Secure cloud storage with access controls for uploaded files
  • Payment data handled exclusively by PCI-compliant Stripe
  • Limited access to project data (SiteCroft staff only)

No method of transmission over the internet is 100% secure. While we take commercially reasonable precautions, we cannot guarantee absolute security.

7. Your Rights

Depending on your location, you may have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your data
  • Object to certain processing activities
  • Data portability (receive your data in a structured format)

To exercise any of these rights, email us at hello@sitecroft.com. We will respond within 30 days.

8. Children’s Privacy

SiteCroft is a business-to-business service and is not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, please contact us and we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will post the updated policy at sitecroft.com/privacy with a revised effective date. We encourage you to review this page periodically. Continued use of our services after changes are posted constitutes acceptance of the updated policy.

10. Contact

If you have any questions about this Privacy Policy or how we handle your data, please contact us:

SiteCroft

hello@sitecroft.com

sitecroft.com