GDPR Compliant · EU Data Storage

Privacy Policy

Last updated: May 28, 2026

1. Who we are

SiteBrief is an AI-powered website operations platform for digital agencies. We are the data controller for personal data collected through our service available at sitebrief.net.

Contact: privacy@sitebrief.net

2. Data we collect

Account data

Email address, name, company name — collected when you register. Used to authenticate you and communicate about your account.

Monitoring data

URLs, domain names, SSL certificates, and monitoring check results you configure. This data is necessary to provide the core service.

Status page subscriber emails

Email addresses of people who subscribe to your public status page. These are collected with explicit consent (double opt-in) and can be unsubscribed at any time.

GitHub / GitLab integration data

When you connect a GitHub or GitLab account to use DevLab, we store an OAuth access token and the names of repositories you explicitly link. We use this token to read specific configuration files (e.g. netlify.toml, .htaccess) and open fix pull requests on your behalf. No repository code is sent to any third-party AI service.

Competitor Intelligence data

Competitor URLs you add and publicly available content scraped from those URLs — used to generate AI-powered competitive briefs. Only publicly accessible pages are fetched. This data is sent to our AI provider (Anthropic) for analysis and is not stored beyond the session.

Technical data

IP address, browser type, and usage logs — collected automatically for security and to improve the service. Retained for 30 days.

3. Legal basis for processing

  • ·Contract — processing account and monitoring data is necessary to provide the service you signed up for.
  • ·Consent — status page subscribers explicitly opt in via double opt-in email confirmation. GitHub/GitLab OAuth connection is also consent-based — you explicitly authorise access.
  • ·Legitimate interest — technical logs for security and fraud prevention.

4. Where your data is stored

All data stored in the European Union

Our database is hosted on Supabase in the eu-west-1 (Ireland) region. We do not transfer personal data outside the EU/EEA without appropriate safeguards.

5. Third-party processors

ProcessorPurposeLocation
SupabaseDatabase & authenticationEU (Ireland)
ResendTransactional email alertsEU/US (SCCs)
NetlifyApplication hostingUS (SCCs)
ScreenshotOneScreenshots on downtimeEU/US
AnthropicAI analysis (insights, competitor briefs, health summaries)US (SCCs)

SCCs = Standard Contractual Clauses (EU-approved transfer mechanism).

6. Data retention

  • ·Account data — retained while your account is active, deleted within 30 days of account deletion.
  • ·Monitoring check history — retained for 90 days.
  • ·Technical logs — retained for 30 days.
  • ·Status page subscriber emails — retained until unsubscribed.

7. Your rights (GDPR)

Access
Request a copy of your personal data.
Rectification
Correct inaccurate data in your account settings.
Erasure
Delete your account and all associated data.
Portability
Export your data in machine-readable format.
Objection
Object to processing based on legitimate interest.
Restriction
Request we limit how we use your data.

To exercise any of these rights, email us at privacy@sitebrief.net. We will respond within 30 days.

8. Cookies

We use only essential cookies required for authentication (session token) and user preferences (theme, language). We do not use advertising or tracking cookies. No third-party analytics scripts are loaded.

9. Security

All data is encrypted in transit (TLS 1.2+) and at rest. Access to production data is restricted to authorised personnel only. We use Row Level Security (RLS) in our database to ensure users can only access their own data.

10. Changes to this policy

We may update this policy from time to time. We will notify registered users by email if changes are material. The date at the top of this page reflects the latest revision.

11. Contact & complaints

For privacy questions: privacy@sitebrief.net

If you are unhappy with how we handle your data, you have the right to lodge a complaint with your local data protection authority. In Ireland: dataprotection.ie

© 2026 SiteBriefBack to home