Skip to main content

Privacy Policy

Last updated: March 1, 2026

1. Information We Collect

When you use FreeSiteAudit, we collect the following information:

  • Website URL: The URL you submit for analysis.
  • Email Address: Used to deliver audit reports and communicate about your results.
  • Business Category: Used to tailor our audit to your industry.
  • Payment Information: Processed securely by Stripe. We do not store credit card details.
  • Usage Data: Basic analytics including pages visited, referring source, and device type.
  • Analytics Data: Page views, time on site, referring URLs, and device information via Google Analytics. This data is anonymized and aggregated.

2. How We Use Your Information

  • To generate and deliver your website audit report.
  • To send transactional emails (report delivery, receipts).
  • To improve our audit algorithms and service quality.
  • To respond to support requests.

We do not sell, rent, or share your personal information with third parties for marketing purposes.

3. Data Storage & Security

Your data is stored securely using industry-standard encryption (AES-256) on servers located in secure data centers with SOC 2 Type II certification. Audit results are retained for up to 90 days to allow report re-delivery, after which they are automatically purged from our systems.

Payment processing is handled entirely by Stripe, which is PCI DSS Level 1 certified (the highest level of certification). We never see or store your full credit card details. Stripe handles all sensitive payment information.

🔒 Our Security Measures:

  • • AES-256 encryption for data at rest
  • • TLS 1.3 encryption for data in transit
  • • Regular security audits and penetration testing
  • • Automated daily backups with 30-day retention
  • • Two-factor authentication for admin access
  • • Role-based access controls (RBAC)

4. Third-Party Services

We use the following third-party services:

  • Stripe: Payment processing (PCI DSS Level 1 certified)
  • Supabase: Database hosting and user authentication (US-based, SOC 2 Type II certified)
  • Anthropic: AI-powered audit narrative generation using Claude Opus 4.6
  • Google Gemini: Industry classification and categorization
  • Resend: Transactional email delivery
  • Vercel: Application hosting and infrastructure
  • Google Analytics: Website usage analytics (anonymized visitor data to improve our service)

Each service has its own privacy policy governing how they handle data. We share only the minimum data necessary for each service to function.

5. Cookies & Tracking

We use minimal cookies for essential site functionality. We do not use tracking cookies or third-party advertising cookies. Here's exactly what we use:

  • Session cookies: Temporary cookies to maintain your session (e.g., keeping you logged into your dashboard). These expire when you close your browser.
  • Authentication tokens: Secure tokens to verify your identity when you log in. These are encrypted and HttpOnly (cannot be accessed by JavaScript).
  • Preference cookies: Remember your choices (e.g., dismissing announcements). These last up to 1 year.

Analytics cookies: Google Analytics uses cookies to track anonymized visitor behavior and help us improve the service. These cookies do not collect personally identifiable information.

We do NOT use:

  • Third-party advertising cookies
  • Social media tracking pixels
  • Cross-site tracking
  • Fingerprinting techniques

You can disable cookies in your browser settings, but this may affect site functionality (e.g., staying logged in).

6. Data Retention

We retain your data only as long as necessary to provide our services and comply with legal obligations:

  • Audit reports: 90 days after generation (then automatically deleted)
  • Account data: Retained while your account is active, deleted within 30 days of account closure
  • Payment records: 7 years (required for tax compliance and fraud prevention)
  • Email communications: Up to 2 years (for support history and compliance)
  • Analytics data: Aggregated and anonymized after 14 months

If you request deletion of your data, we will comply within 30 days, except for data we are legally required to retain (e.g., financial records).

7. Your Rights

You have the right to:

  • Access your data: Request a copy of all personal data we hold about you. We'll provide it in a machine-readable format (JSON or CSV) within 30 days.
  • Rectify inaccurate data: Request corrections to any personal information that is incorrect or outdated.
  • Delete your data: Request deletion of your personal data ("right to be forgotten"). We'll comply within 30 days, except for data we're legally required to retain.
  • Export your data: Download all your audit reports and data in a portable format.
  • Opt out of communications: Unsubscribe from marketing emails at any time (link in every email footer). You'll still receive transactional emails (receipts, audit delivery).
  • Object to processing: Ask us to stop processing your data for marketing purposes.
  • Restrict processing: Request temporary restriction of how we use your data.

To exercise any of these rights, email hello@freesiteaudit.com with subject line "Data Rights Request". We'll respond within 5 business days.

For EU residents (GDPR): You also have the right to lodge a complaint with your local data protection authority if you believe we've mishandled your data.

8. International Data Transfers

Our services are hosted on servers in the United States. If you are accessing FreeSiteAudit from outside the U.S., your data may be transferred to, stored, and processed in the United States.

We ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission for EU data transfers
  • Adherence to the EU-U.S. Data Privacy Framework principles
  • Equivalent protections as required by your local data protection laws

9. Children's Privacy

FreeSiteAudit is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a child, contact us immediately at hello@freesiteaudit.com and we will delete it promptly.

10. Changes to This Policy

We may update this policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

  • Update the "Last updated" date at the top of this page
  • Notify you via email if you have an account with us
  • For significant changes, provide prominent notice on our website for 30 days

We encourage you to review this Privacy Policy periodically. Continued use of our services after changes constitutes acceptance of the updated policy.

11. Contact & Data Protection Officer

For privacy-related inquiries, data rights requests, or concerns about how we handle your data, contact us at:

  • Email: hello@freesiteaudit.com
  • Subject line: "Privacy Inquiry" or "Data Rights Request"
  • Response time: We aim to respond within 5 business days

We take your privacy seriously. If you have concerns about how we've handled your data, we want to hear from you.

Related Pages

Terms of Service About Us Get Your Free Audit