Privacy Policy

Last Updated: October 31, 2025

Introduction

This Privacy Policy describes how Sitewatchlite ("we," "us," or "our") collects, uses, and protects your personal information when you use our website security monitoring service (the "Service").

By using our Service, you agree to the collection and use of information in accordance with this policy.

Information We Collect

Information You Provide

  • Account Information: Email address, name, and password (encrypted)
  • Website Information: URLs of websites you wish to monitor
  • Payment Information: Processed securely through our payment provider (LemonSqueezy). We do not store complete credit card details
  • Communication Data: Messages you send to our support team

Information Automatically Collected

  • Technical Data: IP address, browser type, device information, operating system
  • Usage Data: Pages visited, features used, time spent on Service, click patterns
  • Cookies and Similar Technologies: Session identifiers, authentication tokens, preferences

Information Collected from Monitored Websites

Our Service automatically collects the following data from websites you choose to monitor:

  • SSL/TLS Certificate Information: Expiry dates, issuers, validity status
  • DNS Records: A, AAAA, MX, CNAME, TXT, NS, CAA, and SOA records
  • WHOIS Data: Domain registration information, registrar details, expiry dates
  • Security Headers: HTTP security headers and their configurations
  • Third-Party Scripts: URLs, domains, file hashes, and sizes of external JavaScript files loaded by your websites
  • Performance Metrics: Page load times, resource sizes, web vitals scores
  • Content Security Policy (CSP): CSP headers and configurations
  • Mixed Content: HTTP resources loaded on HTTPS pages
  • Broken Links: URLs and status codes of non-functional links

Important: We only collect this data from websites you explicitly add to your account. We do not monitor websites without your authorization.

How We Use Your Information

Service Delivery

  • Perform security, DNS, SSL, and performance checks on your specified websites
  • Detect and alert you to changes, security vulnerabilities, or expiring certificates
  • Monitor third-party scripts for unauthorized changes or security threats
  • Generate reports and analytics about your website security posture
  • Provide technical support and respond to your inquiries

Service Improvement

  • Analyze usage patterns to improve Service features and performance
  • Develop new security monitoring capabilities
  • Conduct research and analysis to enhance our algorithms

Communication

  • Send transactional emails (security alerts, certificate expiry warnings, script changes)
  • Provide Service updates, feature announcements, and security recommendations
  • Respond to customer support requests
  • Send billing and account-related notifications

Legal and Security

  • Comply with legal obligations and respond to lawful requests
  • Protect against fraud, abuse, and security threats
  • Enforce our Terms of Service
  • Protect our rights, property, and safety

Data Storage and Security

Data Storage

  • All data is stored on Google Cloud Platform (Firebase/Firestore) infrastructure
  • Data is encrypted at rest and in transit using industry-standard protocols
  • Backup copies are maintained for disaster recovery purposes
  • We retain your data for as long as your account is active plus 90 days after deletion

Security Measures

We implement appropriate technical and organizational measures including:

  • Encryption of data in transit (TLS 1.3)
  • Encryption of data at rest
  • Access controls and authentication requirements
  • Regular security audits and penetration testing
  • Employee security training
  • Incident response procedures

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

Data Sharing and Disclosure

We DO NOT Sell Your Data: We do not sell, rent, or trade your personal information to third parties for marketing purposes.

Service Providers

We share data with trusted third-party service providers who assist us in operating our Service:

  • Google Cloud Platform/Firebase: Data storage and hosting
  • LemonSqueezy: Payment processing (they handle payment card details, not us)
  • Google PageSpeed API: Website performance analysis
  • WHOIS API Providers: Domain registration information lookup

These providers are contractually obligated to protect your data and use it only for specified purposes.

Legal Requirements

We may disclose your information if required by law, court order, or governmental request, or if we believe disclosure is necessary to:

  • Comply with legal obligations
  • Protect our rights, property, or safety
  • Prevent fraud or abuse
  • Protect users' safety or the public interest

Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred. We will provide notice before your data is transferred and becomes subject to a different privacy policy.

Your Rights and Choices

Access and Correction

You can access and update your account information at any time through your account settings.

Data Deletion

You can request deletion of your account and associated data by:

  • Using the account deletion feature in your account settings
  • Contacting our support team at [support@yourapp.com]

Upon deletion, we will remove your data within 30 days, except for data we are required to retain for legal or accounting purposes.

Export Your Data

You can export your monitoring data and reports at any time through your dashboard.

Marketing Communications

You can opt out of marketing emails by:

  • Clicking the "unsubscribe" link in any marketing email
  • Adjusting your email preferences in account settings

Note: You cannot opt out of transactional emails (security alerts, billing notifications) while maintaining an active account.

Cookies

You can control cookies through your browser settings. Note that disabling cookies may affect Service functionality.

Regional Rights

For EU/UK Users (GDPR):

  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent
  • Right to lodge a complaint with a supervisory authority

For California Users (CCPA):

  • Right to know what personal information is collected
  • Right to know if personal information is sold or disclosed
  • Right to opt-out of sale of personal information (we don't sell data)
  • Right to deletion of personal information
  • Right to non-discrimination for exercising your rights

To exercise these rights, contact us at [privacy@yourapp.com]

Children's Privacy

Our Service is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have different data protection laws. We ensure appropriate safeguards are in place for such transfers.

Data Retention

We retain your data for the following periods:

  • Account Data: Duration of active account plus 90 days
  • Monitoring Results: Duration of active account plus 90 days
  • Transaction Records: 7 years (legal requirement)
  • Support Communications: 3 years
  • Security Logs: 1 year

Third-Party Links and Scripts

Our Service monitors third-party scripts on your websites but does not control the privacy practices of those third parties. We are not responsible for their privacy policies or practices.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated policy on this page
  • Updating the "Last Updated" date
  • Sending an email notification for significant changes
  • Displaying an in-app notification

Continued use of the Service after changes constitutes acceptance of the updated policy.

Contact Us

For privacy-related questions, requests, or complaints:

  • Email: [privacy@yourapp.com]
  • Support: [support@yourapp.com]
  • Address: [Your Company Address]
  • Data Protection Officer (if applicable): [DPO contact]

Specific Disclosures

Third-Party Script Monitoring

Our Service monitors third-party JavaScript files loaded on your websites by:

  • Recording script URLs and domains
  • Calculating cryptographic hashes of script content
  • Storing script file sizes
  • Detecting changes to script content

This data is used solely to alert you to unauthorized changes that may indicate security compromises. We do not execute or analyze the functionality of these third-party scripts beyond security monitoring.

Automated Decision-Making

We use automated systems to:

  • Detect security vulnerabilities
  • Identify script changes
  • Generate security risk scores
  • Send automated alerts

These automated decisions do not have legal or similarly significant effects. You can always review the underlying data and contact support with questions.

Data Breach Notification

In the event of a data breach that affects your personal information, we will notify you within 72 hours of becoming aware of the breach, in compliance with applicable law.

Effective Date: October 31, 2025

Your continued use of the Service constitutes acceptance of this Privacy Policy.