Privacy

What we collect and what we don't.

Last updated May 24, 2026.

What we collect

  • Public business info we use to build your preview: name, address, hours, website (if any), photos and reviews from Google Business Profile + Yelp. This is all public data.
  • Email + phone when you sign up or use the contact form. Used only to reply to you, deliver service notifications, and log into the portal.
  • Stripe customer record for billing. We do not see or store your card number; Stripe does.
  • Leads submitted on YOUR live site are stored so you can see them in your portal. We don't read or analyze them beyond surfacing them to you.
  • Source IP hashed daily on lead submissions for spam-rate-limit purposes. The raw IP is never stored; a per-day salted SHA-256 hash is what lives in our database, and it becomes uncorrelatable after 24 hours.

What we don't do

  • No third-party advertising pixels (no Meta, no Google Ads, no TikTok).
  • No selling, renting, or trading customer lists.
  • No autonomous phone outreach to customers, ever.
  • No reading your customer leads beyond storing + delivering them to you.
  • No tracking visitors across other sites.

Who touches your data

The full list of third-party services that process your data:

  • Vercel: hosting + serverless functions + Analytics.
  • Cloudflare: DNS + Registrar + Turnstile bot defense.
  • Supabase: database + authentication.
  • Stripe: billing.
  • Resend: transactional email (sign-in links, lead notifications).
  • Twilio: SMS, but only between Siteseeing and Ben (the operator). We do not text customers.
  • Anthropic: the AI models used by our site-generation agents. They run on your business's public data only.
  • Google Places + Yelp Fusion: public business listing lookups.

Your rights

You can request a copy of everything we have on you, ask us to delete it, or correct anything wrong. Email ben@siteseeing.app with the subject “data request” and we'll reply within 7 days.

Cancelling your subscription removes your private data within 30 days. Anonymized aggregates (e.g., “we built X sites in Y vertical this quarter”) may be retained for internal stats.

Cookies

We use a single first-party cookie for authentication (the Supabase session token). No marketing cookies, no analytics cookies that aren't already first-party. Your live site (the one we build for you) ships with Vercel Analytics by default; that's cookie-less and aggregate-only.

Kids

We don't knowingly collect data from anyone under 16. If you believe a minor has submitted data through one of our forms, email ben@siteseeing.appand we'll delete it.

Changes

We'll email you about any material change at least 30 days before it takes effect. Material change means anything that changes who touches your data or how it's used.

Questions? Just ask.