Privacy Policy

Last updated: 3 May 2026

This Privacy Policy explains how SiteDrop ("we", "us", or "our") collects, uses, and protects your personal data when you use our website and service (the "Service"). We are committed to protecting your privacy and complying with applicable data protection laws, including the UK GDPR and the Data Protection Act 2018.

1. Information We Collect

Information you provide

• Account information: When you sign up, we collect your name, email address, and profile picture via Google Sign-In.
• Site content: The HTML, CSS, JavaScript, images, and other files you upload to deploy your website.
• Payment information: When you subscribe to a paid plan, payment is processed by Stripe. We do not store your full card number — Stripe handles this securely. We store your Stripe customer ID and subscription status.
• Domain registration: If you purchase a custom domain, we collect contact details required by ICANN for domain registration (name, email, address, phone number).

Information collected automatically

• Usage data: Pages visited, features used, timestamps, and interaction patterns within the dashboard.
• Device information: Browser type, operating system, screen resolution, and IP address.
• Cookies: We use essential cookies for authentication and session management. We do not use tracking or advertising cookies.

2. How We Use Your Information

We use your information to:

• Provide, maintain, and improve the Service
• Deploy and host your websites
• Process payments and manage subscriptions
• Register and manage custom domains on your behalf
• Send transactional emails (e.g., welcome emails, billing receipts)
• Respond to support requests
• Detect and prevent fraud, abuse, and security threats
• Comply with legal obligations

We do not sell your personal data to third parties. We do not use your data for advertising purposes.

3. Legal Basis for Processing (UK GDPR)

We process your data under the following legal bases:

• Contract: Processing necessary to provide the Service you signed up for.
• Legitimate interest: Improving the Service, preventing abuse, and ensuring security.
• Legal obligation: Compliance with tax, financial, and regulatory requirements.
• Consent: Where required, such as for optional marketing communications.

4. Third-Party Services

We use the following third-party services to operate the platform:

• Google Firebase: Authentication and database storage (Google LLC, USA)
• Stripe: Payment processing (Stripe Inc., USA)
• Vercel: Website hosting, deployment, and domain registration (Vercel Inc., USA)
• Netlify: Application hosting (Netlify Inc., USA)
• Resend: Transactional email delivery (Resend Inc., USA)

Each of these providers processes data in accordance with their own privacy policies and is bound by appropriate data processing agreements.

5. International Data Transfers

Some of our third-party service providers are based in the United States. Where data is transferred outside the UK, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or adequacy decisions, in compliance with UK GDPR.

6. Data Retention

• Account data: Retained for the duration of your account, plus 30 days after deletion.
• Site content: Deleted when you delete your site or account.
• Payment records: Retained for 7 years as required by UK tax law.
• Server logs: Retained for up to 90 days for security and debugging purposes.

7. Your Rights

Under UK GDPR, you have the right to:

• Access your personal data
• Rectify inaccurate data
• Erase your data ("right to be forgotten")
• Restrict processing of your data
• Data portability — receive your data in a machine-readable format
• Object to processing based on legitimate interest
• Withdraw consent at any time, where processing is based on consent

To exercise any of these rights, contact us at hello@sitedrop.live. We will respond within 30 days.

8. Data Security

We implement appropriate technical and organisational measures to protect your data, including:

• Encryption in transit (TLS/SSL) for all connections
• Encryption at rest for stored data
• Access controls limiting who can access user data
• Regular security reviews of our infrastructure

No system is 100% secure. If you discover a security vulnerability, please report it to hello@sitedrop.live.

9. Cookies

We use only essential cookies required for the Service to function:

• Authentication cookies: To keep you signed in
• Session cookies: To maintain your session state

We do not use analytics cookies, tracking cookies, or advertising cookies. No cookie consent banner is required as we only use strictly necessary cookies.

10. Children's Privacy

The Service is not intended for children under 18 years of age. We do not knowingly collect personal data from children. If we learn that we have collected data from a child, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Service and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or how we handle your data, please contact us:

• Email: hello@sitedrop.live
• Data Controller: SiteDrop

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe your data protection rights have been violated.