Privacy Policy

Table of Contents

1. Information We Collect

Information You Provide

• Account Information: Name, email address, password, billing information
• Website URLs: URLs you submit for AI analysis and optimization recommendations
• Communication Data: Messages sent through contact forms, support tickets, or direct email
• Payment Information: Billing details processed through our payment processors (we don't store full credit card details)
• Profile Information: Company name, website preferences, plan selections

Information We Collect Automatically

• Technical Data: IP address, browser type and version, device information, operating system
• Usage Data: Pages visited, time spent, features used, audit history, click patterns
• Log Data: Server logs, error reports, performance metrics
• Website Analysis Data: Content and structure of websites you submit for analysis
• Cookies and Tracking: Session data, preferences, analytics information

Information from Third Parties

• Authentication Providers: Information from Google, GitHub, or other OAuth providers
• Payment Processors: Transaction confirmations and billing status from Stripe
• Analytics Services: Aggregated usage statistics and performance data

2. How We Use Your Information

• Service Delivery: Provide AI-powered website analysis, generate recommendations, deliver reports
• Account Management: Create and manage your account, process payments, provide customer support
• Communication: Send service updates, respond to inquiries, provide technical support
• Improvement: Analyze usage patterns to enhance our AI models and improve service quality
• Security: Detect and prevent fraud, abuse, and security threats
• Legal Compliance: Comply with applicable laws and respond to legal requests
• Marketing: Send promotional emails (with your consent), show relevant content
• Research: Conduct research to improve AI algorithms and industry insights (anonymized data only)

3. Legal Basis for Processing (GDPR)

For users in the European Economic Area, we process your personal data based on:

• Contract: To provide services you've requested or subscribed to
• Legitimate Interest: To improve our services, ensure security, and conduct business operations
• Consent: For marketing communications and non-essential cookies
• Legal Obligation: To comply with applicable laws and regulations

4. Information Sharing

We do not sell, rent, or trade your personal information. We may share information in these situations:

Service Providers

• Payment Processing: Stripe for billing and subscription management
• Data Storage: Supabase for secure database hosting
• AI Services: OpenAI and other AI providers for website analysis
• Email Services: For transactional and support communications
• Analytics: For usage insights and performance monitoring

Legal Requirements

We may disclose information when required by law, court order, or to:

• Comply with legal obligations or government requests
• Protect our rights, property, or safety
• Investigate fraud or security issues
• Enforce our Terms of Service

5. AI and Automated Processing

Our platform uses artificial intelligence and automated decision-making systems to:

• Website Analysis: Automatically analyze website content, structure, and performance
• Recommendation Generation: Generate personalized optimization suggestions
• Content Processing: Extract and analyze text, images, and technical elements
• Risk Assessment: Identify potential security or compliance issues

Your Rights: You have the right to request human review of automated decisions that significantly affect you. Contact us at sitescoreai@gmail.com to exercise this right.

Disclaimer: AI-generated analysis and recommendations are provided for informational purposes, based on the data submitted. They do not constitute professional advice, and SiteScore AI and its parent company, FrontForge Solutions SRL, disclaim liability for any decisions made based on this information. Final decisions should be made with human oversight.

6. Data Security

We implement robust security measures to protect your information:

• Encryption: Data encrypted in transit (TLS/SSL) and at rest
• Access Controls: Strict access controls and employee training
• Regular Security Audits: Periodic security assessments and updates
• Incident Response: Procedures for detecting and responding to security breaches
• Secure Infrastructure: Use of certified cloud providers with security certifications

Important: While we implement strong security measures, no system is 100% secure. We cannot guarantee absolute security but commit to notifying you of any significant data breaches as required by law.

7. Data Retention

We retain your information for different periods based on the type of data:

• Account Data: While your account is active and for 3 years after closure
• Audit Reports: Retained for the duration of your subscription plus 1 year
• Payment Records: 7 years for tax and legal compliance
• Log Data: 90 days for security and troubleshooting
• Marketing Data: Until you unsubscribe or withdraw consent
• Support Communications: 3 years for quality assurance and training

You can request deletion of your data at any time by contacting us. We'll honor your request except where we have legal obligations to retain certain information.

8. Your Privacy Rights

Depending on your location, you may have the following rights:

Universal Rights

• Access: Request a copy of your personal data we hold
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your personal data ("right to be forgotten")
• Portability: Receive your data in a portable format
• Opt-out: Unsubscribe from marketing communications

GDPR Rights (EU/EEA/UK)

• Restriction: Limit how we process your data
• Objection: Object to processing based on legitimate interests
• Withdraw Consent: Revoke consent for data processing
• Lodge Complaints: File complaints with your local data protection authority

To exercise your rights, contact us at sitescoreai@gmail.com. We'll respond within 30 days (or as required by applicable law).

9. Cookies and Tracking Technologies

We use cookies and similar technologies for:

Essential Cookies

• Authentication and security
• Session management
• Load balancing and performance

Analytics Cookies

• Usage statistics and performance monitoring
• Feature usage analysis
• Error tracking and debugging

Marketing Cookies

• Personalized content delivery
• Campaign effectiveness measurement
• Social media integration

You can manage cookie preferences through your browser settings or our cookie consent banner. Note that disabling essential cookies may affect website functionality.

10. Third-Party Services

Our platform integrates with third-party services that have their own privacy policies:

• Stripe: Payment processing - Stripe Privacy Policy
• Supabase: Database hosting - Supabase Privacy Policy
• OpenAI: AI analysis services - OpenAI Privacy Policy
• Google OAuth: Authentication - Google Privacy Policy

We carefully select third-party services that meet our security and privacy standards, but we're not responsible for their privacy practices.

11. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence. We ensure adequate protection through:

• Adequacy Decisions: Transfers to countries with adequate data protection
• Standard Contractual Clauses: EU-approved contracts for data transfers
• Certification Programs: Partners with recognized privacy certifications
• Binding Corporate Rules: Internal data protection standards

12. Children's Privacy

Our service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at sitescoreai@gmail.com.

13. Your Rights if You Are a United States Resident

If you reside in certain US states, you may have additional privacy rights. We aim to comply with all applicable state-level privacy laws.

California (CCPA/CPRA)

California residents have additional rights under the California Consumer Privacy Act:

• Know: What personal information we collect and how it's used
• Delete: Request deletion of personal information
• Correct: Request correction of inaccurate information
• Opt-out: Opt-out of sale or sharing of personal information
• Limit: Limit use of sensitive personal information
• Non-discrimination: Equal service regardless of privacy requests

Other US States with Applicable Privacy Laws

Residents of Virginia, Colorado, Connecticut, Utah, and other states with comprehensive privacy laws have similar rights to those listed above. Contact us to exercise your rights.

We do not sell personal information and have not sold personal information in the past 12 months.

14. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

• Posting the updated policy on our website
• Sending email notifications for significant changes
• Providing in-app notifications
• Updating the "Effective Date" at the top of this policy

Your continued use of our services after changes become effective constitutes acceptance of the updated policy.

15. Contact Information