Skip to main content
SiteLive logoSiteLive

Legal

Privacy Policy

Last updated: 9 June 2026

This Privacy Policy explains how SiteLive ("we", "us", "our") collects, uses, holds, discloses and protects your personal information. We are bound by the Australian Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs). Where you are located in the European Union or the United Kingdom, the EU GDPR and UK GDPR also apply (see Clause 14). By creating an account or using the SiteLive web application and marketing site (the "Service"), you agree to the handling of your personal information as described here.

1. What personal information we collect

Under APP 3 and APP 5, we collect only information reasonably necessary to run the Service:

We generally do not collect sensitive information (as defined by the Privacy Act). If a feature ever requires it, we will ask for your consent first (APP 3.3).

2. How we collect it

We collect personal information directly from you when you sign up, configure your sites, and use the Service. Where someone invites you to a site, we may receive your name, email and phone number from that organisation so we can send your invitation (APP 3.6). If we collect information about you from a third party, we will take reasonable steps to notify you as required by APP 5.

3. Why we use it

We use personal information only for the purposes for which it was collected, and related purposes you would reasonably expect (APP 6):

Automated decision-making. SiteLive's AI features (Ask SiteLive and Deep Reports) are tools to assist your decision-making — they produce outputs for you to review and act on. We do not use automated processing to make decisions about individuals that produce legal or similarly significant effects without human review. If this changes, we will update this policy and notify you.

4. Direct marketing

In line with APP 7, we will only send you marketing communications where you have consented or would reasonably expect them, and every marketing message includes a simple unsubscribe option. You can also email us at any time to opt out. We never sell your personal information.

5. Who we disclose it to

We use carefully selected service providers ("processors") who handle data on our behalf:

An up-to-date subprocessor list is available on request at team@sitelive.group. We will give reasonable notice of any material change to our subprocessors.

Where you enable WhatsApp notifications, Meta Platforms (as the operator of WhatsApp) also processes your data in accordance with Meta's own Privacy Policy (available at meta.com/privacy). We recommend reviewing Meta's policy to understand how they handle your information on their platform.

We may also disclose personal information where required or authorised by Australian law, or to protect the safety of people on site. We do not use your data to train third-party AI models.

6. Cross-border disclosure

Some of our processors store or process data outside Australia (for example, in the European Union or the United States). Before disclosing your personal information overseas we take reasonable steps to ensure the recipient handles it consistently with the Australian Privacy Principles, as required by APP 8.

Where EU or UK data protection law applies, transfers of personal information to countries outside the EU or UK (including to Australia and the United States) are protected by one of the following mechanisms approved under EU GDPR and UK GDPR:

You may request a copy of the relevant transfer safeguards by emailing team@sitelive.group.

7. How we keep it secure

As required by APP 11, we take reasonable steps to protect your personal information from misuse, interference, loss, and unauthorised access, modification or disclosure. Data is encrypted in transit (TLS) and at rest, access to production data is restricted and logged, and we destroy or de-identify personal information when it is no longer needed.

8. Notifiable data breaches

If we experience a data breach that is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required by the Notifiable Data Breaches scheme. Where EU or UK GDPR applies, additional breach-notification timeframes apply (see Clause 14.5).

9. How long we keep it

We keep account and booking information for the life of your account, plus up to 7 years after closure to meet legal, tax and record-keeping obligations. Audit logs are kept for 2 years and marketing consent records until you withdraw consent. After that we securely delete or de-identify the information.

10. Accessing and correcting your information

Under APP 12 and APP 13 you may request access to the personal information we hold about you and ask us to correct it if it is inaccurate, out of date or incomplete. Email team@sitelive.group and we will respond within 30 calendar days. For complex or multiple requests, we may extend this by a further 60 days; if we need to extend, we will notify you within the first 30 days and explain why. We do not charge for making a request, though a reasonable cost may apply for giving access in some cases.

11. Cookies

We use a small number of essential cookies for authentication, session management, security and remembering your preferences. These cookies are necessary for the Service to function and cannot be switched off.

We do not use third-party advertising, marketing or tracking cookies. We do not use cookies to build profiles about you for advertising purposes.

Most browsers allow you to control cookies through their settings. Disabling essential cookies may affect your ability to sign in and use the Service. If we introduce any non-essential cookies in the future, we will update this policy and implement a consent mechanism before doing so.

12. Changes to this policy

We may update this policy from time to time. When we make a material change we will update the date above and ask you to review and accept the updated policy the next time you sign in.

13. How to contact us or make a complaint

For privacy questions, access or correction requests, or to make a complaint, contact us at team@sitelive.group. We will acknowledge your complaint and aim to resolve it promptly. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or on 1300 363 992.

14. Additional information for EU and UK users (GDPR / UK GDPR)

If you are located in the European Union or the United Kingdom, the EU General Data Protection Regulation (EU GDPR) or the UK General Data Protection Regulation (UK GDPR) may apply to our handling of your personal information. This section supplements the rest of this Privacy Policy for those users.

14.1 Data controller

SiteLive is the data controller for personal information processed in connection with the Service. Contact: team@sitelive.group.

14.2 Lawful basis for processing

We process your personal information on the following lawful bases:

14.3 Your rights under GDPR / UK GDPR

In addition to the access and correction rights in Clause 10, you have the right to:

To exercise any of these rights, email team@sitelive.group with the subject line 'Data Subject Request'. We will respond within 30 calendar days, with a possible 60-day extension for complex requests (we will notify you if an extension applies).

14.4 Complaints

You have the right to lodge a complaint with your local supervisory authority. In the EU, this is the data protection authority in your country of residence. In the UK, it is the Information Commissioner's Office (ico.org.uk).

14.5 Data breach notification

In addition to our obligations under the Australian NDB scheme (Clause 8), where EU or UK GDPR applies:

14.6 International transfers

Where we transfer personal information from the EU or UK to countries not deemed to have adequate data protection laws (including Australia, which does not currently hold an EU adequacy decision), we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, or the UK International Data Transfer Agreement (IDTA) approved by the UK Secretary of State, as applicable, to ensure your data receives an equivalent level of protection.

14.7 Representatives

As required by GDPR Article 27 and UK GDPR Article 27, you can contact us about EU and UK data protection enquiries at:

14.8 Retention

The 7-year retention period described in Clause 9 is justified under Article 6(1)(c) (legal obligation) for tax and financial records, and under Article 6(1)(b) (contract performance) for the duration of active subscriptions. De-identification or deletion occurs on the schedule described in Clause 9.

15. Age restriction

The Service is intended for users aged 18 years and over. We do not knowingly collect personal information from individuals under the age of 18. If you are a parent or guardian and believe we have collected information about a minor, please contact us at team@sitelive.group and we will take prompt steps to delete it.

16. California residents (CCPA / CPRA)

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), including the right to know, access, delete and correct personal information we hold about you, and the right not to be discriminated against for exercising these rights.

SiteLive does not sell or share your personal information as defined by the CCPA/CPRA.

To submit a California privacy request, email team@sitelive.group with the subject line 'California Privacy Request'. We will verify your identity and respond within 45 calendar days.