Legal

Privacy Policy

Last updated: 26 May 2026

This policy explains how SiteLive ("we", "us") collects and uses personal data when you use our web application and marketing site. We are the data controller for the personal data described below.

This is a starter template. Have a solicitor or privacy specialist review before publishing for a paid product, especially if you operate outside the UK/EU.

1. What we collect

• Account data: name, email, phone, company, role.
• Booking data: sites, resources, schedules, and the subcontractors you invite.
• Billing data: processed by Stripe — we receive a token and the last 4 digits of your card, never the full number. Stripe calculates and collects any applicable sales tax, VAT or GST based on your billing location.
• Usage data: pages visited, features used, device and browser info.
• Communications: emails and support messages you send us.

2. How we use it

• To provide and operate the Service (contract).
• To process payments and prevent fraud (contract, legitimate interest).
• To send transactional emails — booking invites, confirmations, digests, password resets (contract).
• To send service updates and, with your consent, product news (consent — you can opt out any time).
• To improve the Service and debug issues (legitimate interest).
• To comply with our legal obligations.

3. Who we share it with

We use carefully selected processors:

• Supabase (database, auth, file storage) — EU region.
• Stripe (payments).
• Resend / email provider (transactional email delivery).
• Cloudflare (hosting, edge runtime).

We never sell your personal data. We do not use your data to train third-party AI models.

4. International transfers

Some processors are based outside the UK/EU. Where this happens, we rely on UK and EU Standard Contractual Clauses to protect your data.

5. How long we keep it

Account and booking data: for the lifetime of your account, plus up to 6 years after closure to meet legal and tax obligations. Audit logs: 2 years. Marketing consent records: until you withdraw consent.

6. Your rights

Under UK GDPR you have the right to access, correct, delete, restrict, port, or object to our processing of your personal data, and to withdraw consent at any time. Email privacy@sitelive.group to exercise any of these. You can also complain to the UK ICO at ico.org.uk.

7. Cookies

We use a small number of essential cookies for authentication and security. We do not use third-party advertising or tracking cookies.

8. Security

Data is encrypted in transit (TLS) and at rest. Access to production data is restricted to authorised personnel and logged. We will notify affected users without undue delay in the event of a personal data breach.

9. Contact

Privacy questions or requests: privacy@sitelive.group