siteOS
Sign in

Privacy Policy

Last updated: 2026-04-30

siteOS (“we,” “our,” “us”) operates the website https://siteos.dev and the dashboard at https://app.siteos.dev (together, the “Service”), a multi-tenant tool that crawls websites and surfaces issues using its own crawler and the Google Search Console API. This Privacy Policy explains how we collect, use, and protect your information.

1. Information We Collect

Account data. When you sign up, we collect your name, email address, profile picture (if provided via Google sign in), and the team(s) you belong to.

Billing data. If you subscribe to a paid plan, payment is handled by Stripe. We store a Stripe customer ID and your subscription status; we never see or store your full card number.

Project data. For each project you create, we store the website URL, crawl history, broken-link findings, page metadata returned by the crawler, and a computed Health Score.

Google Search Console data. If you connect a GSC property, we store an encrypted copy of your OAuth refresh token (AES-GCM 256, encrypted at rest) plus the data the API returns for your verified properties: sitemap submissions, indexed counts, clicks, impressions, CTR, and average position. We only request the minimum scopes needed and you can revoke access at any time from the dashboard or from your Google Account.

Cookies. We use first-party cookies for authentication and session management. We do not use cookies for advertising.

What we do NOT collect. We do not scrape or store the full HTML body of pages we crawl beyond what is needed to detect issues (status codes, links, response times, page titles). We do not sell, rent, or trade your data.

2. How We Use Your Information

We use the data above solely to operate the Service: run crawls, import GSC metrics, compute the Health Score, send you alerts and product emails, process payments, and provide customer support.

3. Crawling & Data Retention

Our crawler identifies itself with the siteOS-Crawler user agent and respects robots.txt. Findings are kept for as long as the project exists so you can track changes over time. Deleting a project permanently removes its crawl runs, findings, and imported GSC data within 30 days. Deleting your account removes your profile, team memberships, and OAuth credentials.

4. Third-Party Service Providers

We rely on a small number of vendors to run the Service. They only receive the minimum data needed to perform their function:

  • Supabase — authentication, Postgres database, file storage.
  • Vercel — hosting for the dashboard application.
  • Cloudflare — hosting for the marketing site.
  • Google Cloud (Cloud Run, Secret Manager, Artifact Registry) — runs the crawler job.
  • Google Search Console API — source of indexing and search-performance data for properties you connect.
  • Stripe — subscription billing and customer portal.
  • Resend — transactional email delivery.
  • Crisp — live chat support.

We do not sell, rent, or trade your personal information.

5. Children’s Privacy

The Service is not directed at children. We do not knowingly collect information from anyone under 16. If we learn we have, we will delete it promptly.

6. Security

All traffic is encrypted in transit via HTTPS/TLS. Sensitive tokens (such as Google OAuth refresh tokens) are encrypted at rest with AES-GCM 256 using a key held outside the database. Access to production systems is restricted and audited.

7. Your Rights

You can access, correct, export, or delete your personal data at any time from the dashboard, or by emailing us at the address below. Disconnecting Google Search Console removes the stored OAuth tokens immediately.

8. Updates to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email to the address on your account.

9. Contact

For any question about this Privacy Policy, contact us at vincent.ventalon.pro@gmail.com.

By using siteOS you agree to the collection and use of information as described in this Privacy Policy.