Privacy Policy

Introduction

At Sitecheck, we take your privacy seriously. This Privacy Policy explains how we collect, use, and protect your personal information when you use our website analysis service. Sitecheck is operated as an independent platform based in Denmark and acts as the data controller for personal data processed through this service.

Data Controller

The data controller responsible for your personal data is: Sitecheck, operated by Bjarne Fabricius (bjarkeef@gmail.com), based in Denmark. You may contact us at support@sitecheck.dk for any privacy-related questions or to exercise your rights.

Legal Bases for Processing (GDPR Art. 6)

We process your personal data under the following legal bases:

• Contract performance (Art. 6(1)(b)): Processing your account data, scan results, and subscription information is necessary to deliver the service you signed up for.
• Legitimate interests (Art. 6(1)(f)): We process minimal technical data (e.g., server logs, error tracking) to operate, secure, and improve the platform. This is balanced against your privacy interests.
• Consent (Art. 6(1)(a)): Analytics and optional cookies are only activated after you give explicit consent via our cookie banner. You may withdraw consent at any time.
• Legal obligation (Art. 6(1)(c)): We retain billing records as required by Danish bookkeeping law.

Data Collection

Cookies and Tracking

We use cookies and similar technologies to provide and improve our service. You have full control over optional cookies through our Cookie Preferences.

Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have the following rights:

• Right to Access (Art. 15): Request a copy of your personal data and information about how it is processed
• Right to Rectification (Art. 16): Correct inaccurate or incomplete personal data
• Right to Erasure (Art. 17): Request deletion of your personal data ('right to be forgotten')
• Right to Restrict Processing (Art. 18): Limit how we use your data in certain circumstances
• Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format
• Right to Object (Art. 21): Object to processing based on legitimate interests
• Right to Withdraw Consent (Art. 7(3)): Withdraw consent for optional data collection at any time without affecting prior processing
• Right not to be subject to automated decisions (Art. 22): We do not make solely automated decisions that produce legal or similarly significant effects on you
• Right to Lodge a Complaint (Art. 77): Lodge a complaint with the Danish Data Protection Authority (Datatilsynet) if you believe your personal data is being handled unlawfully

To exercise any of these rights, contact us at support@sitecheck.dk. We will respond within 30 days of receiving your request, as required by GDPR. For complex or multiple requests, we may extend this period by a further two months with prior notice. You also have the right to lodge a complaint with the Danish DPA: Datatilsynet, Carl Jacobsens Vej 35, 2500 Valby, Denmark (www.datatilsynet.dk).

Data Retention

• Account Data: Retained until you delete your account
• Scan Results: Stored while your account is active, subject to the report limits on your plan
• Analytics Data: Retained for 180 days, then automatically deleted
• Cookie Consent: Stored until you withdraw consent or clear browser data

Data Security

We implement industry-standard security measures to protect your data, including encryption in transit (TLS/SSL), secure authentication, and regular security audits. We use Supabase for secure data storage and authentication.

Third-Party Services

We use the following third-party services that may process your data. Where applicable, we have Data Processing Agreements (DPAs) in place with each processor as required by GDPR Art. 28:

• Supabase: Authentication and database hosting (EU region, GDPR-compliant)
• PostHog: Analytics platform (EU instance, GDPR-compliant, data stored in the EU)
• Stripe: Payment processing and billing (processes payment card data; Stripe is certified PCI DSS Level 1)
• Vercel: Website hosting and edge delivery (US-based; data transfers covered by Standard Contractual Clauses)
• Hetzner Object Storage: Storage of scan artifacts such as screenshots (EU datacentres)
• Google PageSpeed Insights API: Website performance analysis (URLs submitted for analysis are sent to Google; see Google's Privacy Policy)

International data transfers: Some of the third-party services listed above (e.g., Vercel, Google) are based outside the European Economic Area (EEA). Where this is the case, transfers are carried out under appropriate safeguards, including the European Commission's Standard Contractual Clauses (SCCs) under GDPR Art. 46.

Automated Decision-Making

Sitecheck does not engage in automated decision-making or profiling that produces legal or similarly significant effects on individuals (GDPR Art. 22). Subscription tier upgrades and access control are rule-based processes, not AI-driven profiling decisions.

Children's Privacy

Our service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by updating the 'Last Updated' date at the top of this policy and, where required by law, by seeking fresh consent or providing direct notice via email.

Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact us: