Privacy Policy

1. Introduction

SiteReveal AI Ltd ("we", "us", or "our") operates the website intelligence platform available at www.sitereveal.ai (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service, in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the EU GDPR where applicable. Please read this policy carefully. If you disagree with its terms, please discontinue use of the Service.

2. Data Controller

The data controller responsible for your personal data is:

3. Information We Collect

Information you provide directly: When you create an account via Manus OAuth, we receive your name and email address from the authentication provider. When you subscribe to a paid plan, Stripe processes your payment information; we do not store full card details on our servers.

Information collected automatically: We collect the URLs you submit for analysis, the resulting scan data (scores, technology signals, performance metrics), your IP address for rate-limiting and fraud prevention purposes, and standard web analytics data (page views, session duration) via Umami Analytics.

Information from third parties: We receive subscription status and payment event information from Stripe when you purchase or modify a plan.

4. Legal Basis for Processing

We process your personal data on the following legal bases under UK/EU GDPR:

• Contract performance — to provide the Service you have signed up for, including processing scans and managing your subscription
• Legitimate interests — to prevent abuse, enforce rate limits, improve the platform, and maintain security
• Legal obligation — to comply with applicable laws and respond to lawful requests from authorities
• Consent — for optional analytics cookies (where applicable)

5. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Service
• Process transactions and manage your subscription
• Generate and store website intelligence reports
• Enforce daily scan limits and plan feature gates
• Send transactional emails (receipts, account notices)
• Improve and personalise the Service
• Comply with legal obligations and prevent abuse

6. Sharing of Information

We do not sell, trade, or rent your personal information to third parties. We may share information with:

• Stripe, Inc. — for payment processing and subscription management (US-based; transfers covered by Standard Contractual Clauses)
• Manus OAuth — for authentication (your name and email are passed to us at sign-in)
• Umami Analytics — for privacy-respecting, cookie-free analytics (no personal data transferred)
• Law enforcement or regulatory authorities when required by law or to protect our legal rights

7. International Data Transfers

Where we transfer personal data outside the UK or EEA (for example, to Stripe in the United States), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the UK Information Commissioner's Office or the European Commission.

8. Data Retention

We retain your account information and scan history for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where retention is required by law (for example, financial records retained for 7 years under UK tax law). Anonymised, aggregated scan data (with no personally identifiable information) may be retained indefinitely for platform analytics.

9. Cookies and Tracking

We use a single session cookie to maintain your authenticated state. We use Umami Analytics, which is cookie-free and does not track you across sites. We do not use advertising cookies or third-party tracking pixels. See our Cookie Policy for full details.

10. Your Rights

Under UK/EU GDPR, you have the following rights regarding your personal data:

• Access — request a copy of the data we hold about you (Subject Access Request)
• Rectification — request correction of inaccurate or incomplete data
• Erasure ("right to be forgotten") — request deletion of your account and all associated personal data. You can do this directly from your Account & Billing page or by emailing us
• Portability — request your scan history data in a machine-readable CSV format
• Restriction — request that we restrict processing of your data in certain circumstances
• Objection — object to processing based on legitimate interests
• Withdraw consent — where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, email [email protected] or use the contact form. We will respond within 30 days. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

11. Security

We implement industry-standard security measures including HTTPS/TLS 1.3 encryption, HTTP security headers (HSTS, Content Security Policy, X-Content-Type-Options, X-Frame-Options), rate limiting, input validation, and regular security reviews. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security. In the event of a data breach that poses a risk to your rights and freedoms, we will notify the ICO within 72 hours and affected users without undue delay.

12. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us immediately at [email protected].

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by updating the "Last updated" date at the top of this page and, where required by law, by sending you an email notification. Continued use of the Service after changes constitutes acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact our Data Protection team: