Founder/legal review required

Privacy Policy

Last updated May 5, 2026. This draft should be reviewed by qualified counsel before launch.

Data we collect

Site Mapped stores account profile data, organization membership, website URLs, domain verification state, scan results, issues, uptime events, reminders, report-share settings, public status settings, billing-provider identifiers, and email delivery logs.

Website checks

When you add a site, Site Mapped fetches public website URLs using SiteMappedBot and stores detected technical signals such as status codes, titles, meta descriptions, links, resources, headers, sitemap and robots signals, and response timing.

Billing and email

PayPal processes paid subscriptions. Site Mapped stores PayPal subscription identifiers and webhook events needed to manage plan access. Transactional email may be sent through Resend or another configured provider.

Public sharing

If you enable a public status page, uptime badge, or shared report link, selected website health data becomes available to anyone with the public URL until disabled, revoked, or expired.

BYOK AI keys

If BYOK AI summaries are enabled, customer API keys must be encrypted at rest, hidden from the browser after submission, deletable, and never logged. AI summaries should use scan data unless the user explicitly opts into broader content inclusion.

Retention and deletion

Scan and event retention depends on plan limits. Users may request deletion by contacting support. Some billing, abuse-prevention, and audit records may be retained as needed for security, accounting, or dispute handling.

Contact

Questions can be sent to support@site-mapped.com.