Privacy Policy

We collect information you provide directly to us, including:

• Account data — name, email address, and password when you register.
• Website content — text, images, and URLs you submit when building or editing a site.
• Billing data — payment card details processed securely via Stripe. We never store raw card numbers.
• Communications — messages you send us via support or in-app chat.

We also collect data automatically when you use Sitora:

• Usage data — pages visited, features used, clicks, and session duration.
• Device data — browser type, operating system, IP address, and language settings.
• Cookies — small text files used to keep you signed in and remember your preferences. See Section 7 for details.

We use your information to:

• Create and manage your account and the websites you build.
• Process payments and send billing receipts.
• Improve and personalise the Sitora product experience.
• Send transactional emails (e.g. password resets, publish confirmations).
• Send marketing emails if you have opted in — you can unsubscribe at any time.
• Detect, investigate, and prevent fraudulent or abusive activity.
• Comply with legal obligations.

When you describe your business or paste a URL, that content is sent to large language model providers (currently Anthropic and OpenAI) to generate your website. These providers process your content under their own data-processing agreements and do not use your data to train their public models.

We store the generated output (your site content) on our servers to render your published website. You retain full ownership of the content you create.

We do not sell your personal information. We share it only with:

• Service providers — infrastructure (Vercel, AWS), payments (Stripe), analytics (Plausible), and AI providers (Anthropic, OpenAI), each bound by data-processing agreements.
• Law enforcement — when required by a valid legal order or to protect the safety of users.
• Business transfers — in the event of a merger, acquisition, or sale of assets, with prior notice to affected users.

We retain your account data for as long as your account is active, plus 30 days after deletion to allow recovery. Anonymised, aggregated analytics data may be retained indefinitely.

You can request deletion of your account and all associated data by emailing privacy@sitora.ai.

Depending on your location, you may have the right to:

• Access — request a copy of the personal data we hold about you.
• Correction — ask us to fix inaccurate or incomplete data.
• Deletion — request that we erase your personal data.
• Portability — receive your data in a structured, machine-readable format.
• Objection — object to processing based on legitimate interests or for direct marketing.

To exercise any of these rights, email us at privacy@sitora.ai. We will respond within 30 days.

We use the following categories of cookies:

• Essential — required for authentication and security. Cannot be disabled.
• Preference — remember your settings such as theme or language.
• Analytics — privacy-first, cookieless analytics via Plausible. No personal data is collected.

We do not use advertising or third-party tracking cookies.

We protect your data using TLS encryption in transit and AES-256 encryption at rest. Access to production systems is restricted to authorised personnel and protected by multi-factor authentication. However, no method of transmission over the internet is completely secure, and we cannot guarantee absolute security.

Sitora is not directed at children under 13. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal data, we will delete it promptly.

We may update this policy periodically. We will notify you of material changes by email or via an in-app banner at least 14 days before they take effect. Continued use of Sitora after the effective date constitutes acceptance of the revised policy.

Questions about this policy? Reach us at privacy@sitora.ai or write to: Sitora Ltd, 123 Example Street, London, EC1A 1BB, United Kingdom.