SiteTrak

Privacy Policy

Last updated April 30, 2026

SiteTrak (a DBA based in California, USA) (“SiteTrak,” “we,” “us”) operates the SiteTrak website monitoring service. This Privacy Policy describes what information we collect, how we use it, and the choices you have. We aim to collect as little data as possible to provide the Service.

1. Account Information

When you sign up, we collect your email address and a hashed password (or your OAuth identifier if you sign in with Google or another provider). We use this information to authenticate you, send service communications, and process billing if you upgrade.

2. Billing Information

Payments are processed by Stripe. We do not store credit card details on our servers; Stripe handles all card data. We retain a Stripe customer ID and subscription metadata so we can manage your plan.

3. Domain & Monitor Configuration

When you add a domain or configure a monitor, we store the domain name, monitor type, check interval, alert thresholds, and notification preferences. This data is used solely to run the monitoring you requested and to alert you when thresholds are breached.

4. Monitoring & Diagnostic Data

For each check we run on your behalf, we record the outcome (response status, response time, headers, performance scores, SSL certificate metadata, etc.) along with a timestamp. We retain raw check results for the period defined by your plan (7 days on Free, 30 days on Starter and Growth, 90 days on Scale and Agency). Aggregated daily statistics are retained indefinitely.

5. Real User Monitoring (RUM) Beacon

If you embed the SiteTrak RUM beacon on your website, the script collects performance metrics from your visitors’ browsers, including:

  • Core Web Vitals (LCP, CLS, INP, FCP, TTFB)
  • Page URL (path only, no query strings stored)
  • Device type, connection type, viewport width
  • Approximate country (derived from IP at the edge - IP itself is not stored)
  • Long Animation Frames (LoAF) and JavaScript errors when present

The beacon does not:

  • Set or read cookies
  • Use browser fingerprinting techniques
  • Track users across sites
  • Store IP addresses
  • Collect personally identifiable information (names, emails, form contents, etc.)

Because the beacon is performance-only and does not identify individual users, it is generally treated as a strictly necessary measurement tool under GDPR — comparable to privacy-first analytics like Plausible or Fathom. Site operators using the beacon are responsible for disclosing its use in their own privacy policies if their jurisdiction or risk profile requires it.

6. How We Use Information

  • To operate the monitoring you configured and deliver alerts
  • To process billing and prevent fraud
  • To send transactional email (alerts, password resets, billing receipts)
  • To communicate important service updates (we will not email you marketing material without consent)
  • To investigate suspected abuse, security incidents, or violations of our Terms

7. Sharing

We do not sell your data. We share information only with the third-party processors required to run the Service:

  • Supabase - database and authentication hosting
  • Vercel - application hosting
  • Cloudflare - beacon ingest and edge compute
  • Stripe - payment processing
  • Resend - transactional email delivery
  • Google PageSpeed Insights API - performance scoring (URL only is sent)

Each of these providers operates under its own privacy policy, and we share only the data necessary for them to perform their function.

We may disclose information if required by law, valid legal process, or to protect the rights and safety of users or the public.

8. Data Retention

  • Raw monitoring data: per-plan retention (7 / 30 / 90 days)
  • Aggregated daily statistics: kept indefinitely
  • Account data: retained while your account is active; deleted within 30 days of account closure
  • Billing records: retained for 7 years to comply with tax and accounting requirements
  • Email logs: retained 90 days for delivery troubleshooting

9. Your Rights

You have the right to:

  • Access the data we hold about you
  • Correct inaccurate information
  • Export your data in a portable format
  • Delete your account and associated data
  • Object to or restrict certain processing (GDPR/UK GDPR)

To exercise any of these rights, email support@sitetrak.co. We respond within 30 days.

10. International Data Transfers

Our infrastructure is hosted primarily in the United States. If you are located in the EU, UK, or another region with data protection laws, by using the Service you consent to the transfer and processing of your data in the United States. We use Standard Contractual Clauses where required.

11. Security

We use industry-standard security measures: TLS in transit, encryption at rest (where provided by our hosting providers), least-privilege database access via row-level security, rate limiting on public endpoints, and segregated production secrets. No system is perfectly secure; if we discover a breach affecting your data, we will notify you within 72 hours of discovery, in line with applicable laws.

12. Children

The Service is not directed to children under 13 (or under 16 in the EU/UK). We do not knowingly collect data from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

13. Changes to This Policy

We may update this Privacy Policy. Material changes will be announced via email or prominently on the Service at least 30 days before they take effect.

14. Contact

Questions or requests about your data? Email support@sitetrak.co.

Set up in under a minute. We'll watch the rest.

Start monitoring free Try a free tool