Privacy Policy

This Privacy Policy describes how Sitemarks, Inc. (“Sitemarks,” “we,” “us,” or “our”) collects, uses, shares, and protects personal information when you use our website at sitemarks.ai and our visual feedback and annotation platform (collectively, the “Service”). By using the Service, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Information You Provide

• Account information: When you create an account, we collect your name, email address, and password. If you sign up through a third-party provider (Google, GitHub), we receive your name and email from that provider.
• Organization information: If you create or join an organization, we collect the organization name, billing address, and payment information (processed by Stripe).
• Content: We store the content you upload or create through the Service, including annotations, comments, images, PDFs, videos, and URLs you submit for review.
• Communications: When you contact us via email, contact forms, or support channels, we retain the content of those communications.

1.2 Information We Collect Automatically

• Usage data: We collect information about how you interact with the Service, including pages visited, features used, timestamps, and interaction patterns.
• Device information: We collect browser type, operating system, device type, screen resolution, and language settings.
• IP address: We collect your IP address for security, fraud prevention, and approximate geolocation purposes.
• Cookies and similar technologies: We use cookies, local storage, and similar technologies as described in Section 7 below.

2. How We Use Your Information

We use the information we collect for the following purposes:

• To provide, maintain, and improve the Service
• To create and manage your account
• To process transactions and send billing-related communications
• To send you technical notices, security alerts, and support messages
• To respond to your comments, questions, and customer service requests
• To send marketing communications (with your consent, where required by law)
• To monitor and analyze usage trends and preferences
• To detect, prevent, and address fraud, abuse, and security issues
• To comply with legal obligations

3. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

• Service providers: We share information with third-party service providers who perform services on our behalf, such as hosting (AWS), payment processing (Stripe), email delivery, and analytics.
• Organization members: Content you create within an organization is visible to other members of that organization, subject to their role and permissions.
• Guest access: If you share a markup via a public link, guests who access that link can view the content and, if permitted, leave comments.
• Integrations: When you connect third-party services (Slack, Linear, GitHub, Jira), relevant data is shared with those services as configured by you.
• Legal requirements: We may disclose information if required to do so by law, legal process, or government request.
• Business transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

4. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete your personal information within 30 days, except where retention is required by law or for legitimate business purposes (such as resolving disputes or enforcing agreements). Backup copies may persist for up to 90 days after deletion.

5. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request correction of inaccurate or incomplete personal information.
• Deletion: Request deletion of your personal information, subject to legal exceptions.
• Portability: Request a machine-readable copy of your data for transfer to another service.
• Objection: Object to the processing of your personal information for direct marketing purposes.
• Restriction: Request restriction of processing in certain circumstances.

To exercise these rights, contact us at privacy@sitemarks.ai. We will respond within 30 days.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

• Encryption at rest (AES-256) and in transit (TLS 1.3)
• Regular security assessments and penetration testing
• Access controls and least-privilege principles
• SOC 2 Type II certified infrastructure
• 24/7 security monitoring and incident response

While we strive to protect your information, no method of transmission or storage is 100% secure. If you have concerns about security, please contact security@sitemarks.ai.

7. Cookies

We use the following types of cookies:

• Essential cookies: Required for the Service to function (authentication, security tokens). Cannot be disabled.
• Analytics cookies: Help us understand how visitors interact with the Service. You can opt out of analytics cookies through your browser settings or our cookie preferences panel.
• Functional cookies: Remember your preferences, such as language and display settings.

We do not use advertising or tracking cookies. You can manage cookie preferences through your browser settings.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for international transfers, including Standard Contractual Clauses (SCCs) approved by the European Commission. Enterprise customers may select specific data residency regions.

9. Children's Privacy

The Service is not directed to children under 16. We do not knowingly collect personal information from children under 16. If we learn that we have collected information from a child under 16, we will delete it promptly. If you believe a child has provided us with personal information, please contact us at privacy@sitemarks.ai.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the “Last updated” date. For significant changes, we will provide notice through the Service or by email. Your continued use of the Service after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

• Email: privacy@sitemarks.ai
• Address: Sitemarks, Inc., San Francisco, CA, United States
• Data Protection Officer: dpo@sitemarks.ai