Privacy Policy
Last updated: April 10, 2026
1. Who we are
SiteRoast (“we”, “us”, “our”) is an AI-powered website audit service. When you use SiteRoast at siteroast.live, you agree to this policy. Questions? Email us at hello@siteroast.com.
2. What we collect
Account data
When you create an account: your email address and (if using Google sign-in) your Google profile name. We never see your Google password.
Audit data
The website URLs you submit for auditing, the audit reports we generate, and the PageSpeed data returned by Google’s API for those URLs.
Usage data
Your IP address (used to enforce the anonymous free-scan limit), browser cookies (a 30-day cookie to track anonymous scan usage), and aggregate page-view analytics via Plausible — a privacy-first analytics tool that collects no personal data and sets no cookies.
Payment data
If you upgrade to Pro or Agency, Stripe collects your payment details. We never see or store your card number. We store only your Stripe customer ID to manage your subscription.
3. How we use your data
- To run website audits and generate your AI report.
- To enforce scan limits on the free tier.
- To send you transactional emails (audit complete, Pro welcome, weekly monitoring alerts). You can stop monitoring emails by cancelling your Pro plan.
- To process and manage your subscription via Stripe.
- To improve SiteRoast — we may review anonymised audit patterns to improve our AI prompts.
We do not sell your data. We do not use your data for advertising.
4. Third-party services
We share data with the following processors only to the extent necessary to operate the service:
| Service | Purpose |
|---|---|
| Supabase | Database — stores accounts, audit records, and subscription status |
| Stripe | Payment processing and subscription management |
| Anthropic | AI report generation — your URL and crawl data are sent to Claude |
| Resend | Transactional email delivery |
| Vercel | Hosting and serverless infrastructure |
| Google PageSpeed API | Page performance data for audited URLs |
| Plausible | Privacy-first, cookieless analytics |
5. Data retention
- Audit reports are kept indefinitely while your account is active so you can review past results.
- Anonymous audit records (no account) are kept for 90 days, then deleted.
- If you delete your account, we delete your profile and audit records within 30 days.
6. Cookies
We use two types of cookies:
- Auth session cookie — set by Supabase when you sign in. Required to keep you logged in. Expires when you sign out.
- Anonymous scan cookie (
siteroast_anon_scan) — a 30-day httpOnly cookie set after an anonymous scan to prevent abuse of the free tier. No personal data is stored in it.
We do not use any advertising or tracking cookies.
7. Your rights
You may request a copy of your data, correction of inaccurate data, or deletion of your account and associated data at any time by emailing hello@siteroast.com. We will respond within 30 days.
8. Security
All data is transmitted over HTTPS. Your database is hosted on Supabase with row-level security enabled. Passwords (for email/password accounts) are hashed by Supabase Auth — we never have access to them.
9. Changes to this policy
If we make material changes, we will update the “Last updated” date above. Continued use of SiteRoast after changes constitutes acceptance of the revised policy.