Privacy Policy

Last updated: October 30, 2025

Introduction

SiteStable ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website monitoring service.

Information We Collect

Information You Provide

  • Account Information: Email address, name, password (encrypted), and IP address (for fraud prevention)
  • Website Information: URLs of websites you want to monitor
  • Mailing List: If you subscribe to our newsletter or Pro tier waitlist, we collect your email address, optional name, and subscription preferences
  • Communication Data: When you contact support, we collect your messages and email address

Information We Collect Automatically

  • Monitoring Data: HTTP status codes, response times, and error messages from monitored websites
  • Synthetic Monitoring Data: When you enable synthetic monitoring, we temporarily capture screenshots and HTML content of your website pages during the initial AI analysis to identify critical elements. Screenshots are deleted immediately after analysis (within seconds). Analysis results (detected elements and CSS selectors) are stored to enable synthetic monitoring of your site.
  • Website Analytics: We collect basic analytics about visitors to our marketing website (not your monitored sites) including: anonymous visitor ID (generated and stored in your browser), pages visited, referrer source (e.g., Twitter, Google), and UTM campaign parameters. IP addresses are hashed (one-way encrypted) immediately upon collection for privacy. This helps us understand how people find our service and which marketing efforts are effective. Bot traffic is automatically detected and filtered from analytics.
  • Log Data: IP addresses, browser type, access times (for security and debugging)
  • Session Cookies: A single session cookie (PHPSESSID) to keep you logged in

Information We Do NOT Collect

  • We do NOT use third-party analytics services (like Google Analytics)
  • We do NOT use advertising or marketing cookies
  • We do NOT sell your data to third parties
  • We do NOT collect payment information (handled by payment processor when available)
  • We do NOT track your browsing behavior outside our service
  • We do NOT collect personally identifiable information in our analytics (IP addresses are hashed)

How We Use Your Information

  • Service Delivery: To monitor your websites and send you alerts
  • AI Element Discovery: During setup, we analyze your website pages with artificial intelligence to automatically identify critical interactive elements (buttons, forms, checkout flows) that synthetic monitoring should check for functionality
  • Account Management: To create and maintain your account
  • Communication: To send you service-related emails (alerts, password resets, account notifications)
  • Marketing Communications: If you subscribe to our newsletter or Pro tier waitlist, we will send you product updates, feature announcements, and launch notifications. You can unsubscribe at any time.
  • Marketing Analytics: To understand how visitors find and use our website, measure the effectiveness of our marketing campaigns (e.g., Twitter posts, email campaigns), and improve our service. This data is used only internally and never sold to third parties.
  • Fraud Prevention: IP addresses collected during registration to detect and prevent multiple account abuse
  • Security: To prevent spam and abuse through rate limiting, security monitoring, and reCAPTCHA verification
  • Improvement: To analyze service performance and fix bugs

Data Storage and Security

Where We Store Data: Your data is stored on secure servers in the United States.

Security Measures:

  • Passwords encrypted with bcrypt hashing
  • HTTPS encryption for all connections
  • CSRF protection on all forms
  • reCAPTCHA v3 protection on all submitted forms to prevent automated abuse
  • SQL injection prevention with prepared statements
  • Rate limiting to prevent brute force attacks
  • Session cookies with HttpOnly and Secure flags

Data Retention

  • Account Data: Retained while your account is active
  • Mailing List Subscriptions: Retained until you unsubscribe. Unsubscribed email addresses retained to prevent re-subscription.
  • Registration IP Addresses: Retained while your account is active for fraud detection purposes
  • Website Analytics Data: Pageview and visitor analytics retained indefinitely for business analysis. IP addresses are hashed and cannot be reversed to identify individuals.
  • Monitor Check Results: Retained for 6 months (free tier) or 1 year (paid tier)
  • Incident Logs: Ongoing incidents kept indefinitely; resolved incidents kept for 1 year
  • Alert History: Retained for 6 months
  • Rate Limit Records: Automatically deleted after 24 hours

Third-Party Services

We use the following third-party services:

  • Anthropic Claude API: For AI-powered synthetic monitoring, we send screenshots and HTML content of your website pages to Anthropic's Claude API for analysis. This data is processed to identify interactive elements (buttons, forms, checkout flows) that we should monitor. Anthropic does not retain this data after processing. This is subject to Anthropic's Privacy Policy. We implement strict rate limiting (1 analysis per 20 minutes) to minimize API usage and protect your privacy.
  • Google reCAPTCHA v3: To prevent spam and abuse on all submitted forms (registration, login, password reset, website management, newsletter signup). reCAPTCHA analyzes user behavior and assigns a risk score. This is subject to Google's Privacy Policy and Terms of Service.
  • Email Service Provider: Your email address is used to send alerts, notifications, and newsletter emails via our SMTP provider.

Your Rights

You have the right to:

  • Access: Request a copy of your data
  • Correction: Update inaccurate information in your account settings
  • Deletion: Delete your account and all associated data at any time
  • Export: Request an export of your monitoring data
  • Analytics Data: Website visitor analytics are collected anonymously and are not linked to user accounts. If you wish to request export or deletion of analytics data, you can provide your browser's visitor ID (stored in localStorage under 'visitor_id') and we can retrieve or delete analytics records for that specific visitor ID.
  • Unsubscribe from Mailing List: Unsubscribe from newsletter and marketing emails at any time via the unsubscribe link in emails or by contacting us
  • Opt-Out: You cannot opt-out of essential service emails (downtime alerts, password resets, account security notifications) as they are necessary for the service to function

To exercise these rights, contact us at support@sitestable.co.

Cookies and Local Storage

We use minimal cookies and browser storage:

  • Session Cookie (PHPSESSID): Required for login functionality. Deleted when you close your browser or log out.
  • Local Storage (visitor_id): We store an anonymous visitor ID in your browser's localStorage to track unique visitors and understand how people use our marketing website. This is not a cookie and does not track you across websites. You can clear this by clearing your browser's localStorage.

We do NOT use third-party tracking cookies or advertising cookies. We use our own first-party analytics (not Google Analytics or similar services) to understand traffic to our marketing website.

Children's Privacy

Our service is not intended for children under 13. We do not knowingly collect information from children under 13. If you are a parent and believe your child has provided us with information, please contact us.

International Users

Our servers are located in the United States. If you access our service from outside the US, your information will be transferred to and stored in the US. By using our service, you consent to this transfer.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through a notice on our website. Your continued use of the service after changes constitutes acceptance of the updated policy.

Data Breach Notification

In the unlikely event of a data breach affecting your personal information, we will notify you via email within 72 hours of discovering the breach.

Contact Us

If you have questions about this Privacy Policy or our data practices, contact us: