Back to home

Privacy Policy

Last updated: 11 April 2026

1. Who We Are

SiteAudit is operated by Robora Creative Ltd, a company registered in England & Wales ("we", "us", "our"). We are the data controller responsible for your personal data.

Contact: hello@siteaudit.io

2. What Data We Collect

Account data

When you register, we collect your name, email address, and password (stored as a one-way hash). If you enable two-factor authentication, we store an encrypted TOTP secret and recovery codes.

Team data

When you create or join a team, we store the team name, your role within the team, and the email addresses of invited members.

Billing data

Payments are processed by Stripe. We store your Stripe customer ID, payment method type, and the last four digits of your card. We do not store full card numbers — these are held by Stripe under their privacy policy.

Monitoring data

When you add a monitor, we store the URL you provide, your chosen check interval, and the monitor name. Each time we check a URL, we record the HTTP status code, response time, success/failure status, error messages, and the time of the check.

Technical and usage data

We automatically collect your IP address, browser user agent, and session activity when you use the Service. This data is stored in our session database and is used for security, authentication, and service improvement.

Analytics data

With your consent, we use Google Analytics to collect anonymised usage data such as pages visited, referral sources, and general geographic region. See our Cookie Policy for details.

3. How We Use Your Data

We use your personal data to:

  • Provide and operate the monitoring service
  • Authenticate you and secure your account
  • Process payments and manage subscriptions
  • Send transactional emails (team invitations, password resets, billing notifications)
  • Deliver real-time monitoring updates to your dashboard
  • Improve and develop the Service
  • Comply with legal obligations

4. Legal Bases for Processing

Under the UK GDPR and EU GDPR, we process your data on the following bases:

  • Contract: Processing necessary to provide the Service you signed up for (account management, monitoring, billing)
  • Legitimate interests: Securing the Service, preventing abuse, improving performance, and conducting analytics where these interests are not overridden by your rights
  • Consent: Analytics cookies and any marketing communications (you can withdraw consent at any time)
  • Legal obligation: Where we are required to retain data for tax, fraud prevention, or regulatory compliance

5. Who We Share Your Data With

We share data only with processors who help us deliver the Service:

Provider Purpose Data shared
Stripe Payment processing Name, email, billing address, payment method
Google Analytics Website analytics (with consent) Anonymised usage data, IP address (anonymised)
Bento Transactional email delivery Name, email address
Bunny Fonts Font delivery (GDPR-compliant CDN) IP address (not logged by Bunny)
Laravel Nightwatch Application performance monitoring Technical request and error data

We do not sell your personal data to third parties. We may disclose data if required to do so by law or to protect our legal rights.

6. Where Your Data Is Stored

Your data is stored and processed on servers located in the European Union. Some of our third-party processors (notably Stripe and Google) may process data outside the EU/UK. Where this occurs, transfers are protected by:

  • EU-US Data Privacy Framework (where the recipient is certified)
  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • UK International Data Transfer Agreement or Addendum, where applicable

7. How Long We Keep Your Data

  • Account data: Retained while your account is active. Deleted when you delete your account.
  • Monitor check data: Automatically pruned after 30 days by default. Paid plans may offer extended retention as described in the plan features.
  • Billing records: Retained for up to 7 years after the end of your subscription to comply with UK tax and accounting obligations.
  • Session data: Automatically expires based on session lifetime settings (currently 2 hours of inactivity).
  • Soft-deleted teams: Retained for a reasonable period to allow recovery, then permanently deleted.

8. Your Rights

Under the UK GDPR and EU GDPR, you have the right to:

  • Access — Request a copy of the personal data we hold about you
  • Rectification — Ask us to correct inaccurate or incomplete data
  • Erasure — Request deletion of your data (you can also delete your account directly in settings)
  • Restriction — Ask us to restrict processing of your data in certain circumstances
  • Portability — Receive your data in a structured, commonly used format
  • Objection — Object to processing based on legitimate interests
  • Withdraw consent — Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of prior processing

To exercise any of these rights, email us at hello@siteaudit.io. We will respond within one month.

9. Complaints

If you are unhappy with how we handle your data, you have the right to lodge a complaint with a supervisory authority:

  • UK: Information Commissioner's Office (ICO) — ico.org.uk
  • EU: Your local data protection authority

We would appreciate the chance to address your concerns first, so please contact us before filing a complaint.

10. Children

The Service is not intended for anyone under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected data from a child under 16, we will take steps to delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through the Service. The "last updated" date at the top of this page indicates when the policy was last revised.

12. Contact

For any privacy-related questions or requests, contact us at:

Robora Creative Ltd
hello@siteaudit.io