Privacy Policy

Sitecraft respects the privacy of visitors, clients, prospective clients, vendors, contractors, and other individuals who interact with our website, services, communications, forms, proposals, contracts, billing systems, client portals, and related digital tools.

This Privacy Policy explains how Sitecraft collects, uses, stores, shares, protects, and otherwise processes personal information. It also explains the privacy rights that may be available to you depending on where you live.

This Privacy Policy is intended to provide a clear, meaningful, and reasonably accessible privacy notice. Virginia's Consumer Data Protection Act requires covered controllers to provide a privacy notice describing categories of personal data processed, purposes, consumer rights, categories shared with third parties, and third-party categories.

This Privacy Policy applies to personal information we collect through:

Sitecraft.app and related webpages; contact forms, discovery forms, quote forms, intake forms, booking tools, surveys, and client portals; email, phone, SMS, social media, and direct communications; proposals, contracts, invoices, payment workflows, and onboarding documents; analytics, cookies, pixels, advertising tools, and similar technologies; and services we provide to clients, including website strategy, design, development, hosting coordination, maintenance, SEO, analytics setup, content support, branding, marketing support, automations, and related digital services.

This policy does not replace the privacy policy of a client's own website. When Sitecraft builds, edits, hosts, manages, or supports a client website, the client may be the primary business/controller for personal information collected from that client's users, while Sitecraft may act as a service provider, processor, contractor, or vendor depending on the agreement and data involved.

We may collect the following categories of personal information:

A. Contact and Identity Information

Name, business name, email address, phone number, mailing address, job title, company role, social media handle, website URL, and other identifiers you provide.

B. Business and Project Information

Business goals, service interests, project scope, website requirements, brand assets, login or access details you choose to provide, business documents, design preferences, competitor examples, client notes, communications, revision requests, testimonials, and project feedback.

C. Payment and Transaction Information

Invoice records, payment status, billing address, transaction details, service package, subscription or retainer details, and related accounting information. Payment card or banking information may be processed by third-party payment processors and may not be stored directly by Sitecraft unless specifically disclosed.

D. Website, Device, and Usage Information

IP address, browser type, device type, operating system, referral source, pages viewed, buttons clicked, time spent on pages, approximate location derived from IP address, form interactions, analytics events, cookie IDs, and similar technical information.

E. Marketing and Communication Information

Email preferences, newsletter subscriptions, ad interactions, call notes, CRM activity, message history, campaign responses, meeting bookings, and unsubscribe or opt-out requests.

F. Client-Provided Content

Content, images, videos, logos, text, business information, customer testimonials, product/service descriptions, pricing information, staff bios, and other materials provided by clients for use in website or marketing projects.

G. Sensitive Information

We do not intentionally request sensitive personal information unless it is necessary for a specific service or voluntarily provided by you. Sensitive information may include data such as precise location, government identifiers, financial account access, health-related information, race, religion, biometric data, or information about children. Where applicable law requires consent before processing sensitive data, we will request consent or avoid collecting it. Virginia law requires consent for processing sensitive data under covered circumstances.

We may collect personal information from you directly; from your business, employees, contractors, or authorized representatives; from website forms, emails, calls, texts, meetings, and client portals; from analytics, advertising, cookies, and pixels; from social media platforms and public business listings; from payment processors, CRM tools, scheduling tools, hosting providers, and other vendors; and from publicly available sources such as company websites, search engines, business directories, and public social profiles.

Sitecraft may use personal information to:

Provide website design, development, hosting coordination, maintenance, SEO, branding, content, marketing, analytics, automation, and related services; respond to inquiries and prepare proposals, estimates, contracts, invoices, and onboarding materials; communicate with clients and prospects; manage projects, revisions, support requests, and deliverables; process payments and maintain accounting records; create, improve, test, secure, and maintain websites, client portals, and internal systems; personalize website experiences and understand how visitors use our website; send service updates, marketing communications, newsletters, and promotional materials; run advertising, retargeting, analytics, and campaign measurement; protect against fraud, spam, abuse, unauthorized access, and security incidents; comply with contracts, legal obligations, tax requirements, records retention obligations, and dispute resolution needs; enforce our agreements and protect Sitecraft's rights, clients, users, systems, and business operations.

The FTC recommends that businesses understand what personal information they collect, who can access it, how it moves through the business, and how long it is kept; it also advises collecting and retaining only what is needed for legitimate business purposes.

We may use cookies, pixels, tags, scripts, local storage, analytics tools, session replay tools, advertising IDs, and similar technologies to operate the website, remember preferences, understand traffic, improve performance, detect security issues, measure marketing campaigns, and show or measure advertisements.

These technologies may be provided by third parties such as analytics providers, advertising platforms, CRM tools, scheduling tools, hosting providers, and website optimization tools.

You may control cookies through your browser settings. Depending on your location and applicable law, you may also have the right to opt out of targeted advertising, sale, sharing, or certain profiling activities.

We may share personal information with:

Service providers, processors, contractors, vendors, and subcontractors who help us operate our business; hosting companies, domain registrars, DNS providers, website builders, CMS platforms, analytics providers, email platforms, CRM tools, scheduling tools, payment processors, project management systems, cloud storage providers, security tools, marketing platforms, automation platforms, and professional advisors; client-authorized vendors, integrations, plugins, and platforms used for a specific project; legal, tax, accounting, insurance, compliance, or business advisors; government authorities, courts, regulators, or law enforcement where required or permitted by law; parties involved in a merger, acquisition, financing, restructuring, sale of assets, bankruptcy, or similar business transaction.

We do not knowingly sell personal information for monetary consideration. However, some privacy laws define “sale,” “sharing,” or “targeted advertising” broadly, and certain analytics, advertising, retargeting, or pixel-based tools may be considered sharing or targeted advertising depending on the law. California law requires notice at or before collection and privacy policies that describe rights such as know, delete, correct, opt out of sale/share, limit sensitive information, and non-discrimination for covered businesses.

Payments may be processed through third-party payment processors. Sitecraft may receive payment confirmation, invoice status, billing details, transaction identifiers, and limited payment-related information. We do not intend to store full credit card numbers unless expressly stated and legally/contractually supported.

Payment processors have their own privacy and security practices. You should review their policies before submitting payment information.

When Sitecraft builds, manages, supports, or maintains a client website, we may access personal information collected by or on behalf of the client. This may include website form submissions, analytics, booking requests, customer inquiries, email records, CRM data, or other client-controlled information.

Unless otherwise stated in a written agreement, Sitecraft processes client website data only to provide services to the client, follow client instructions, maintain the website, troubleshoot issues, improve performance, support security, and fulfill contractual obligations.

Clients are responsible for ensuring their own websites, forms, cookie banners, tracking tools, marketing tools, privacy notices, terms, consent flows, and data practices comply with applicable law.

We retain personal information only as long as reasonably necessary for the purposes described in this policy, unless a longer retention period is required or permitted by law.

Retention periods may vary based on the type of information, the relationship, the project, legal requirements, tax/accounting obligations, security needs, backup cycles, dispute resolution needs, and contractual obligations.

Examples

• Client project records may be kept while the client relationship is active and for a reasonable period afterward.
• Billing and tax records may be kept as required by accounting and tax laws.
• Marketing records may be kept until you unsubscribe or request deletion, subject to legal exceptions.
• Website analytics data may be retained according to the settings of the analytics provider.
• Backup copies may remain for a limited period before deletion through normal backup rotation.

We use reasonable administrative, technical, and physical safeguards designed to protect personal information from unauthorized access, disclosure, alteration, misuse, loss, or destruction.

Security measures may include access controls, password protections, multi-factor authentication where practical, encrypted connections, vendor review, limited access based on business need, secure storage practices, employee/contractor confidentiality expectations, monitoring, backups, and incident response procedures.

No website, system, or transmission method is 100% secure. You are responsible for using strong passwords, protecting account access, limiting unnecessary sharing of sensitive information, and notifying us promptly if you believe information shared with Sitecraft has been compromised.

The FTC specifically warns that cybercriminals target companies of all sizes and recommends small businesses review cybersecurity practices, staff training, vendor questions, phishing protection, ransomware protection, and email authentication.

Depending on where you live and whether a specific privacy law applies, you may have the right to:

• Know or confirm whether we process your personal information
• Access the personal information we maintain about you
• Request correction of inaccurate personal information
• Request deletion of personal information
• Request a portable copy of certain personal information
• Opt out of sale, sharing, targeted advertising, or certain profiling
• Limit use or disclosure of sensitive personal information
• Withdraw consent where processing is based on consent
• Appeal a denied privacy request
• Not be discriminated against for exercising privacy rights

Virginia consumers covered by the Virginia Consumer Data Protection Act have rights to access, correct, delete, obtain a portable copy, and opt out of targeted advertising, sale of personal data, or certain profiling.

To submit a privacy request, contact us at:

Email: privacy@sitecraft.app (Subject Line: Privacy Request)

Mail: 2108 N St Ste N, Sacramento, CA 95816 US

We may need to verify your identity before fulfilling a request. We may deny or limit a request where allowed by law, including when we cannot verify your identity, the request conflicts with legal obligations, the information is needed to complete a transaction, protect security, prevent fraud, comply with law, exercise legal rights, or maintain records required for legitimate business purposes.

This section applies only if Sitecraft is subject to the California Consumer Privacy Act, as amended, or if we choose to honor similar rights voluntarily.

The CCPA applies to for-profit businesses doing business in California that meet certain thresholds, including over $25 million in gross annual revenue, buying/selling/sharing personal information of 100,000 or more California residents or households, or deriving 50% or more of annual revenue from selling California residents' personal information.

California residents may have the right to know, delete, correct, opt out of sale or sharing, limit certain sensitive information uses, and be free from discrimination for exercising their rights.

Categories Collected

We may collect identifiers, commercial information, internet or network activity, geolocation derived from IP address, professional or employment-related information, audio/electronic communications when you contact us, and inferences related to service interests or marketing preferences.

Categories Shared

We may disclose personal information to service providers, contractors, analytics providers, advertising platforms, payment processors, hosting providers, professional advisors, and client-authorized vendors.

Sale or Sharing

We do not knowingly sell personal information for monetary consideration. We may use analytics, pixels, or advertising tools that could be considered “sharing” or targeted advertising under certain laws.

Do Not Sell or Share

To opt out of sale, sharing, or targeted advertising, contact us at privacy@sitecraft.app with the subject line: Do Not Sell or Share Request. Where technically available, we may also honor Global Privacy Control signals.

Some state privacy laws provide rights to access, correct, delete, download, and opt out of sale, targeted advertising, or certain profiling. Colorado's privacy law requires covered controllers to provide privacy notices describing types of personal data processed, purposes, third-party sharing, and rights methods, and it requires clear disclosure where personal data is sold or processed for targeted advertising.

Where a state privacy law applies to Sitecraft, we will respond to valid requests as required by that law.

We may send marketing emails, newsletters, updates, offers, service announcements, or educational content. You can unsubscribe from marketing emails by using the unsubscribe link in the email or contacting us directly.

Transactional or service-related communications, such as invoices, project updates, contract notices, security notices, and support messages, may still be sent even if you unsubscribe from marketing.

The CAN-SPAM Act requires commercial emails to include a clear way to opt out, and businesses must honor opt-out requests within 10 business days.

If you provide your phone number, we may contact you about inquiries, estimates, project updates, scheduling, support, billing, or services. We may also send marketing messages only where permitted by law and consent requirements.

You may opt out of SMS marketing by replying STOP where applicable or by contacting us directly. Message and data rates may apply.

Sitecraft's website and services are not directed to children under 13. We do not knowingly collect personal information from children under 13. If we learn that we collected personal information from a child under 13 without required consent, we will take reasonable steps to delete it.

COPPA applies to operators of websites or online services directed to children under 13 and to operators with actual knowledge that they collect personal information online from a child under 13.

Sitecraft may use AI-assisted tools, automation platforms, code assistants, design tools, content tools, analytics tools, or workflow tools to support internal operations and client services.

We do not intentionally use sensitive personal information in AI tools unless necessary, authorized, and appropriate for the service. Clients should not submit confidential, regulated, sensitive, or legally restricted information unless necessary for the project and approved under the applicable agreement.

AI-assisted outputs may require human review before publication, especially for legal, medical, financial, compliance, technical, or client-facing claims.

Sitecraft is based in the United States. If you access our website or services from outside the United States, your information may be processed in the United States or other countries where our vendors operate.

If the GDPR, UK GDPR, or similar laws apply, you may have additional rights, including access, correction, deletion, restriction, portability, objection, withdrawal of consent, and the right to lodge a complaint with a supervisory authority. The European Commission describes GDPR as providing rights over personal data and obligations for businesses and organizations that process it.

Unless expressly stated otherwise, Sitecraft does not intentionally target services to residents of the European Economic Area, United Kingdom, or Switzerland.

Our website or client projects may link to third-party websites, platforms, plugins, forms, payment processors, scheduling tools, social media platforms, analytics tools, maps, embedded videos, or other services.

We are not responsible for the privacy practices, security, content, or policies of third parties. Your use of third-party services is governed by their own terms and privacy policies.

If you provide a testimonial, review, logo, project result, screenshot, website link, or case study material, we may use it for marketing, portfolio, sales, social media, website, or advertising purposes with your consent or as allowed by contract.

Clients should not provide personal information, confidential information, or third-party information for publication unless they have the right to share it.

If Sitecraft is involved in a merger, acquisition, sale of assets, financing, restructuring, bankruptcy, or similar transaction, personal information may be transferred or disclosed as part of that transaction, subject to applicable law and reasonable confidentiality protections.

We may use or disclose personal information when we believe it is reasonably necessary to comply with law, legal process, subpoenas, court orders, regulatory requests, law enforcement requests, tax obligations, contractual obligations, fraud prevention, security investigations, dispute resolution, or protection of Sitecraft's rights, property, clients, users, team members, systems, and business operations.

We may update this Privacy Policy from time to time. The updated version will be posted on this page with a revised “Last Updated” date. Material changes may be communicated by additional notice where required by law.

Your continued use of our website or services after an updated Privacy Policy is posted means you acknowledge the updated policy.

For questions, privacy requests, opt-out requests, or concerns, contact:

Sitecraft LLC

Email: privacy@sitecraft.app

Mailing Address: 2108 N St Ste N, Sacramento, CA 95816 US

Website: sitecraft.app