Privacy Policy

Last updated: 21 February 2026 | SiteBirds | hello@sitebirds.com

This Privacy Policy describes how SiteBirds ("we", "us", or "our") collects, uses, and protects your personal data when you use our platform at https://sitebirds.com. We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

1. Data Controller

The data controller responsible for your personal data is:

Company: SiteBirds
Trade name: SiteBirds
Chamber of Commerce (KvK): 99427303
VAT number: NL003763373B79
Address: The Netherlands
Email: hello@sitebirds.com

For privacy-related enquiries or to exercise your rights, please contact us at hello@sitebirds.com.

2. Data We Collect

2.1 Account data

When you register and use SiteBirds, we collect:

Name and surname
Email address
Phone number (optional)
Business name, sector, and location
Account credentials (password stored as a salted hash)

2.2 Payment data

Payments are processed by Stripe. We do not store your full card number, CVV, or banking details on our servers. We receive and store only a payment token, the last four digits of your card, card type, and billing status from Stripe.

2.3 Website content data

To generate your website, we process the business information you provide, such as business description, services, opening hours, contact details, and any text or images you upload. This data is sent to Anthropic's AI systems for content generation and is stored on our servers to enable your website to function.

2.4 Usage data

We automatically collect technical data when you use our platform:

IP address and approximate location (country/city level)
Browser type and version
Operating system
Pages visited, time spent, click events
Server access logs (retained for 30 days)

2.5 Cookies

We use the following types of cookies:

Functional cookies: Session cookies required for login and account management (no consent required)
Analytics cookies: Google Analytics / Google Tag Manager — to understand how visitors use our site (consent required)

You can manage or withdraw your cookie consent at any time. See Section 8 for more details.

3. Purposes and Legal Basis for Processing

Purpose	Data used	Legal basis (GDPR)
Providing and operating the service	Account data, content data	Art. 6(1)(b) — performance of a contract
Processing payments and billing	Payment data, account data	Art. 6(1)(b) — performance of a contract
AI-powered website generation	Business content data	Art. 6(1)(b) — performance of a contract
Sending service notifications and updates	Email address	Art. 6(1)(b) — performance of a contract
Marketing communications (opt-in only)	Email address, name	Art. 6(1)(a) — consent
Analytics and platform improvement	Usage data, cookies	Art. 6(1)(a) — consent
Fraud prevention and security	IP addresses, usage data	Art. 6(1)(f) — legitimate interests
Compliance with legal obligations	Account data, payment data	Art. 6(1)(c) — legal obligation

4. Data Processors (Sub-processors)

We share your data with the following trusted third-party processors, each bound by GDPR-compliant data processing agreements:

Processor	Purpose	Location
Anthropic	AI content generation using Claude	United States
Stripe	Payment processing and subscription management	United States / EU
Brevo (formerly Sendinblue)	Transactional email (account notifications)	European Union
Hetzner	Server hosting and infrastructure	European Union (Germany)
Google Analytics / GTM	Website analytics (consent-based)	United States / EU

We do not sell your personal data to third parties. We do not share your data with parties other than those listed above, except when required by law.

5. International Data Transfers

Some of our sub-processors, specifically Anthropic and Stripe, operate in the United States. When we transfer your personal data to the US, we rely on the European Commission's Standard Contractual Clauses (SCCs) as the legal mechanism for the transfer, which provide adequate safeguards for your data.

When your business information is sent to Anthropic for AI processing, it is subject to Anthropic's data handling practices in addition to our contractual safeguards. We recommend reviewing Anthropic's Privacy Policy for further details.

6. Data Retention

Data category	Retention period
Account and profile data	Until account deletion + 30 days
Website content and generated files	Until subscription ends + 30 days
Payment records and invoices	7 years (Dutch tax law requirement)
Server access logs (IP addresses)	30 days
Analytics data (aggregated)	26 months (Google Analytics default)
Email communication logs	2 years

7. Your Rights Under GDPR

As a data subject under the GDPR, you have the following rights regarding your personal data:

Right of access Request a copy of all personal data we hold about you

Right to rectification Request correction of inaccurate or incomplete data

Right to erasure Request deletion of your personal data ("right to be forgotten")

Right to restriction Request that we limit how we process your data

Right to data portability Receive your data in a structured, machine-readable format

Right to object Object to processing based on legitimate interests or for direct marketing

Right to withdraw consent Withdraw any previously given consent at any time

Right to lodge a complaint File a complaint with the supervisory authority

To exercise any of these rights, please contact us at hello@sitebirds.com. We will respond within 30 days.

8. Cookies

Functional cookies (no consent required)

These cookies are strictly necessary for the operation of our platform and cannot be disabled:

Session cookie: Keeps you logged in during your session
CSRF token: Prevents cross-site request forgery attacks

Analytics cookies (consent required)

With your consent, we use Google Analytics (via Google Tag Manager) to collect aggregated, anonymised data about how visitors use our website. This helps us improve the platform. You can opt out by:

Declining analytics cookies when the consent banner appears
Installing the Google Analytics opt-out browser extension
Adjusting your browser privacy settings

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

TLS encryption for all data in transit
Encrypted storage of passwords (bcrypt hashing)
Access controls and role-based permissions
Regular security reviews
Hosting on ISO 27001-certified infrastructure (Hetzner, Germany)

In the event of a personal data breach that is likely to result in a risk to your rights, we will notify the relevant supervisory authority within 72 hours and, where required, notify affected individuals without undue delay.

10. Complaints

If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with your national data protection supervisory authority:

Netherlands: Autoriteit Persoonsgegevens (AP) — autoriteitpersoonsgegevens.nl
Germany: Bundesbeauftragter für den Datenschutz (BfDI)
France: Commission nationale de l'informatique et des libertés (CNIL)
Spain: Agencia Española de Protección de Datos (AEPD)
Italy: Garante per la protezione dei dati personali
Poland: Urząd Ochrony Danych Osobowych (UODO)

We encourage you to contact us first at hello@sitebirds.com so we can resolve your concern directly.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by email and/or via a notice on the platform at least 14 days before the changes take effect. The updated policy will always show the date of the last revision at the top of this page.

12. Contact

For any questions, requests, or concerns about this Privacy Policy or the handling of your personal data, please contact us:

Email: hello@sitebirds.com
Website: https://sitebirds.com
Address: The Netherlands