Privacy Policy

Last updated: May 2, 2026

This policy describes how sitegen ("we", "us") collects, uses, and protects information when you use our service. We are an AI-driven website-building service operated by Matt Dye (mattdyeengr@gmail.com).

If you disagree with this policy, do not use the service.

What we collect

When you use sitegen, we collect:

Your email address and the contents of emails you send us. This is how you communicate change requests for your website.
Your business website's content (HTML, CSS, JS, images you provide). We host and modify this on your behalf.
OAuth tokens for connected social accounts (Instagram, Facebook Pages, TikTok, Google Business Profile) when you choose to connect them via our onboarding flow. We never see or store your social-platform passwords; we only hold the tokens those platforms issue to us with your explicit consent.
Public business data retrieved from connected accounts: your business name, address, phone, hours, photos, recent posts, profile bio, ratings, reviews. We use this to populate your website with accurate, current information.
Operational logs of which emails were processed, when, and what changes were made. Used for billing and troubleshooting.

We do NOT collect:

Your social-account passwords or login credentials.
Private direct messages, follower lists, or any data that requires permissions beyond what your OAuth grant explicitly authorizes.
Browsing or analytics data about visitors to your site (we do not install tracking pixels by default).
Payment-card details — billing happens via separate invoicing.

How we use what we collect

To edit your website. Your email contents, your stored OAuth-derived business data, and your existing site content are sent to Anthropic's Claude AI service so Claude can interpret your request and make the corresponding edits.
To deploy your website. Edited files are pushed to Cloudflare Pages, where they are served to your visitors.
To bill you. Operational logs let us calculate the per-email charge. We send a single monthly invoice covering all charges.
To send you confirmation replies. Each successful (or failed) edit triggers an automated email back to you summarizing what changed.

We do NOT:

Sell or rent your data to third parties.
Use your data to train AI models. Anthropic's API service (which we use) does not train models on customer-submitted content; see Anthropic's privacy policy.
Share your data with anyone except the third-party services listed below, each of which is needed to deliver the service.

Third parties we share data with

Service	Why	Their privacy policy
Anthropic (Claude AI)	Interprets your email and generates the edits	anthropic.com/legal/privacy
Cloudflare (Pages, Registrar, Workers)	Hosts your website and our infrastructure	cloudflare.com/privacypolicy
Google (Gmail API, Places API)	Processes inbound/outbound email and Google Business Profile data	policies.google.com/privacy
Composio (or successor OAuth gateway)	Manages secure storage and refresh of your social-account OAuth tokens	composio.dev/privacy
Meta (Facebook + Instagram Graph API)	Returns your connected Page and Instagram data when you authorize us	facebook.com/privacy/policy
TikTok Business API	Returns your connected TikTok data when you authorize us	tiktok.com/legal/privacy-policy

Data retention

Emails and edit history — kept for the lifetime of your account plus 90 days, for billing and rollback purposes.
OAuth tokens — kept until you revoke access (either through us or directly on the platform's side).
Site content — kept until you instruct us to delete the site or stop service.
Operational logs — kept for 12 months, then automatically purged.

Your rights

You can:

Request a copy of all data we hold about you. Email mattdyeengr@gmail.com with subject "DATA EXPORT REQUEST".
Request deletion of your data. Email mattdyeengr@gmail.com with subject "DELETE MY DATA". We will delete within 30 days, except where retention is required by law.
Revoke any OAuth grant you previously gave us, either by emailing us or by removing our app from your account on the relevant platform (Meta Business Suite, Google Account permissions, TikTok app settings).
Stop service at any time. Email us with "CANCEL SERVICE" in the subject. We will stop processing immediately and delete your data within 30 days unless you request export first.

If you are a resident of California, the EU, or other jurisdictions with specific data-rights laws (CCPA, GDPR), the rights above apply to you regardless of those laws — we treat all customers the same. For GDPR purposes, our lawful basis for processing is performance of contract (you've contracted us to build and update your website).

Security

All data in transit uses TLS 1.2+.
OAuth tokens are stored encrypted at rest with file-system-level permissions restricting access to the operator account only.
We do not share credentials between customers; each customer's OAuth tokens are scoped to that customer's site.
We do not have access to any data on your platforms beyond what your OAuth grant explicitly permits.

Children's data

Sitegen is a B2B service for business owners. We do not knowingly collect data from individuals under 13. If you believe we have, contact us and we will delete it.

Changes to this policy

We may update this policy. The "Last updated" date at the top will reflect any changes. For material changes (e.g., new data categories collected, new third-party processors), we will notify all active customers via email at least 30 days before the change takes effect.

Contact

Questions about this policy:

Email: mattdyeengr@gmail.com
Subject prefix: [PRIVACY]

We respond to privacy inquiries within 5 business days.