Privacy Policy — SiteKick
Last updated: August 29, 2025
This Privacy Policy describes how SiteKick (we, us, or our) collects, uses, discloses, and protects Personal Data through https://sitekick.app (the Site or the Service). We are headquartered in Bengaluru, India and also conduct business in Dublin, Ireland. This Policy explains your rights and how to exercise them. Please read it carefully.
1. Scope & Applicability
This Policy applies to all users of the Site and Services, including visitors, registered users, customers, and other individuals whose Personal Data we process. It covers Personal Data collected online through our websites, applications, forms, chatbots, and related interactions.
2. Definitions
- Personal Data — information that identifies or can reasonably identify an individual.
- Processing — any operation performed on Personal Data (collection, storage, use, disclosure, deletion).
- Controller — the entity that determines the purposes and means of Processing Personal Data. SiteKick is a Controller for Personal Data collected in connection with its Services.
- Processor — a third party which processes Personal Data on our behalf (for example, payment processors and email providers).
3. Types of Personal Data We Collect
We collect a range of Personal Data depending on how you use the Site and Services. Typical categories include:
- Account & Identity Data: name, username, email address, profile information, and other identifiers you provide when you create an account.
- Contact & Billing Data: billing address, payment instrument identifiers (e.g., card tokenized by our payment processor), transaction history and invoices.
- Device & Usage Data: IP address, device identifiers, browser and operating system, referral and navigation information, pages visited, session duration, and other analytics produced automatically when you interact with the Service.
- Location Data: coarse location inferred from IP address or location data you expressly provide through device permissions.
- Communications & Content: contents of messages, chatbot interactions, contact form submissions, support tickets, and other communications.
- Cookies & Tracking Data: identifiers stored in cookies, local storage or similar technologies (see the Cookies section below).
- Sensitivity Notice: we do not knowingly request or retain Special Category Data (e.g., racial or health data). Do not submit such information to us. If we become aware that we hold Special Category Data, we will securely delete it unless required to retain it by law.
4. How We Collect Personal Data
We obtain Personal Data from the following sources:
- Directly from You: when you register, purchase, subscribe, contact us, complete forms, or use chatbots.
- Automatically: via cookies, log files, analytics and similar technologies when you visit or use the Site.
- From Third Parties: service providers and partners (e.g., payment processors, email platforms, analytics providers) who provide information necessary for the Service.
5. Purposes of Processing & Legal Bases
We use Personal Data for the following purposes. Where applicable, we identify the legal basis for Processing under the European General Data Protection Regulation (GDPR):
- Service delivery & Contract performance. Creating accounts, providing features, processing payments, delivering purchases and invoices. (Legal basis: performance of a contract).
- Account administration & Support. Responding to support requests, security alerts, and account management. (Legal basis: legitimate interests and contract).
- Communications. Sending transactional emails (receipts, notifications) and, with consent, marketing emails. (Legal basis: consent for marketing; contractual/legitimate interests for transactional).
- Analytics & Product Improvement. Measuring performance, diagnosing issues, and improving product features. (Legal basis: legitimate interests).
- Fraud prevention & Security. Detection, prevention and mitigation of fraud or abuse. (Legal basis: legitimate interests and compliance with legal obligations).
- Legal compliance & enforcement. Responding to law enforcement, legitimate legal process, protecting rights and preventing fraud. (Legal basis: compliance with legal obligations).
6. Third-Party Processors and Service Providers
We engage trusted third-party companies to provide specialized services. These entities process Personal Data on our behalf as Processors. Key categories and examples include (this list is illustrative and may be updated):
- Payment Processors: Razorpay (or other processors) for secure payment handling and transaction tokenization.
- Email & Marketing: Mailchimp, or similar providers for email delivery, campaign management and subscription lists.
- Analytics & Performance: Google Analytics, Google Tag Manager, and meta/Facebook pixels for site analytics and advertising measurement.
- Infrastructure & Hosting: Amazon Web Services (AWS) for hosting, storage and compute resources.
- Customer Messaging & Chat: chatbot platforms and customer relationship tools used to provide real-time help and capture leads.
We require our Processors to implement appropriate technical and organizational safeguards and act only on our documented instructions. Where contractual protections or adequate transfer mechanisms are required for cross-border data transfers, we implement appropriate safeguards (e.g., standard contractual clauses, data processing agreements, or other lawful mechanisms).
7. International Transfers
Because our operations and certain Processors operate internationally, Personal Data may be transferred to, stored, or processed in jurisdictions outside your country (including India, Ireland, and the United States). Where transfers take place, SiteKick will ensure appropriate safeguards are applied consistent with applicable law (e.g., EU Standard Contractual Clauses or other lawful transfer mechanisms) or rely upon an adequacy decision where available.
8. Retention Policy
We retain Personal Data only for as long as necessary to fulfill the purposes described in this Policy, comply with legal obligations, resolve disputes, and enforce agreements. Typical retention periods:
- Account and transactional data: retained while the account is active and for up to 7 years after account closure to meet tax and legal obligations, unless a different period is required by law.
- Support and communications: retained for the period necessary to respond to requests and for quality assurance (typically 2–5 years).
- Analytics and logs: retained in aggregated or pseudonymized form where possible; raw logs may be retained for up to 2 years for security and debugging purposes.
If you request deletion of your Personal Data, we will delete data subject to applicable legal obligations and legitimate retention needs (for example, to prevent fraud or to comply with tax law).
9. Cookies & Tracking Technologies
We use cookies, pixels and similar technologies to operate our Site and Services, analyze usage, personalize content and ads, and provide social features. Types of cookies include:
- Essential & cookies: required for core functionality (authentication, session management).
- Performance & analytics cookies: to measure and improve the Site (e.g., Google Analytics).
- Advertising & targeting cookies: to deliver relevant ads and measure campaign performance.
You may disable or delete cookies through your browser settings, but doing so may degrade your experience or make parts of the Site inaccessible.
10. Security Measures
We implement reasonable technical and organizational measures to protect Personal Data against unauthorized access, use, alteration, and destruction. Security practices include:
- Encryption in transit using TLS, and encryption at rest for sensitive information where feasible.
- Access controls, least privilege principles, and regular security reviews.
- Periodic penetration testing and vulnerability scanning of systems and dependencies.
- Incident response procedures and breach notification protocols in accordance with applicable law.
While we strive to protect Personal Data, no security system is impenetrable. You play a role in securing your account by using a strong password and safeguarding credentials.
11. Your Rights (EU/EEA, UK and certain other jurisdictions)
Depending on your jurisdiction, you may have the following rights regarding your Personal Data:
- Right to access the Personal Data we hold about you.
- Right to rectify inaccurate or incomplete data.
- Right to erase (right to be forgotten) where legal requirements are met.
- Right to restrict or object to processing in certain circumstances.
- Right to data portability where processing is based on consent or contract and processing is carried out by automated means.
- Right to withdraw consent at any time (where processing is based on consent).
To exercise these rights, contact us using the details in the Contact section. We may require verification to process requests and will respond within applicable legal timeframes.
12. California Consumer Privacy Act (CCPA) / California Privacy Rights
If you are a California resident, you have additional rights under the CCPA, including the right to request access to and deletion of Personal Data, and the right to opt-out of the sale of Personal Data. SiteKick does not knowingly sell Personal Data as defined under the CCPA. To exercise CCPA rights, please contact us.
13. Indian Data Protection & Other Local Laws
SiteKick is governed by Indian laws and applicable international privacy regimes when dealing with users in other jurisdictions. We will comply with lawful requests from courts, government agencies or regulators and retain records to satisfy obligations under tax, corporate and other applicable legislation in India and other jurisdictions where we operate.
14. Children
Our Service is not directed to children under 18. We do not knowingly collect Personal Data from minors. If you become aware of a minor's Personal Data provided to us, please contact us and we will take steps to delete it.
15. Advertising & Third‑Party Content
Third-party advertising technologies may be present on the Site. These parties may use cookies and similar technologies to collect information about your browsing activities. We do not control third-party tracking and recommend reviewing the privacy policies of those third parties for more information.
16. Data Breach Notification
In the event of a confirmed data breach affecting Personal Data, SiteKick will follow applicable breach notification requirements, including notifying affected individuals and regulators as required by law, and will take reasonable steps to mitigate harm.
17. Disclosures & Law Enforcement
We may disclose Personal Data in response to lawful requests by public authorities, to comply with applicable laws, enforce our Terms of Service, protect our rights, or to respond to an emergency. We will seek to limit disclosures to the minimum required and will object to overly broad or non‑compliant requests where permitted by law.
18. Account Deletion & Data Portability
You may request deletion of your account and Personal Data, subject to our ability to retain certain information to comply with legal obligations (tax, accounting, fraud prevention) or for legitimate business purposes. We will also provide a machine-readable copy of your Personal Data in standard formats (e.g., JSON or CSV) on request where legally required.
19. Links to Other Sites
Our Site may contain links to third-party sites that are not under our control. This Policy does not apply to the practices of those sites. Review the privacy notices of any third-party sites you visit.
20. Changes to this Privacy Policy
We reserve the right to modify this Privacy Policy at any time. For material changes, we will provide prominent notice (e.g., email or site notice). Your continued use after such changes constitutes acceptance of the revised Policy.
21. Contact & Data Protection Officer
To exercise your rights, ask questions, or make a complaint, please contact us:
- Email: [email protected]
- Address: SiteKick, Bengaluru, Karnataka, India
If you are located in the EU/EEA, you may have the right to lodge a complaint with your local data protection authority. In Ireland, the Data Protection Commission (DPC) is the supervisory authority for many cross-border processors and controllers.
22. Disclaimer & Limitation of Liability
This Privacy Policy does not constitute legal advice. While SiteKick makes commercially reasonable efforts to safeguard data, we cannot guarantee absolute security. To the fullest extent permitted by applicable law, SiteKick's liability arising from any breach of this Policy or loss of Personal Data is limited as set forth in our Terms of Service.
