Skip to main content
← Back to Home

Privacy Policy

Last updated: November 27, 2025

1. Introduction

SiteRoast.ai ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website roasting platform.

We comply with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws.

2. Data Controller

SiteRoast.ai is the data controller responsible for your personal data. Contact us at:

SiteRoast.ai

Email: privacy@siteroast.ai

3. Information We Collect

3.1 Information You Provide

  • Account Information: Name, email address, profile picture (via OAuth)
  • Website URLs: URLs you submit for analysis
  • User Content: Reviews, comments, and votes you create
  • Payment Information: Processed securely by Stripe (we don't store card details)
  • Communications: Messages you send to our support team

3.2 Automatically Collected Information

  • Device Information: Browser type, operating system, device type
  • Usage Data: Pages visited, features used, time spent on platform
  • IP Address: For security, fraud prevention, and approximate location
  • Cookies: Essential and analytics cookies (see Cookie Policy)

3.3 Website Analysis Data

When you submit a URL for roasting, we collect:

  • Publicly accessible website content and metadata
  • Technical information (load times, SSL status, headers)
  • Screenshots of the website
  • AI-generated analysis results

4. Legal Basis for Processing (GDPR)

We process your data based on:

  • Consent: When you submit a URL or create an account, you consent to our processing of that data
  • Contract: Processing necessary to provide our services to you
  • Legitimate Interest: Analytics, security, and service improvement
  • Legal Obligation: When required by law

5. How We Use Your Information

  • Provide and maintain the Service
  • Process website analyses and generate roasts
  • Display results on the Wall of Shame (for free tier users)
  • Enable community features (voting, reviews)
  • Process payments and manage subscriptions
  • Send service-related notifications
  • Improve our AI models and algorithms
  • Prevent fraud and ensure security
  • Comply with legal obligations

6. Data Sharing

We share your data with:

6.1 Public Display

Free tier roast results are publicly displayed on the Wall of Shame. This includes the URL, scores, AI feedback, and community votes/reviews.

6.2 Service Providers

  • Hosting: Vercel (infrastructure)
  • Database: Neon/Supabase (PostgreSQL)
  • Authentication: OAuth providers (Google, GitHub)
  • Payments: Stripe
  • AI Processing: OpenAI
  • Analytics: PostHog (privacy-focused)

6.3 Legal Requirements

We may disclose data when required by law, court order, or to protect our rights and safety.

7. Your Rights (GDPR)

Under GDPR, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate personal data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Portability: Receive your data in a machine-readable format
  • Restriction: Limit how we process your data
  • Object: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent at any time

To exercise these rights, contact us at privacy@siteroast.ai. We will respond within 30 days.

8. Data Retention

  • Account Data: Retained until account deletion
  • Roast Results: Retained indefinitely unless removal requested
  • Analytics: Aggregated data retained for 2 years
  • Support Communications: Retained for 3 years
  • Payment Records: Retained as required by tax law (7 years)

9. International Transfers

Your data may be transferred to and processed in countries outside the EEA, including the United States. We ensure appropriate safeguards through:

  • Standard Contractual Clauses (SCCs)
  • Service providers with EU-US Data Privacy Framework certification

10. Cookies

We use:

  • Essential Cookies: Required for authentication and security
  • Analytics Cookies: To understand usage patterns (opt-out available)

We do NOT use advertising or tracking cookies.

11. Security

We implement appropriate technical and organizational measures to protect your data:

  • HTTPS encryption for all data in transit
  • Encrypted database storage
  • Regular security audits
  • Access controls and authentication
  • Employee training on data protection

12. Children's Privacy

Our Service is not intended for users under 16. We do not knowingly collect data from children. If you believe we have collected data from a child, contact us immediately.

13. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes via email or prominent notice on the Service.

14. Contact & Complaints

For privacy-related questions or to exercise your rights:

Email: privacy@siteroast.ai

You also have the right to lodge a complaint with your local data protection authority.

Terms of ServiceHome