Privacy Policy

1. Who We Are

SiteCheck is operated by AirDev LLC. This policy explains how we collect, use, and protect your information when you use our website auditing and monitoring service.

2. Information We Collect

Information you provide

• Email address (at checkout and for magic link authentication)
• Website URL(s) you submit for auditing or monitoring
• Payment information (processed by Stripe; we never see or store card numbers)

Information from scans

• DNS records (SPF, DKIM, DMARC, CAA, NS) for your submitted domain
• HTTP response headers from your website
• SSL certificate details (issuer, expiry date)
• Google Lighthouse scores (performance, accessibility, SEO, best practices)
• Blacklist check results
• Uptime check results and response times

Remediation credentials (if provided)

If you purchase remediation services and provide hosting credentials (e.g., Cloudflare API token, SSH access), these are encrypted at rest using AES-256-GCM and automatically purged after 7 days. Access to credentials is logged and auditable.

3. How We Use Your Information

• To perform website audits and generate reports
• To monitor your website uptime and send alerts
• To process payments via Stripe
• To send you audit reports, alerts, and account communications
• To improve our service (aggregate, anonymized usage data only)

We do not sell, rent, or share your personal information with third parties for marketing purposes.

4. Read-Only Scans

All SiteCheck audits are read-only. We observe publicly available information about your website (DNS records, HTTP headers, page performance). We do not modify your website, server configuration, or DNS records during an audit. Remediation actions are only taken with your explicit consent and provided credentials.

5. Third-Party Services

We use the following third-party services to operate SiteCheck:

• Stripe — payment processing (privacy policy)
• Supabase — database hosting (privacy policy)
• Vercel — application hosting (privacy policy)
• Resend — transactional email (privacy policy)
• UptimeRobot — uptime monitoring (privacy policy)
• Google Lighthouse — performance scoring (public API, no account data shared)

6. Data Retention

• Audit reports are retained indefinitely for your reference
• Remediation credentials are encrypted and auto-purged after 7 days
• Account data is retained while your account is active
• Upon request, we will delete all your data within 30 days

7. Your Rights

You may request access to, correction of, or deletion of your personal data at any time by emailing hello@airdev.us. California residents have additional rights under the CCPA, including the right to know what data we collect and the right to opt out of data sales (we do not sell data).

8. Cookies

SiteCheck uses minimal cookies: a session cookie for dashboard authentication (magic link login) and cookies set by Stripe during checkout. We do not use tracking cookies, analytics cookies, or advertising cookies.

9. Contact

For privacy questions or data requests, email hello@airdev.us.