Privacy Policy

1. Introduction

SiteYak ("we", "us", or "our") operates the SiteYak service, which provides AI-powered chat widgets for websites. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our service, either as a site owner (customer) or as a visitor to a website that has installed the SiteYak widget.

Please read this policy carefully. By using SiteYak, you agree to the practices described here. If you do not agree, please discontinue use of the service.

2. Information we collect

2.1 Information you provide (site owners)

• Account information: name, email address, and password when you register.
• Billing information: payment card details processed securely by Stripe. We do not store card numbers.
• Site configuration: your website URL, branding choices, and widget settings.
• Content you index: the text content of pages you choose to index.

2.2 Information collected automatically (site owners)

• Usage data: pages visited within the SiteYak dashboard, features used, and conversation counts.
• Log data: server logs including IP address, browser type, and access timestamps.

2.3 Information collected from widget visitors

• Chat messages: the content of conversations initiated through the SiteYak widget.
• Session identifiers: anonymous session tokens stored in browser sessionStorage to maintain conversation continuity. These are not linked to any personal identity.
• We do not collect visitor IP addresses, device identifiers, or any information beyond the content of the chat conversation.

3. How we use your information

We use the information we collect to:

• Provide, operate, and maintain the SiteYak service.
• Process billing and send account-related communications.
• Generate AI-powered responses to visitor chat messages using the content you have indexed.
• Monitor service performance, detect abuse, and improve reliability.
• Send service notifications, including cap alerts and system updates.
• Comply with legal obligations.

We do not sell your data or use it for advertising purposes.

4. Data sharing and disclosure

We share data only as follows:

• Anthropic: Chat conversation content is processed by Anthropic's Claude API to generate responses. Anthropic does not use API data to train its models by default. See Anthropic's privacy policy.
• Stripe: Billing and payment information is handled by Stripe. See Stripe's privacy policy.
• Resend: Transactional emails (account notifications, cap alerts) are sent via Resend.
• Cloudflare: Our CDN and infrastructure provider. Web traffic may pass through Cloudflare's network.
• Legal requirements: We may disclose information if required by law, court order, or to protect the rights and safety of SiteYak, its customers, or the public.

5. AI processing

The SiteYak widget uses Anthropic's Claude model to generate responses to visitor questions. When a visitor sends a message, that message — along with relevant context from your indexed content — is sent to Anthropic's API to produce a response.

Anthropic is an AI safety company. Under its standard API terms, conversation data is not used to train Anthropic's models. You can review Anthropic's data handling practices at anthropic.com/privacy.

As a site owner, you are responsible for ensuring that the content you index and the use of AI-generated responses complies with applicable laws and your own terms of service.

6. Cookies and tracking

The SiteYak dashboard uses session cookies for authentication. We do not use third-party advertising or analytics cookies.

The SiteYak widget uses browser sessionStorage (not cookies) to maintain conversation state for the duration of a browser session. This data is not transmitted to any server and is cleared when the visitor closes their browser tab.

7. Data retention

• Conversation logs: retained for 90 days from the date of the conversation, then automatically deleted.
• Indexed content: retained until you delete the document from your dashboard or close your account.
• Account information: retained until you request deletion of your account.
• Billing records: retained for as long as required by applicable law (typically 7 years).

8. Your rights

Depending on your location, you may have rights under applicable data protection law (including GDPR, UK GDPR, or the CCPA) including:

• The right to access personal data we hold about you.
• The right to correct inaccurate personal data.
• The right to request deletion of your personal data.
• The right to restrict or object to certain processing.
• The right to data portability.
• The right to withdraw consent where processing is based on consent.

To exercise any of these rights, please contact us at privacy@siteyak.ai. We will respond within 30 days.

9. International data transfers

SiteYak is operated from [TODO: jurisdiction]. Your data may be processed in countries other than your own, including the United States, where our infrastructure providers and sub-processors operate. We take steps to ensure appropriate safeguards are in place for any international transfers.

10. Children's privacy

The SiteYak service is not directed at children under 13 (or under 16 in the EU). We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us immediately.

11. Changes to this policy

We may update this Privacy Policy from time to time. We will notify site owners of material changes by email or by posting a notice in the dashboard. The updated policy will be effective as of the date shown at the top of this page. Continued use of SiteYak after any changes constitutes acceptance of the revised policy.

12. Contact us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact: