Skip to main content

Home › Privacy Policy

Privacy Policy

Effective date: March 28, 2026 · Last updated: May 1, 2026

1. Introduction

Sitelite ("we," "us," or "our") operates sitelite.com and related subdomains (the "Service"). This Privacy Policy explains how we collect, use, and protect information when you use the Service.

By using Sitelite, you agree to the collection and use of information in accordance with this policy. If you represent an organization using Sitelite to collect registrant data, you are a data controller for that data and Sitelite is your data processor.

2. Data We Collect

We collect information in the following categories:

  • Account data: Name, email address, and organizational information provided when creating an account.
  • Registrant data: Personal information collected by organizations through Sitelite registration forms, including names, dates of birth, email addresses, phone numbers, emergency contacts, dietary restrictions, and medical notes. This data is collected by the organization and processed by Sitelite on their behalf.
  • Payment data: Payment transactions are processed by Stripe. Sitelite does not store card numbers or full payment credentials. We retain transaction metadata (amount, timestamp, status) for accounting and support purposes.
  • Usage data: Server logs, IP addresses, browser type, pages visited, and timestamps collected automatically when you use the Service.
  • Waiver signatures: Typed name, timestamp, IP address, and the exact text of any waiver at the time of signing. These records are retained permanently for legal compliance.
  • Participant access tokens: Registrants ("participants") authenticate via magic-link tokens emailed to them - we do not store passwords for participants. Tokens are scoped to a registration and expire on use or after a configurable window.
  • Currency & locale: Each organization is assigned a billing currency at first Stripe Connect (USD, GBP, or EUR). Detected country (via Cloudflare's CF-IPCountry header) is used to pre-fill onboarding; it is not retained.

3. How We Use Your Data

We use the data we collect to:

  • Provide, operate, and improve the Service
  • Send transactional emails (registration confirmations, payment receipts, reminders, magic links)
  • Process payments via Stripe Connect
  • Respond to support requests
  • Comply with legal obligations and enforce our Terms of Service
  • Detect and prevent fraud or abuse

We do not sell personal data. We do not use personal data for advertising or behavioral profiling.

4. Data Sharing

We share data with the following third-party service providers:

  • Stripe: Payment processing and Stripe Connect account management
  • Postmark: Transactional email delivery
  • Cloudflare R2: File and image storage (S3-compatible object storage). R2 buckets are operated by Cloudflare across globally distributed regions; storage is encrypted at rest.
  • Heroku: Application hosting
  • Anthropic: AI model provider for the helpdesk chat, AI event description generation, and AI form-field option generation features. See section 6 below for the data scope sent to Anthropic.
  • Postmark webhooks: Email delivery, bounce, and engagement events are received by Sitelite to maintain deliverability and unsubscribe compliance.
  • Honeybadger: Error monitoring (error reports may contain metadata from requests)

We do not share personal data with advertising networks, data brokers, or any party not listed above unless required by law.

5. Multi-Tenant Architecture

Sitelite is a multi-tenant platform. Registrant data collected by one organization is logically isolated from all other organizations. It cannot be accessed by other organizations using the Service. Sitelite platform staff may access organization data only for legitimate support, security, or legal compliance purposes.

6. AI Features

Sitelite uses AI models from Anthropic (Claude family) to power three features:

  • Helpdesk chat: A staff-only support assistant that answers questions about how to use Sitelite. Available to staff inside the admin; not exposed to participants.
  • AI event description drafting: Generates a marketing-style event description from a few staff-typed details (event name, type, dates, audience).
  • AI form-field option generation: Suggests dropdown / checkbox options for custom registration form fields based on the field name.

What the AI sees:

  • Staff-typed event metadata (event name, dates, type, public description text)
  • Sitelite's own knowledge-base articles (for the helpdesk chat retrieval-augmented context)
  • Field names typed by staff during form configuration

What the AI does NOT see:

  • Payment data, card numbers, or any Stripe transaction details
  • Registrant demographics beyond opt-in operational data
  • Emergency contacts or medical information
  • Waiver signatures or signed waiver text
  • Magic-link access tokens for participants
  • Cross-tenant data (data from other organizations)

Anthropic processes AI requests on Sitelite's behalf and does not retain prompts or responses for training under our enterprise terms. AI-generated text is shown to staff for review and editing before publication; staff retain full control over what is saved or sent to registrants.

7. Data Retention

We retain registration records and financial transaction data for as long as necessary to comply with legal obligations (typically 7 years for financial records). Waiver signatures are retained indefinitely as legal records.

If an organization closes their Sitelite account, their data is soft-deleted and retained for 90 days, after which personal data is anonymized. Financial records are retained indefinitely.

You may request deletion of your personal data by contacting us at [email protected].

8. Your Rights (GDPR)

If you are located in the European Economic Area (EEA), you have the following rights under the General Data Protection Regulation (GDPR):

  • Right of access: Request a copy of the personal data we hold about you
  • Right to rectification: Request correction of inaccurate data
  • Right to erasure: Request deletion of your personal data (subject to legal retention obligations)
  • Right to restriction: Request that we restrict processing of your data
  • Right to data portability: Receive your data in a structured, machine-readable format
  • Right to object: Object to processing based on legitimate interests

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

9. Cookies & Local Storage

We use session cookies to maintain authenticated sessions. These cookies are deleted when you close your browser or log out.

We use a cookie to store your dark mode preference so it persists across subdomains and visits. This cookie contains only the value "light" or "dark" and expires after one year.

We use Plausible Analytics, a privacy-focused analytics tool that does not use cookies or collect personal data. Plausible is GDPR-compliant by design and does not track individual visitors.

We do not use advertising cookies, tracking pixels, or third-party analytics cookies.

10. Children's Privacy

Sitelite is used by organizations to register participants for events, including minors. Registration data for minors is provided by their parents or guardians and is processed under the authority of the organization running the event. We do not knowingly collect personal information directly from children under the age of 13.

If you believe a child's data has been collected without appropriate parental consent, contact us at [email protected].

11. Changes to This Policy

We will notify account holders of material changes to this Privacy Policy via email at least 14 days before the changes take effect. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

12. Contact

For privacy-related requests or questions, contact us at:

Sitelite
Email: [email protected]