Privacy Policy
This Privacy Policy explains how SiteAcademy (“we”, “us”) collects and uses personal data when you use SiteAcademy. It applies to the website at https://siteacademy.co.uk/ and related services.
We collect limited technical data (like IP address and user agent) to run scans safely, keep the site secure, and understand usage via analytics. Public scan areas may display a domain and scan score.
1. What we collect
Depending on how you use the Service, we may collect:
| Category | Examples | Where it comes from |
|---|---|---|
| Scan submissions | URL submitted for scanning, resulting domain/hostname, scan timestamps, scan score | Provided by you / generated by the Service |
| Technical & log data | IP address, user agent, device/browser info, approximate location (derived), referrer, request times | Collected automatically when you access the site |
| Analytics data | Page views, clicks, time on page, approximate location, device type (aggregated/hashed where possible) | Cookies/analytics tools (see Cookies & analytics) |
| Support communications | Email address and message content when you contact us | Provided by you |
| Paid service details (if used) | Purchase reference, product purchased, billing email; payment card details are handled by our payment provider | Provided by you / payment processor |
Please do not submit URLs that contain personal data in the path/query (for example, private dashboards, internal tools, or links containing tokens).
2. Why we use it
We use personal data to:
- Provide scan results, scoring, and comparison features.
- Operate and maintain the Service (performance, troubleshooting, error logging).
- Protect the Service from abuse (rate limiting, fraud prevention, security monitoring).
- Understand how the Service is used and improve it (analytics and aggregated insights).
- Respond to support requests and communications.
- Fulfil and administer paid services (orders, receipts, delivery, support).
3. Lawful bases (UK GDPR)
We process personal data under the following lawful bases:
- Contract: where processing is needed to provide the Service you request (for example, returning scan results).
- Legitimate interests: for security, preventing abuse, and improving the Service (balanced against your rights).
- Consent: for certain cookies/analytics where required (see Cookies & analytics).
- Legal obligation: where we must keep records for tax/accounting or comply with law.
4. Cookies & analytics
We may use cookies and similar technologies to operate the site and understand usage. Cookies can be “session” cookies (expire when you close your browser) or “persistent” cookies (remain for a set period).
4.1 Essential cookies
Essential cookies help the site work properly (for example, security protections and basic preferences). These are typically set on the basis of legitimate interests.
4.2 Analytics (Google Analytics 4)
This site uses Google Analytics (GA4) to understand usage and improve the Service. GA4 may collect device information, page interactions, and approximate location, and uses cookies or similar identifiers.
Where required, we will ask for your consent before setting analytics cookies.
You can use your browser settings to block or delete cookies. Some features may not work correctly if you block essential cookies.
5. Sharing
We may share personal data with trusted service providers (“processors”) who help us operate the Service, such as:
- Hosting and infrastructure providers
- Analytics providers (for example, Google)
- Email/support tooling (if used)
- Payment processors (for paid services)
We do not sell your personal data. We may disclose data if required by law, to enforce our Terms, or to protect the rights and safety of users and the Service.
6. Retention
We keep personal data only as long as necessary for the purposes described in this Policy, including security, dispute resolution, and legal obligations.
- Scan records: retained for as long as needed to provide history/leaderboards and prevent abuse, unless removed on request where appropriate.
- Logs/security data: typically retained for a limited period to investigate abuse and maintain service reliability.
- Support emails: retained as long as needed to resolve the request and maintain an audit trail.
- Purchase records: retained as required for accounting/tax and support.
If you want a public scan listing reviewed for removal, email support@siteacademy.co.uk with the domain and the audit link(s).
7. Security
We use appropriate technical and organisational measures to protect personal data, including access controls, monitoring, and secure transport (HTTPS). However, no website can be guaranteed 100% secure.
8. Your rights
If UK GDPR applies, you may have rights including:
- The right to access your personal data
- The right to correct inaccurate data
- The right to request deletion (in certain circumstances)
- The right to restrict or object to processing (in certain circumstances)
- The right to data portability (where applicable)
- The right to withdraw consent (where processing is based on consent)
To exercise rights, contact us at support@siteacademy.co.uk. We may ask for information to verify your identity.
You can also complain to the UK Information Commissioner’s Office (ICO) if you believe your data protection rights have been breached.
9. International transfers
Some of our service providers may process data outside the UK. Where this happens, we take steps to ensure appropriate safeguards are in place, such as adequacy regulations or standard contractual clauses, where applicable.
10. Contact
If you have questions about this Policy or how we handle data, email us at support@siteacademy.co.uk.
Controller: SiteAcademy (United Kingdom)