SiteSinc

Data Protection

Our commitment to safeguarding your data with industry-leading security practices.

1. Introduction

SiteSinc ("we," "us," "our") is committed to protecting your data in compliance with GDPR, UK GDPR, and other applicable data protection laws. This Data Protection Policy outlines our practices for securing your personal data and Content while using our document hosting, RFI, and forms platform.

2. Data Storage and Security

All data is stored in secure data centers in Frankfurt, Germany, ensuring compliance with EU data protection standards. We implement industry-standard measures, including:

  • Encryption in transit (TLS) and at rest (AES-256).
  • Regular security audits and penetration testing.
  • Role-based access controls and multi-factor authentication.
  • Incident response and disaster recovery protocols.

3. Data Breach Response

In the event of a data breach, we will:

  • Notify affected users within 72 hours, as required by GDPR/UK GDPR.
  • Take immediate steps to mitigate harm and secure affected systems.
  • Cooperate with data protection authorities and provide a detailed report.

4. User Responsibilities

You are responsible for:

  • Maintaining secure account credentials and enabling two-factor authentication.
  • Backing up your Content, as SiteSinc is not liable for data loss unless caused by our gross negligence.
  • Ensuring your Content complies with data protection laws.

5. Third-Party Subprocessors

We use third-party subprocessors to deliver the Service. All subprocessors are bound by GDPR/UK GDPR-compliant data processing agreements. Key subprocessors include:

  • Frankfurt data centers — primary hosting and database storage (Germany/EU)
  • Stripe — payment processing (United States / global)
  • OpenAI — search embeddings for Project Assistant (United States). Processes chunked project text and chat queries. API terms: data not used to train public models.
  • xAI — AI response generation for Project Assistant and related features (United States). Processes chat messages and retrieved project context.
  • Google (Analytics, Ads, Tag Manager) — website analytics and advertising (United States / global)
  • SendGrid — transactional email delivery
  • Cloudflare R2 — file and document storage

International transfers to subprocessors outside the UK use Standard Contractual Clauses and, where required, the UK IDTA or UK Addendum. For the full subprocessor register or a copy of our DPA, email support@sitesinc.co.uk or dpo@sitesinc.co.uk, or visit /legal/subprocessors and /legal/dpa.

6. Data Retention

We retain your data for the duration of your account’s active term, subject to the 50GB limit for "unlimited" plans. Project Assistant conversations are retained until you delete them or your account is terminated. Upon account termination, data may be deleted after 30 days unless required by law to retain longer.

7. Your Rights

You have the right to access, correct, delete, or restrict the processing of your data. To exercise these rights, contact our Data Protection Officer at dpo@sitesinc.co.uk. We will respond within 30 days.

Build with Confidence

Join SiteSinc and manage your projects with clarity and compliance.

Get Started