Privacy Policy
This policy explains how SiteFreeze processes personal data under the EU General Data Protection Regulation (GDPR).
1. Controller
MB Brass Bureau, company code 307540176, Beržo 1-oji g. 48, Sakiškės, Bezdonių sen., Vilniaus r. sav., LT-15181, Lithuania. Contact: [email protected].
2. What we collect and why
| Data | Purpose | Legal basis |
|---|---|---|
| Email address, password (stored only as a salted hash) | Your account and login | Contract (Art. 6(1)(b)) |
| Google account email (if you sign in with Google) | Login | Contract |
| GitHub username and access token (if you connect GitHub) | Publishing exports to your repositories at your request | Contract |
| Payment status, amount, Stripe transaction reference | Activating Pro, accounting | Contract; legal obligation (Art. 6(1)(c)) |
| URLs of sites you export and export metadata (page count, size) | Providing your dashboard and saved exports | Contract |
| IP address, basic request logs | Security, abuse and fraud prevention | Legitimate interest (Art. 6(1)(f)) |
We do not see or store your card number — payments are handled entirely by Stripe. We do not sell personal data and do not use it for advertising or profiling.
3. Processors and recipients
- Cloudflare, Inc. — hosting, CDN, data storage (EU/US, EU–US Data Privacy Framework & SCCs)
- Stripe Payments Europe, Ltd. — payment processing (Stripe receives your card and billing details directly)
- Google Ireland Ltd. — optional Google sign-in
- GitHub, Inc. — optional GitHub publishing (US, SCCs/DPF)
4. Retention
- Account data — while your account exists; deleted on request.
- Saved exports — until replaced by a newer export or your account is deleted (free plan keeps one; Pro keeps one per domain).
- Payment records — 10 years (Lithuanian accounting law).
- Security logs — up to 30 days.
5. Your rights
You have the right to access, correct, delete, and receive a copy of your data, to restrict or object to processing, and to withdraw consent where processing is based on consent. Email [email protected] — we respond within 30 days. You may also lodge a complaint with the Lithuanian State Data Protection Inspectorate (vdai.lrv.lt) or your local supervisory authority.
6. Security
All traffic is encrypted (HTTPS/TLS). Passwords are stored only as salted PBKDF2 hashes. Session cookies are HttpOnly and Secure. Access tokens are stored server-side and used only to perform actions you request.
7. Cookies
We use strictly necessary cookies, and Google Analytics cookies only with your consent via the cookie banner — see the Cookie Policy.
8. Changes
We will post any changes on this page with a new effective date.