Skip to main content
sitesparx
Development

Privacy Policy

How SiteSparx Development collects, uses, and protects personal information — including rights for visitors in the EU, UK, and California.

Last updated: April 23, 2026

Who we are

SiteSparx Development (“SiteSparx,” “we,” “us,” or “our”) is a sole proprietorship based in Pittsburgh, Pennsylvania. We design and build websites, applications, and client portals for small and mid-sized businesses.

This policy explains what personal information we collect when you use our website at sitesparx.dev, submit an inquiry, or use our client portal, and what rights you have over that information.

Plain-English summary

  • We collect the information you give us through our contact form, project quiz, and portal sign-up — plus a minimal amount of technical information needed to run the site.
  • We use it to reply to you, build and deliver projects, operate the client portal, and keep things secure.
  • We do not sell personal information, and we do not use advertising trackers. If we use Google Analytics, it runs only after you accept analytics cookies.
  • You can email legal@sitesparx.dev at any time to access, correct, or delete your information.

Information we collect

From our contact form

When you submit the contact form we receive your first name, last name, email address, optional company name, and the message you write. The submission is emailed to our team and is not stored in a database.

From our project quiz

When you complete our project quiz we store your first name, last name, email address, optional phone number, optional company name, and the details you provide about your project (type, features, pages/screens, existing site, budget range, timeline, goals). We also record your IP address to prevent abuse and enforce rate limits.

From client portal accounts

If we work together on a project, we create an account for you in our client portal. The portal stores your email address, hashed password, first and last name, optional phone number and company name, any avatar image you upload, and the information associated with your projects — proposals, quotes, phases, invoices, payments, approvals, messages, deliverables, and files you or we upload.

Automatically

Our hosting provider logs standard request information (IP address, user agent, timestamp, URL, response status) to operate and secure the service. When you sign in to the portal we set a strictly-necessary cookie that identifies your session. If you accept analytics cookies, Google Analytics sets its own cookies to measure aggregate usage. See our Cookies Policy for details.

How we use information

  • To respond to you — we use contact and quiz submissions to reply, scope projects, and prepare proposals.
  • To deliver our services — we use portal account and project information to build, review, invoice, and deliver the work we have agreed to.
  • To secure our site and portal — we use IP addresses, request logs, and rate-limit data to detect and block abuse.
  • To improve the site — if you consent to analytics, we use aggregate usage patterns to understand which pages are useful and where visitors drop off.
  • To comply with law — we retain records where tax, accounting, or contract law requires it, and we respond to lawful requests from authorities.

If you are in the European Union, the European Economic Area, or the United Kingdom, we rely on the following lawful bases under the GDPR and UK-GDPR:

  • Performance of a contract — to deliver the services you have engaged us for, including operating the client portal.
  • Consent — for analytics cookies and any other optional processing you explicitly opt into.
  • Legitimate interests — to respond to inquiries, keep the site secure, prevent abuse, and operate our business. We weigh these interests against your rights and freedoms.
  • Legal obligation — to comply with tax, accounting, and records-retention requirements.

Sharing & subprocessors

We do not sell personal information. We share it only with the service providers we rely on to run SiteSparx, and only to the extent they need it to provide their service to us:

  • Resend (transactional email delivery) — receives the email addresses and message bodies we send, including contact form replies, password reset emails, and project notifications.
  • Supabase (PostgreSQL database hosting) — stores portal accounts, quiz submissions, project data, and files.
  • Our web host (Vercel or Hostinger, depending on deployment) — operates the server logs described above.
  • Google Analytics (only if you accept analytics cookies) — receives aggregate usage data associated with an anonymous client identifier.
  • Optional S3-compatible storage — stores project files when configured.
  • Payment providers you choose — PayPal, Venmo, and Cash App handle payments under their own terms and privacy policies; we record only the reference you give us.

International transfers

SiteSparx is based in the United States and our service providers may process information in the United States or other countries. Where we transfer personal information out of the EU, EEA, or UK we rely on the Standard Contractual Clauses adopted by the European Commission (and the UK International Data Transfer Addendum, where applicable) as our transfer mechanism. You can request a copy of the relevant safeguards by emailing legal@sitesparx.dev.

Retention

  • Contact form emails — retained in our inbox per normal business practice, typically about two years.
  • Quiz submissions — retained for two years from the date of submission, or, if the submission becomes an active project, retained as part of the project record.
  • Client portal accounts and project records — retained for the life of the engagement and for seven years after the project closes, which aligns with U.S. tax and contract record-keeping requirements.
  • Server logs — retained for the period used by our hosting provider, typically 30 days.
  • Analytics data (when enabled) — retained per the default Google Analytics retention setting of fourteen months.

We will delete or anonymize information when these periods end, unless we are required to keep it for a legal reason or you have made a current request or complaint that we need the information to address.

Your rights

Every visitor can ask us to access, correct, or delete the personal information we hold about them. Email legal@sitesparx.dev and we will respond within 30 days.

If you are in the EU, EEA, or UK

Under the GDPR and UK-GDPR you also have the right to:

  • Request erasure of your personal information.
  • Restrict our processing of your information.
  • Object to processing based on legitimate interests.
  • Receive a copy of your information in a portable format.
  • Withdraw consent at any time where processing is based on consent.
  • Lodge a complaint with your local supervisory authority. In the UK that is the Information Commissioner’s Office at ico.org.uk.

If you are a California resident

Under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), you have the right to:

  • Know what personal information we have collected about you.
  • Request correction of inaccurate personal information.
  • Request deletion of your personal information.
  • Opt out of the sale or sharing of your personal information — we do not sell or share personal information for cross-context behavioral advertising.
  • Limit the use of sensitive personal information — we do not use sensitive personal information for purposes that would require this option.
  • Not be discriminated against for exercising any of these rights.

An authorized agent may submit a request on your behalf; we may ask you to verify the authorization.

Security

We protect information with industry-standard measures appropriate to its sensitivity: TLS in transit, encrypted storage at rest through our database and hosting providers, bcrypt-hashed passwords, role-based access control in the client portal, rate limiting on public forms, and least-privilege access to production systems. No system is ever completely secure; if we ever experience a breach that affects your information we will notify you in accordance with applicable law.

Children

Our services are directed to businesses and are not intended for children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with information, please email legal@sitesparx.dev and we will delete it.

Changes to this policy

We may update this policy from time to time. We will update the “Last updated” date at the top of the page. If the changes materially affect how we handle your information, we will make a reasonable effort to notify you — by email for portal account holders, and by a notice on the site for general visitors — before the changes take effect.

Contact

Privacy questions and rights requests: legal@sitesparx.dev.

This is a plain-language summary, not legal advice from us. For contract disputes please retain your own counsel.

Questions about this policy? Email legal@sitesparx.dev.