onsited
FeaturesPricingFAQLogin

Privacy Policy

Last updated: April 27, 2026

1. Information We Collect

Information you provide:

  • Account information (email address, password)
  • Business information you submit or select from Google Places
  • Content you add or edit on your generated website
  • Payment information (processed by Stripe; we do not store card details)
  • Communications you send to us (support emails, feedback)

Information collected automatically:

  • Usage data (pages visited, features used, time spent)
  • Device information (browser type, operating system, screen resolution)
  • IP address and approximate geographic location
  • Referral source (how you found onsited)

2. How We Use Your Information

We use the information we collect to:

  • Generate and host your business website
  • Process payments and manage your subscription
  • Provide customer support and respond to inquiries
  • Improve and optimize the Service
  • Analyze usage patterns to enhance user experience
  • Send important service-related communications
  • Detect and prevent fraud or abuse

3. Cookies & Tracking Technologies

We use cookies and similar tracking technologies with your consent. You can manage your cookie preferences using the consent banner displayed when you first visit our site.

Analytics cookies (require consent):

  • PostHog: Product analytics to understand how users interact with the Service. Collects usage events, page views, and session data. Data is sent to PostHog's US servers.
  • Vercel Analytics: Web analytics for page views and visitor metrics. Collects anonymized usage data processed by Vercel.
  • Vercel Speed Insights: Performance monitoring for page load times and web vitals. Collects anonymized performance metrics.

Strictly necessary (no consent required):

  • Sentry: Error monitoring to detect and fix bugs. Collects error reports, stack traces, and minimal device context when errors occur. This is essential for maintaining Service reliability.
  • Authentication cookies: Session tokens required to keep you logged in.

If you decline analytics cookies, PostHog, Vercel Analytics, and Vercel Speed Insights will not collect any data. The core Service will continue to function normally.

4. Third-Party Services

We share information with the following third-party services as necessary to operate the Service:

  • Supabase: Database hosting and user authentication. Stores your account data, website configurations, and business information.
  • Stripe: Payment processing. Receives your email and payment details to process transactions. See Stripe's Privacy Policy.
  • Google Places API: Used to fetch publicly available business data (name, address, phone, hours, reviews) when generating your website. We access only data you select.
  • Vercel: Website hosting and deployment infrastructure. Processes web requests and serves your website content.
  • OpenAI: AI content generation for website copy. Business data is sent to generate service descriptions, FAQs, and other content. See OpenAI's Privacy Policy.
  • Twilio: SMS message delivery and phone number verification. If you opt in to SMS notifications on the Professional plan, your mobile phone number is sent to Twilio to deliver transactional quote-request alerts and to verify ownership of the number. See Twilio's Privacy Policy.

We do not sell your personal information to any third party. Mobile phone numbers and SMS opt-in data are never shared with third parties or affiliates for marketing purposes.

5. SMS Communications

Professional plan customers may opt in to receive transactional SMS notifications when a homeowner submits a quote request through their website. SMS is strictly opt-in and is never used for marketing or promotional messaging.

Information collected for SMS:

  • Mobile phone number (E.164 format)
  • Phone verification status and timestamp
  • Consent timestamp, IP address at time of consent, and version of the disclosure shown
  • Opt-out timestamp and source (dashboard toggle or STOP keyword) when applicable
  • Delivery logs (Twilio message ID, delivery status, timestamp) for audit and troubleshooting

Use of phone numbers: Your phone number is used solely to deliver transactional notifications about quote requests submitted to your business website, to send one-time verification codes during the opt-in flow, and to maintain compliance records required by U.S. mobile carriers and the Telephone Consumer Protection Act (TCPA).

No sharing: Phone numbers and SMS opt-in records are not sold, rented, shared, or otherwise disclosed to any third party for marketing purposes. We share phone numbers only with Twilio (our SMS delivery provider) to the minimum extent necessary to deliver requested messages.

Opt-out: You can revoke SMS consent at any time by toggling SMS off in your dashboard at onsited.pro/dashboard or by replying STOP to any message. Opt-outs are processed immediately. Reply HELP for assistance, or contact support@onsited.pro. Message and data rates may apply. Message frequency varies based on the number of quote requests your business receives.

6. Data Retention

We retain your data for as long as your account is active. If you close your account, we will delete your personal data within 30 days, except where we are required by law to retain it or where it is necessary for legitimate business purposes (e.g., resolving disputes, enforcing agreements).

Demo websites that are not purchased are automatically cleaned up after their expiration period.

7. Data Security

We implement industry-standard security measures to protect your data, including:

  • Encryption in transit (HTTPS/TLS) for all connections
  • Encrypted password storage using bcrypt hashing
  • Rate limiting on sensitive API endpoints
  • CSRF protection on state-changing operations
  • Row-level security policies on database tables

No method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Object to or restrict processing of your data
  • Request data portability
  • Withdraw consent for analytics cookies at any time (clear your browser's localStorage)

To exercise any of these rights, contact us at support@onsited.pro. We will respond within 30 days.

9. Children's Privacy

The Service is not directed to children under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a new "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

11. Contact

If you have questions about this Privacy Policy or our data practices, please contact us at support@onsited.pro.

Back to home