Privacy Policy

• ◆To create and maintain your account and provide access to account-based features such as saved sites, comments, and submissions.
• ◆To deliver the SiteHub service — including rendering the directory, processing searches, and generating popularity rankings.
• ◆To send transactional emails — such as password reset links, email verification, and submission status notifications. We do not send marketing emails.
• ◆To prevent abuse and ensure security — including rate limiting, SSRF attack prevention, spam filtering, and enforcement of our Terms of Service.
• ◆To improve the platform — using anonymised analytics to understand feature usage, identify friction points, and prioritise improvements.
• ◆To monitor and fix errors — using crash reports to reproduce and resolve bugs promptly.

We do not use your data for targeted advertising, profiling, or selling to third parties.

Authentication sessions (Required).

When you log in, a session cookie is set by Supabase Auth to keep you authenticated securely across page loads. Without this cookie, you cannot remain logged in.

UI preferences (Functional).

We store your interface preferences — such as your selected category filter and your chosen browsing mode (Pro vs. Community) — in local storage so the experience feels consistent between sessions.

Analytics identifier (Analytics).

PostHog sets a first-party cookie containing a randomly generated anonymous distinct_id. This cookie is used to count unique visitors and track feature usage across sessions. It does not contain your name, email, or any personally identifiable information, and it is not shared with advertising networks or data brokers.

You can clear cookies and local storage at any time via your browser settings. Doing so will log you out of your account but will not break any public-facing directory features. SiteHub does not use third-party advertising cookies or cross-site tracking cookies.

We do not share your personal data with advertisers, data brokers, or marketing agencies, and we do not grant any third party the right to use your data for their own purposes.

If you are located in the European Economic Area (EEA), the United Kingdom, or another jurisdiction subject to GDPR-equivalent legislation, we rely on the following legal bases:

• ◆Consent — When you create an account and agree to this Privacy Policy and our Terms of Service.
• ◆Contractual necessity — To provide the features you have requested, such as saved sites, comments, and account management.
• ◆Legitimate interest — For security monitoring, abuse prevention, rate limiting, and anonymised analytics to improve the service, where these interests are not overridden by your rights.
• ◆Legal obligation — When we are required to process or retain data to comply with applicable law.

Account data (email, profile):

Retained while your account is active and permanently deleted within 30 days of account deletion.

Comments and submissions:

Retained to preserve the integrity of community discussions. If you delete your account, your comments may be anonymised rather than deleted to preserve thread continuity, at our discretion.

Error reports (Sentry):

Retained for up to 90 days, after which they are automatically purged.

Analytics data (PostHog):

Retained in anonymised, aggregated form. Anonymous identifiers may persist longer but cannot be linked back to you.

Anonymous usage data:

Visit counts and popularity scores are retained indefinitely as aggregate statistics that do not identify any individual.

Depending on your location, you may have the following rights regarding your personal data:

Right of access.

You may request a copy of the personal data we hold about you.

Right to rectification.

You may request that we correct any inaccurate personal information we hold about you.

Right to erasure ("right to be forgotten").

You may request permanent deletion of your account and associated personal data. You can initiate this directly within your account settings, or by contacting us at sitehubsupport@gmail.com.

Right to data portability.

You may request an export of your personal data in a machine-readable format.

Right to object or restrict processing.

You may object to certain types of processing (such as analytics) or request that we restrict how we use your data.

Right to withdraw consent.

Where processing is based on your consent, you may withdraw it at any time. Withdrawing consent does not affect the lawfulness of prior processing.

To exercise any of these rights, please contact us at sitehubsupport@gmail.com. We will respond within 30 days.

SiteHub is fundamentally a directory of external websites. When you click on a listing and navigate away from SiteHub, you are subject to that external website's own privacy policy and terms. We perform automated security and status checks on all listed URLs, but we cannot control or be held responsible for the privacy practices of third-party sites once you visit them. We recommend reviewing the privacy policy of any external site before providing your personal information.

SiteHub is not directed at children under the age of 13. We do not knowingly collect personal data from anyone under 13. If we become aware that an account has been created by a child under 13, we will terminate the account and delete all associated data promptly. If you believe a child under 13 has registered on SiteHub, please contact us at sitehubsupport@gmail.com.

• ◆Supabase Auth manages all password hashing and authentication tokens; we never see plaintext passwords.
• ◆All data is transmitted over HTTPS/TLS.
• ◆Row-Level Security (RLS) policies in Supabase ensure users can only access their own data.
• ◆All user-generated content is sanitised before storage to prevent injection attacks.
• ◆Rate limiting via Upstash Redis protects all API endpoints from abuse.
• ◆SSRF protections prevent our servers from being used to make malicious internal requests.

While we take all reasonable measures, no system is 100% impervious. In the event of a data breach that materially affects your personal data, we will notify affected users and, where required by law, relevant authorities, within the timeframes mandated by applicable legislation.

SiteHub uses third-party infrastructure providers (including Supabase, Vercel, and PostHog) that may process data in data centres located outside your country of residence, including within the United States and the European Union. Where such transfers occur, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) or the service provider's compliance with applicable data transfer frameworks.

We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date at the top of this page. For significant changes, we will make reasonable efforts to notify you (for example, by displaying a notice on the SiteHub homepage or sending an email to registered users). Your continued use of SiteHub after any changes to this policy constitutes your acceptance of the updated terms.