Privacy Policy

StefSite is the data controller for personal data processed through StefSite.com. Contact: privacy@stefsite.com.

We only collect what we need to deliver the service:

• Form submissions: the website URL you ask us to redesign, your email address, and your name (when you provide it).
• Public website content: when you give us a URL, we automatically read the publicly available content of that site to generate a redesign preview.
• Account data: if you create an account, your email and a hashed password.
• Communication: any emails or chat messages you send us.
• Basic technical data: standard server logs (IP address, user-agent, timestamp) for security and debugging, kept for a maximum of 30 days.

• To generate and deliver your AI-redesigned website preview
• To contact you about the preview, your project, or your account
• To operate, secure, and improve the Service
• To comply with legal obligations (e.g. invoicing, tax)

We do not sell your data, and we do not use it for advertising or third-party marketing.

Your data is stored on EU-based infrastructure provided by our backend platform (Lovable Cloud, which uses Supabase infrastructure in the EU). Some processing — specifically AI-generated content — is handled by AI providers (OpenAI, Google) that may process data outside the EU under standard contractual clauses approved by the European Commission.

We share data only with service providers strictly necessary to operate:

• Lovable Cloud / Supabase — database, authentication, hosting
• AI providers (OpenAI, Google Gemini) — to generate redesign content
• Email provider — for transactional emails
• Payment processor — for billing (we never store your card details)

Each of these is bound by their own privacy commitments and a data-processing agreement with us.

StefSite.com uses no advertising or analytics cookies. We store a single language preference in your browser's localStorage so the site remembers what language you prefer. That's it.

Because we don't use tracking, we don't show a cookie banner — the GDPR doesn't require one for strictly functional storage.

• Prospect submissions: up to 12 months, then deleted unless you become a client.
• Client account & project data: for the duration of our relationship plus 7 years for invoicing/tax records.
• Server logs: 30 days.

Under EU/UK data protection law, you have the right to:

• Access the data we hold about you
• Correct inaccurate data
• Delete your data ("right to be forgotten")
• Export your data in a portable format
• Object to or restrict processing
• Withdraw consent at any time
• Lodge a complaint with your local data protection authority

To exercise any of these, email privacy@stefsite.com. We respond within 30 days.

We use industry-standard measures: HTTPS everywhere, encrypted database storage, access controls, and regular updates. No system is perfectly secure, but we treat your data with the same care we'd want for our own.

We may update this Policy. The "Last updated" date at the top reflects the latest revision. Material changes will be announced by email to active clients.