Skip to content
SiteRefit
Examples How it works Pricing FAQ Contact
Owner preview Request a preview
Menu
Examples How it works Pricing FAQ Contact Owner preview Request a preview

Privacy and data use

Privacy notice

Effective July 14, 2026

On this page

  1. What this notice covers
  2. Contact form information
  3. Private preview data
  4. Service providers
  5. Operational logs and security
  6. Retention and deletion
  7. Changes

What this notice covers

This notice describes the data flows used by the SiteRefit website, contact form, and private preview system.

Information submitted through the contact form

The form can collect a business name, current website, business type, town or state, contact name, email address, phone number, project goal, and message. Required fields are identified in the form. The information is used to review and respond to the inquiry.

Private preview data

Private preview records can include a business name, industry, general location, preview content, status, creation date, and expiry date. Access codes are stored as one-way hashes using a separate secret pepper; raw codes are not stored in preview records.

Successful access creates a signed, Secure, HttpOnly, SameSite cookie scoped to that preview path. The current session lifetime is 30 minutes. Failed access counters expire after approximately 10 minutes.

Service providers

  • Cloudflare hosts the site and can process network, security, rate-limit, Turnstile, and Worker request data.
  • Cloudflare Turnstile is used on launch forms to distinguish legitimate requests from automated abuse.
  • Resend is the intended email-delivery processor for accepted contact requests.

SiteRefit does not currently include a general-purpose visitor analytics endpoint. If analytics are added later, this notice should be updated before collection begins.

Operational logs and security

The application writes redacted operational event types such as configuration failure, rate limiting, preview denial, malformed preview records, Turnstile failure, delivery failure, and accepted delivery. Application logs are designed not to include access codes, Turnstile tokens, secrets, full IP addresses, or submitted message bodies.

Retention and deletion requests

Short-lived preview sessions and access-attempt counters expire automatically as described above. Inquiry and delivery records are retained only as long as needed to respond, maintain necessary business records, and resolve security or delivery issues.

Use the contact form to request access, correction, or deletion.

Changes

This notice will be updated when processors, forms, analytics, retention practices, or the preview system materially change. The effective date above identifies the current version.

SiteRefit

Focused website upgrades for established local businesses.

ExamplesHow it worksPricingFAQContactOwner preview accessPrivacyTerms

© 2026 SiteRefit

See the direction first. Launch only after approval.