skip to content
sitehey
book a 15-min call

legal

Privacy Policy

effective May 4, 2026. last updated May 4, 2026.

we collect almost nothing on this site. no third-party tracking, no advertising pixels, no fingerprinting. one functional cookie, listed below. ccpa rights below too.

Who we are and how to reach us

the short version: email, phone, address. one human reads all of it.

sitehey, a website service for local los angeles businesses.

justin@sitehey.com

9100 wilshire blvd, ste 725 e
beverly hills, ca 90212

What we collect on this site

one functional cookie, no third-party trackers, and whatever you choose to send us.

  • aggregate page views. we plan to add cookieless page-view analytics (PostHog, configured without cookies and without cross-site tracking). it is not active yet. we will update this notice before turning it on.
  • one functional cookie: sitehey_preview. first-party, 30-day expiry, value is a short business slug. used to personalize the home page for a returning visitor. see the cookies section below for detail.
  • contact form submissions, if and when added. this site does not currently host a contact form. if we add one, we will store only what you type into it and use it to reply to you.

what we do not collect: no Google Analytics, no Meta Pixel, no advertising tags, no fingerprinting, no cross-site behavioral tracking, no data purchased from data brokers.

What we collect from paying customers

the minimum we need to build, host, and bill for your site.

  • contact details: name, email address, phone number, business name, and business address.
  • payment data via Stripe: a Stripe customer token and the last four digits of your card. your full card number and CVC are never sent to or stored on our servers. card statements show the descriptor “SITEHEY-WEBSITE”.
  • business content you provide for the site build: photos, copy, hours, menu, services, and any other material you send us.

AI disclosure

AI drafts, a human reviews. we do not train external AI models on your data.

  • sites are AI-drafted and human-reviewed before they go live.
  • what AI sees: publicly available business data and content you provide.
  • what humans review: factual claims, fabrication checks, and final copy.
  • we do not use your data to train external AI models, and we do not permit our AI providers to do so on our behalf.
  • you remain responsible for the accuracy of your final published site. for the contractual side of AI-assisted drafting, see /terms#ai-disclosure.

How we use it

contract, transactional email, legal compliance. we do not sell or share personal information.

contract performance
building, hosting, and editing your site under our agreement with you.
transactional email
receipts, edit confirmations, account notices, and replies to things you ask us.
legal compliance
tax records, dispute response, and meeting obligations under applicable law.

we do not sell or share personal information for advertising or for any other purpose.

Service providers

a small list. each provider sees only what they need to do their job.

providerrolewhat we share
Stripepayment processingname, email, billing address, Stripe customer token
Vercelhosting and edge deliverysite files and standard server logs
transactional email providerreceipts and account noticesname and email address. transactional email is not yet active. we will name the vendor here before sending any transactional email.
Lobprinted-mail deliverybusiness name and mailing address only. used by Lob to print and mail postcards on our behalf.
TelnyxSMS and inbound phone numberphone number, SMS message content, and inbound call routing for our business number, +1 (213) 567-9701. 10DLC SMS provider and PSTN carrier.

none of these providers are permitted to use your data for their own purposes.

Your California Privacy Rights

you have the right to know, delete, correct, opt out of any sale or sharing, and to not be discriminated against for exercising these rights. we do not sell or share. there is nothing to opt out of, but you have a working contact path either way.

your rights under CCPA and CPRA: the right to know what personal information we hold about you, the right to delete it, the right to correct it, the right to opt out of any sale or sharing for cross-context behavioral advertising, and the right not to be discriminated against for exercising any of these rights.

do not sell or share my personal information. we do not sell personal information. we do not share personal information with any third party for cross-context behavioral advertising. there is nothing to opt out of. if you would like a written confirmation of this, email us using the address below and we will send one.

global privacy control (GPC). we honor GPC at the protocol level. because we do not sell or share, GPC has nothing to disable, but the signal is respected and logged.

how to submit a request. email justin@sitehey.com with the subject “CCPA Request”, your full name, the request type (know, delete, correct, or opt out), and a way to reach you. we respond within 45 days and may extend by an additional 45 days with notice if needed to verify your identity. for refund-related questions, see /terms#refund.

CAN-SPAM

if you ever receive a commercial email from us, our address is on this page and unsubscribe is one click. opt-outs are permanent.

every commercial email from sitehey includes our physical mailing address (above), a clear identification of the sender, and a one-click unsubscribe link. unsubscribe requests are honored permanently. if a link does not work, email us at justin@sitehey.com and we will remove you within one business day.

SMS and A2P 10DLC

we only text people who contacted us first or signed up for service. STOP and HELP work as expected.

  • opt-in source. we only send SMS to people who contacted us first, signed up for service, or otherwise asked to be reached by text.
  • STOP and HELP. reply STOP to any sitehey text to opt out of further messages. reply HELP for assistance and a contact email.
  • typical frequency. low. messages are transactional (booking confirmations, support replies, account notices), not marketing.
  • rates. message and data rates may apply depending on your mobile plan.
  • carrier disclaimer. mobile carriers are not liable for delayed or undelivered messages.
  • data sharing. mobile information will not be shared with third parties or affiliates for marketing or promotional purposes. text-messaging opt-in data and consent are not shared with any third parties.

Voice and inbound calls

when you call sitehey, an AI assistant answers and identifies as AI at the start. you can ask for a human or end the call at any time. we do not place outbound cold calls.

  • status. the inbound AI receptionist is not yet live. this section describes the practices that take effect when the line is turned on. we will update this notice before that happens.
  • AI receptionist.sitehey’s phone line is answered by an AI assistant (built on Vapi). it identifies itself as AI at the start of every call, names sitehey, and offers to schedule a call with a human, take a message, or answer a common question. you can ask to be transferred to a human at any time.
  • recording. we ask for recording consent at the start of every call. AI-handled calls require recording for the agent to function, so if you decline, the call ends and nothing is stored. California is an all-party-consent state under Penal Code section 632, and we treat every call that way regardless of where you are.
  • hours. the AI assistant can take a call any time. a human follows up during business hours, Monday through Friday, 9 am to 6 pm Pacific.
  • recordings and storage. we do not sell or share call recordings. they are encrypted at rest, used only for quality and training, kept for 90 days for quality review, then deleted unless required for an active dispute.
  • no outbound cold calls. we do not place outbound cold calls or robocalls of any kind. if you want to schedule a call, book at book.sitehey.com or email justin@sitehey.com.

Mail and outbound postcards

we sometimes send postcards to local los angeles businesses about a website. you can ask us to stop, in any form, and we honor it.

  • status. the paper mail program is not yet live. we will update this notice before sending the first postcard.
  • data sources. business names and mailing addresses come from publicly available sources (Google Maps listings, business directories, public records). we do not buy consumer mailing lists and we do not mail to residential addresses.
  • what we send. a printed postcard introducing sitehey, with our address, contact info, and a link to learn more. nothing on the postcard is personalized beyond your business name and address.
  • service provider. we use Lob to print and mail postcards. Lob receives only the business name and mailing address needed to fulfill the mailing.
  • retention. we keep mailing-list entries (business name, mailing address, opt-out status) for as long as needed to honor opt-outs, then delete on request.
  • opt-out. to be removed from future mailings, email justin@sitehey.com with the subject “do not mail” and your business name. we confirm by reply within one business day and remove your address from our system.

Cookies

one cookie, first-party, 30 days, used to remember a returning visitor. nothing else.

we use exactly one cookie: sitehey_preview. it is first-party, set on the .sitehey.com domain, expires after 30 days, and stores a short business slug. its only purpose is to personalize the home page for a visitor who previously saw a sitehey preview.

we do not set tracking cookies, third-party cookies, or advertising cookies on this site. you can delete the cookie from your browser at any time without losing access to anything on the site.

Data retention

we keep customer data for the duration of service plus a short tail. payment records longer, because tax law requires it.

data typehow long we keep it
customer account dataduration of service, plus 90 days after cancellation
payment records7 years (required by IRS and California tax law)
transactional email logs1 year, then deleted
sitehey_preview cookie30 days on your device, then expires

Security

https everywhere, payments handled by stripe, breach notice within 72 hours.

we use HTTPS and TLS encryption on every page and API call. payment processing is handled by Stripe; full card numbers are never sent to or stored on our servers. customer data is encrypted at rest. no system is perfectly secure; if a breach affecting your personal information ever occurred, we would notify you within 72 hours of discovery, as California law requires.

Children’s privacy

the service is for businesses. we do not knowingly collect data from anyone under 13.

sitehey is built for business owners, not children. we do not knowingly collect personal information from anyone under 13. if you believe we have, contact us and we will delete it promptly.

Changes to this policy

30 days notice for anything material. typo fixes happen quietly.

if we change this policy in a way that affects your rights, we will give at least 30 days notice by email to existing customers and by an on-site notice on this page, and we will update the effective date at the top. minor edits (typo fixes, link updates) may be made without notice.

Contact

email is fastest. text or call works too.

justin@sitehey.com

9100 wilshire blvd, ste 725 e
beverly hills, ca 90212

we aim to respond to privacy inquiries within 5 business days.