SiteClinic
Free scan

Legal

Privacy Policy

Last updated: 21 May 2026 · APPI & GDPR compliant

1. Controller

This Privacy Policy describes how Sagbrain Global, Inc. ("we", "us") processes personal data through SiteClinic. It is written to comply with Japan's Act on Protection of Personal Information (APPI) and the EU General Data Protection Regulation (GDPR).

2. Information we collect

  • Account data: email, hashed password, locale preference, plan tier.
  • Scan data: URLs you submit and the resulting scan artifacts (DOM, screenshot, HTTP headers, network log).
  • Usage logs: hashed IP, user-agent, action timestamps.
  • Payment data: we do not store card numbers — payments are processed by Stripe.

3. Purposes

  • Operating the Service (running scans, producing reports, matching agencies)
  • Account management and authentication
  • Billing and payment processing
  • Abuse and threat detection
  • Building anonymised benchmark statistics
  • Legal compliance (court orders, tax filings, security incident reporting)

4. Sharing with third parties

We do not sell or rent personal data. If you choose to be introduced to a particular agency via our marketplace, we share your diagnostic results and contact details with that agency — this is your explicit, action-driven instruction to share.

5. Sub-processors

  • AWS: hosting, database, storage. Primary region: ap-northeast-1 (Tokyo).
  • Google Cloud (Gemini API): AI diagnosis engine
  • Stripe: payment processing
  • Sentry: error tracking (technical logs only)
  • Resend / AWS SES: transactional email

6. International transfers

Our sub-processors operate in Japan, the US, and the EU. For transfers of EU residents' data outside the EU, we rely on the European Commission's Standard Contractual Clauses (SCCs). Japan-region data is stored in ap-northeast-1 (Tokyo) by default.

7. Retention

  • Account data: deleted within 30 days of account deletion.
  • Scan artifacts: raw data (screenshots, captures) is deleted after 90 days; anonymised metadata is retained for benchmark statistics.
  • Payment records: retained for 7 years to satisfy legal obligations.
  • Audit logs: retained for 3 years.

8. Your rights

You have the right to:

  • access the personal data we hold about you;
  • request correction, completion, or deletion;
  • object to processing or restrict it (e.g., for direct marketing);
  • data portability (GDPR residents);
  • lodge a complaint with your supervisory authority.

Send requests to privacy@siteclinic.jp — we respond within 30 days after verifying your identity.

9. Cookies & tracking

We use only the cookies strictly necessary to maintain your login session. Analytics and advertising cookies are loaded only after you give explicit consent. See our Cookie Policy for details.

10. Security

We follow controls inspired by ISO 27001, including encryption (TLS 1.2+ in transit, AES-256 at rest), least-privilege access control, and regular vulnerability scans. See our Security page for more.

11. Children

The Service is not directed to anyone under 18. We do not knowingly collect personal data from minors.

12. Changes to this policy

We will notify you of material changes at least 30 days before they take effect.

13. Contact

For any privacy questions, contact our Data Protection lead at privacy@siteclinic.jp.