Back to the audit
Privacy Policy

Your data is your data.

SiteAudit is built and operated by Next Level HTML. This page explains exactly what we collect when you use the auditor, how we use it, who has access to it, and what we will never do with it. Written in plain English on purpose.

Effective May 12, 2026 // Last updated May 12, 2026
// At a glance

The short version

01

Who we are

SiteAudit (the "Service") is operated by Next Level HTML, a web design and development agency based in Arlington, Texas, United States. We're the data controller for any information processed through audit.nextlevelhtml.com. When this policy says "we," "us," or "our," we mean Next Level HTML.

SiteAudit is a small team's product. Access to the live server, audit records, and any contact information you provide is restricted to the operator (the senior developer at Next Level HTML). No third-party staff have access to your data on our infrastructure.

02

What we collect

When you run an audit

When you contact us (quote requests, developer reports, share links)

Automatically, while you use the site

In plain English

We collect what we need to run the audit and follow up if you ask us to. We don't collect personal details you didn't enter yourself.

03

How we use it

We use your data for these specific purposes, and nothing else:

Legal basis for processing (GDPR). Where applicable, we rely on legitimate interest (running the service you requested, preventing fraud and abuse), contract (delivering reports you asked for), and consent (analytics cookies, which you can opt out of via your browser).

04

Who has access

We use a small set of trusted infrastructure and AI providers to operate the service. Every provider listed below has a published privacy policy and standard data-processing terms. We do not share data with anyone outside this list, and we do not use any data broker, ad network, or audience-modeling partner.

Provider What it sees Why
Anthropic / OpenAI The captured page content (HTML, CSS, screenshot context, structural facts) and the prompt to analyze it To generate the AI-written explanations attached to each finding. Provider terms prohibit them from training models on our API requests.
SendGrid (Twilio) Your email address and the report content, when you ask us to email it Transactional email delivery only.
Cloudflare Your IP, user agent, and the basic request envelope for any page load DDoS protection, TLS termination, edge caching.
Google Analytics Page views and anonymized interaction events Understanding which parts of the auditor get used and where the experience breaks.
Our hosting provider Encrypted server storage of audit records and logs Running the application server itself.
In plain English

The captured webpage goes to the AI provider to generate the report text. Your email goes to SendGrid if you ask us to email you a copy. That's it. No one buys, rents, or borrows data from us.

05

What we never do

This list is exhaustive of common practices we explicitly reject:

We never sell your data. Not anonymized, not aggregated, not in any form.
We never share your data with advertising partners, audience-modeling firms, or data brokers.
We never use audit content to train AI models, ours or anyone else's.
We never add you to a marketing list because you ran an audit.
We never log into the website you audit. We only see what a public visitor sees.
We never read individual audit reports for fun or curiosity. Operations work only.
We never store your raw IP address. Only one-way salted hashes for rate limiting.
We never collect credit card information. SiteAudit is free.
06

How long we keep it

Different data has different lifespans. The Service is designed to expire records automatically rather than accumulate them indefinitely:

07

How we protect it

SiteAudit was built with security as a first-class concern, not an afterthought:

No security program is perfect. If you discover a vulnerability, please report it to the contact address below rather than disclosing publicly. We'll respond promptly and credit you if you'd like.

08

Your rights

Depending on where you live, you have specific rights regarding your personal data. We honor these rights for every user regardless of jurisdiction:

For California residents specifically (CCPA/CPRA), the rights above include the right to opt out of "sale" and "sharing" of personal information. As noted, we do not sell or share personal information in any form, so there's nothing to opt out of — but you can confirm this with us at any time using the contact below.

To exercise any right, email the contact address below. We respond within 30 days.

09

Cookies & analytics

We use a minimal set of browser storage. Specifically:

We do not set advertising cookies, retargeting pixels, or social-platform tracking pixels.

10

Children

SiteAudit is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has submitted information to us, contact us and we'll delete it.

11

International transfers

SiteAudit is operated from the United States. If you use the Service from outside the U.S., your data will be transferred to and processed in the U.S. By using the Service, you consent to this transfer.

For users in the European Economic Area, the United Kingdom, or other jurisdictions with cross-border data-transfer requirements: where our third-party processors are based outside your jurisdiction, they have published Standard Contractual Clauses or equivalent transfer mechanisms covering data they receive from us.

12

Changes to this policy

We may update this policy when the underlying practices change. The "Last updated" date at the top of this page always reflects the most recent version. Material changes (new third parties, new categories of data collected, new retention windows) will be highlighted at the top of this page for at least 30 days before taking effect. Trivial changes (typo fixes, clarifications) may be made without notice.

13

Contact

For any privacy question, data-rights request, security disclosure, or general policy inquiry:

Next Level HTML

Arlington, Texas, United States

privacy@nextlevelhtml.com

We aim to respond to all requests within five business days, and complete data-rights requests within 30 days of receipt.