Skip to content
SiteShiftCo

Privacy Policy

What we collect when you get in touch, how we use it, and how to ask us to delete it.

In short: we collect the name, email address, and message you send us through the contact form. We use that to reply to your enquiry. We also use PostHog to understand how people use the site, which includes product analytics, heatmaps, and session recordings of site visits (with sensitive fields masked). We don't sell your data or share it for marketing.

Who we are

SiteShiftCo is a website migration service operated by a company registered in Wyoming, USA. In this policy, "we", "us" and "our" refer to SiteShiftCo. For data protection purposes (including under the GDPR and UK GDPR), SiteShiftCo is the controller of your personal information. You can reach us at hello@siteshiftco.com.

This policy covers personal information we collect through siteshiftco.com and through enquiries sent to us by email.

What we collect

From the contact form

When you use the contact form on this site, we collect:

  • Your name
  • Your email address
  • Your current website URL (optional)
  • The message you write

From analytics (PostHog)

We use PostHog, a product analytics tool, to understand how people use the site. When you visit siteshiftco.com, PostHog receives:

  • Pages you viewed and actions you took (for example, button clicks and form interactions)
  • Basic device and browser information (user agent, screen size, language)
  • Your approximate location (derived from IP, typically at the city or country level)
  • A random identifier that links your visits together over time so we can tell a returning visitor from a new one
  • Heatmap data: aggregated click and scroll activity on each page, used to understand how visitors navigate the site
  • Session recordings: a replay of your visit, including mouse movements, scrolling, and clicks. Text you type into form fields (such as the contact form) is masked and not captured in the recording. Recordings help us debug layout and usability issues

PostHog stores this using cookies or local storage in your browser. We don't use PostHog to identify you by name unless you've already given us your name (for example, through the contact form) and we choose to associate events with that identity to debug a specific issue. We don't use this data for advertising.

If you'd rather not be counted in analytics or recorded, most browsers support a "Do Not Track" or "Global Privacy Control" signal, and PostHog respects these. You can also block siteshiftco.com in a privacy extension such as uBlock Origin or Privacy Badger.

From server logs

The site is hosted on Cloudflare, which records standard request information (such as IP address, user agent, and request time) in its server logs for security and abuse prevention. We don't use those logs for marketing.

From direct email

If you email us directly, we receive whatever information you include in the email (typically name, email address, and the content of your message).

How we use it

We use the information you send us to:

  • Reply to your enquiry
  • Scope and quote a migration if you ask for one
  • Carry out the work if we go ahead
  • Keep records of past work and conversations (invoices, project notes, email history)

We use analytics data to understand what's working on the site, which pages are useful, and where the experience breaks down. We look at this in aggregate to improve the site. We don't use it to profile individual visitors or to target ads.

We don't use contact information for unrelated marketing. We don't add you to a newsletter. We don't sell or rent your details to anyone.

Legal basis (for readers in the EU/UK)

If you're in the EU or UK and the GDPR applies, our legal bases for processing your information are:

  • Consent and steps taken at your request prior to entering into a contract, when you send us an enquiry.
  • Performance of a contract, once we're doing work for you.
  • Legitimate interests, for keeping reasonable business records of past enquiries and completed work, and for operating the site securely.

Who we share it with

We keep the number of service providers small. The ones that may process your personal information on our behalf are:

  • Cloudflare, our hosting and email-routing provider. Your contact form submission is delivered to our inbox through Cloudflare's email infrastructure.
  • PostHog, our product analytics provider, which receives the events described above and helps us understand how the site is used.
  • Our email provider, where enquiries land and where our replies are stored.
  • Our accounting and payments providers, if you become a client and we invoice you. We only share the details required to raise and collect payment.

We may also disclose information if we're required to by law, or to protect our rights or the safety of others. We don't sell personal information.

Where it's stored

SiteShiftCo is a US-registered business and most of our providers store data in the United States:

  • Cloudflare operates a global network, so email routing and request logs may pass through servers in multiple countries before reaching our inbox.
  • PostHog stores analytics data in its US region by default; we use the region in place when this policy was last updated.
  • Our email inbox and business records are held with US-based providers.

If you're in a region with data-transfer rules (such as the EU, UK, or Australia), by contacting us or using the site you understand that your information may be transferred to, and processed in, the United States. We rely on our providers' standard contractual clauses and equivalent safeguards for those transfers where required.

How long we keep it

  • Contact form enquiries and email threads: up to three years after our last exchange.
  • Client project files and invoices: seven years, to meet US tax and accounting record-keeping requirements.
  • Analytics events in PostHog: up to 12 months, after which older events are purged or anonymised.
  • Server logs held by Cloudflare: retained according to Cloudflare's own policy (typically short-term).

If you ask us to delete your details sooner, we will, unless we're required to keep them for legal reasons (for example, tax records for completed work).

Your rights

Depending on where you live, you may have the right to:

  • Ask for a copy of the personal information we hold about you
  • Ask us to correct information that's inaccurate
  • Ask us to delete information we no longer need
  • Object to or restrict certain types of processing
  • Withdraw consent, where we're relying on consent
  • Lodge a complaint with your local data protection regulator

To exercise any of these, email hello@siteshiftco.com with your request. We'll reply within a reasonable time, usually inside 30 days.

If you're in California

Under the CCPA and CPRA, California residents have rights to know, delete, correct, and opt out of the "sale" or "sharing" of personal information. We don't sell or share personal information for cross-context behavioural advertising, so there is nothing to opt out of. Requests to access or delete can be sent to hello@siteshiftco.com.

Children

This site and service are aimed at business owners. We don't knowingly collect personal information from children under 16. If you think a child has sent us information through this site, let us know and we'll delete it.

Security

We use reputable providers for hosting, email, and billing, and we keep access to client records limited to people who need it. No online service is perfectly secure, but we take reasonable steps to protect the information you share with us.

Changes to this policy

We may update this policy as our tools or practices change. The "last updated" date at the bottom of this page always reflects the current version. Material changes will be flagged on the site before taking effect.

Contact

Questions about this policy, or a request about your information, can be sent to hello@siteshiftco.com.