SiteSpin
Get started

Privacy

Privacy Policy

Last updated June 3, 2026

Who we are

SiteSpin is an iOS app and web service that helps people create and publish websites by chatting with an AI. This policy explains what information we collect and how we use it. "We" and "us" refer to SiteSpin and the company that operates it.

What this policy covers

This policy applies to the SiteSpin iOS app, the SiteSpin web app and website at sitespin.app, and websites that SiteSpin generates and hosts on *.sitespin.app subdomains. It does not cover websites that SiteSpin users connect to their own custom domains after publishing. Once a site is hosted on a custom domain, the visitor relationship is between the site owner and their visitors.

What we collect

  • Name and email. When you sign in with Apple, Google, or a one-time code sent to your email, we receive your email address (and your name when the provider supplies it). Apple only shares your name on your first sign-in.
  • Business contact details. When you describe your business in the chat, you may type details like your phone number or business address. We store whatever you share so the AI can include it in your generated website.
  • User content. The photos you upload, the business details you share, and the website code SiteSpin generates from your inputs. All of this is yours.
  • User identifier. A random user ID created when you first open the app, used to keep your projects associated with you.
  • Purchase history. When you subscribe, we receive a confirmation of the purchase. For subscriptions bought in the iPhone or iPad app, Apple is the merchant of record and we never see your card details. For subscriptions bought on the web, payment is processed by our web payment provider (RevenueCat Web Billing, using Stripe); we never see your full card number.
  • Notification token. If you turn on notifications, we store a device token from Apple so we can tell you when your site finishes building or a visitor submits your contact form. It is used only to deliver these notifications.
  • App install attribution. If you install the app after tapping an Apple Search Ads ad, we receive an Apple-provided attribution token and a random per-install identifier, and we share install and subscription events with Apple to measure which ads work. This is first-party measurement from Apple; it is not a cross-app advertising identifier and is not shared with data brokers.

What we do not collect

  • Your location (precise or coarse)
  • A cross-app advertising identifier (IDFA), or any identifier used to track you across other companies' apps and websites
  • Your contacts
  • Health, financial, or sensitive information
  • Crash reports or product analytics from inside the SiteSpin iOS app or web app
  • Any data sold or shared with data brokers

How we use Anthropic Claude

SiteSpin uses Anthropic's Claude API to read your messages and generate your website. When you send a chat message, we transmit the message text, any photos you attach, and the relevant business details from your profile to Anthropic. Anthropic processes the data to produce the AI response (a follow-up question, a generated site layout, an edit, and so on) and returns it to us.

Anthropic retains commercial API data for up to seven days for abuse monitoring, then deletes it. Anthropic does not use commercial API data to train its models. See Anthropic's commercial terms for details.

The first time you try to send a message, we ask for your explicit consent before sending anything to Anthropic. You can revoke this consent any time in Settings → Privacy → AI processing. Without consent, you can browse the app but cannot generate or edit a site.

Content moderation

To keep SiteSpin safe, we run an automated check (using Claude) over the content you submit, to enforce our Acceptable Use Policy. When content is flagged, we keep a short excerpt of it, the decision, and the model used, so we can act on abuse and detect repeat violations. Sites that violate our rules may be unpublished and the accounts suspended.

Third parties

SiteSpin uses the following third-party services to run. Each one only receives the data described.

  • Anthropic (Claude API). See the dedicated section above. Anthropic receives the chat messages, photos, and business details you share so the AI can generate your website.
  • Supabase. Hosts our database, file storage, and authentication.
  • Google. If you choose "Continue with Google," Google verifies your identity and shares your name and email with us. We never receive your Google password.
  • Vercel. Hosts the websites that SiteSpin publishes for users, the SiteSpin web app, and the marketing site at sitespin.app.
  • RevenueCat. Manages your subscription state and, for subscriptions bought on the web, processes the checkout (RevenueCat Web Billing). Receives your user ID, subscription and receipt data, and, for web purchases, the billing details needed to take payment.
  • Stripe. Processes card payments for subscriptions bought on the web (via RevenueCat Web Billing) and provides the billing-management portal. Receives the payment details you enter at checkout. We never see your full card number.
  • Apple. Processes payments for purchases made in the iPhone or iPad app (we never see card data), delivers push notifications through the Apple Push Notification service, and, for installs from an Apple Search Ads campaign, provides install attribution.
  • Resend. Sends email when you contact us, report a published site, or submit our contact form. Receives the name, email address, and message you submit.

Analytics and visitor data

Websites that SiteSpin publishes on your behalf include private visitor analytics powered by Pirsch. Pirsch is cookieless and uses a salted 24-hour hash of IP address, user agent, and date to count unique visitors. No personal data is stored. Visitors to SiteSpin-generated websites do not need a cookie banner. Pirsch does not run inside the SiteSpin iOS app or the SiteSpin web app.

Our marketing site at sitespin.app uses Vercel Analytics, a cookieless, privacy-friendly measurement tool, to count page views and page performance. It does not use cookies and does not track you across other sites.

When a visitor submits a contact or inquiry form on a website SiteSpin hosts for you, we store the form contents along with the visitor's IP address (kept for up to 90 days, then removed) and browser user-agent, so we can deliver the submission to you and prevent spam.

Your rights

You can:

  • Access the data we hold about you by emailing us.
  • Export your projects by emailing us. A self-serve export feature is on the roadmap.
  • Delete your account in SiteSpin (web or app): Settings → Account → Delete Account. Deletion is immediate; your account, sites, chat history, uploaded photos, and analytics are removed within seconds. Active subscriptions continue to renew unless cancelled separately. If you subscribed via the iPhone or iPad app, cancel in your device's Settings → Apple ID → Subscriptions. If you subscribed on the web, open your SiteSpin account settings and manage the subscription from there.

EU residents have additional rights under GDPR, including the right to object to processing and to lodge a complaint with a supervisory authority. California residents have rights under the CCPA, including the right to know what data we collect and the right to deletion.

Children

SiteSpin is rated 4+ but is not intended for users under 13. We do not knowingly collect personal information from children under 13.

Changes to this policy

We may update this policy from time to time. The "last updated" date at the top will reflect the most recent change. Material changes will be announced in SiteSpin (web or app).

Contact

Privacy questions? Visit our help page. We respond within one business day.