Site Rep Privacy and Data Handling
These notes describe the current Site Rep product behavior and should not be read as a compliance certification.
What Site Rep collects
- Website URLs and approved source text used to train a customer bot.
- Visitor questions, cited answers, feedback, and unknown-question repair items.
- Lead details that a visitor chooses to submit, such as name, email, and buying need.
- Basic install, usage, quota, and source-health events needed to run the service.
How Site Rep uses this data
- To answer only from approved sources and ask for follow-up when source backing is missing.
- To show the customer leads, conversations, source gaps, install health, and exports.
- To improve that customer's bot and repair missing source coverage.
Customer controls
- Customers can export bot backup data, leads, conversations, and answer reports from the dashboard.
- Source edits create rollback snapshots where the source set is small enough to restore safely.
- Deletion review requests can be opened from the customer dashboard and are tracked for follow-up. Export requests can use the dashboard exports or hello@siterep.net.
Visitor-facing behavior
Site Rep should make the data boundary visible in the answer flow. If a visitor asks a question that the approved
sources do not prove, the assistant should ask for follow-up instead of inventing a policy, price, timeline, or support answer.
If the visitor asks for human follow-up, the lead form collects only the details needed for the customer team to reply.
Operational data
The service keeps setup state, install checks, source health, answer feedback, and team follow-up items so a customer
can see what worked and what needs repair. Those records are product operations data, not public search content.
Sub-processors
Site Rep relies on these providers to run the service. They process customer and visitor data only to deliver Site Rep:
- Cloudflare — hosting, Workers AI (answer generation), and storage (D1, R2, KV, Durable Objects). Cloudflare's Workers AI terms say customer content is not made available to other customers and is not used to train or improve services unless explicit consent is given; Site Rep storage services still keep the app data disclosed here.
- Dodo Payments — checkout, subscription, and billing as merchant of record.
- The configured email provider — customer notifications and transactional email.
What the widget stores on a visitor's device
The chat widget sets no cookies and no persistent local storage. It uses session-only storage for a random session id, which the browser clears when the tab closes. Visitor IP addresses are used only transiently in memory for rate limiting and abuse prevention; they are not stored with conversations or leads.
Current limits
Site Rep does not currently include SOC 2, GDPR, HIPAA, zero-retention, or no-training-on-data certification. Customers who need those commitments should request a written review before buying.