SITATION PRIVACY POLICY
Effective Date: June 22, 2026

This policy explains what Sitation collects when you use the website and browser extension, why it is needed, and how you can control it.

WHAT SITATION COLLECTS
- Account information: your name, email address, and securely hashed password.
- Authentication information: private credentials used to connect your signed-in account to the extension and hashed, time-limited tokens used for password recovery. Extension credentials are managed automatically and are not displayed as an account setting.
- Website context: the page URL and title plus limited information about the element you intentionally select, such as its text, tag, selector, and nearby text.
- Your content: project names, comments, replies, comment status, pin color, anchor position, project memberships, invitations you send or accept, and messages you submit to support.
- Local settings: selected project, display name, view mode, and comment mode stored by Chrome on your device.

WHY IT IS COLLECTED
Sitation uses this information only to create your account, authenticate the extension, attach comments to the webpage elements you choose, reload those comments on the correct pages, deliver project invitations, and operate shared projects. Sitation does not use browsing data for advertising, credit decisions, or unrelated profiling.

WHEN THE EXTENSION READS A PAGE
The extension accesses a webpage only after you open Sitation from the browser toolbar on that page. It then shows existing pins and lets you select an element for a new comment. Sitation turns itself off when the page URL changes, and you must open the popup again on the next page. It sends page and element context only when needed to retrieve comments for the active project or when you intentionally create or move a comment.

STORAGE AND SECURITY
Account, project, and comment data is stored in Sitation's hosted database. Authentication and local preferences are also stored in your browser. Data is encrypted in transit using HTTPS. Passwords are stored as hashes rather than readable passwords.

SERVICE PROVIDERS AND SHARING
Sitation uses infrastructure providers, including Vercel for application hosting, Neon for database hosting, Resend for transactional email delivery, and Cloudflare Turnstile for bot protection, to process data on Sitation's behalf. Resend receives email addresses and email contents for password resets, project invitations, and support requests. Cloudflare receives technical challenge data when you use the support form. Data is not sold, rented, or shared with advertisers. It may be disclosed when required by law, to protect users and the service, or during a business transfer with appropriate safeguards.

RETENTION AND DELETION
Account, project, and comment data is kept while your account is active or as needed to provide Sitation. Logging out removes the extension's locally stored authentication and settings. You can permanently delete your account from the account page; this deletes the account, its projects, comments, replies, and extension access. Limited backups or security records may remain temporarily before routine deletion.

YOUR CHOICES
Sitation accesses review pages only when you open its toolbar popup. You can stop access by navigating away, closing the tab, disabling the extension, or uninstalling it. You can delete resolved root comments in Sitation; their replies are deleted with them. You can delete your complete account from the account page or contact support if you cannot sign in.

CHILDREN
Sitation is not directed to children under 13, and it does not knowingly collect their personal information.

CHANGES AND CONTACT
Material changes will be posted with a revised effective date.
Support: https://sitation.io/support
Privacy page: https://sitation.io/privacy