SiteTrust Privacy Policy

1. INFORMATION WE COLLECT

We collect several types of information to provide and improve our Services:

1.1 Information You Provide Directly

Account Registration Information:

• Organization name and business information
• Contact name, title, email address, and phone number
• Website URL and industry sector
• Company size and revenue range (optional)
• Any other information as we add to collect, from time-to-time

Certification Application Information:

• AI Usage Policy documentation
• Descriptions of AI systems and use cases
• Point-of-use disclosure examples and screenshots
• Third-party AI service provider information
• Transparency contact details

Payment Information:

• Billing name and address
• Payment card information (processed securely through our payment processor, NMI, as updated from time-to-time)
• Tax identification information (for invoicing purposes) on our Partners Program and in accordance with our Partner Program Terms & Conditions

Communications:

• Email correspondence and support requests
• Feedback, reviews, and survey responses
• Phone call recordings (with your consent, for quality assurance)

Partner Program Information:

• Tax forms (W-9 or equivalent)
• Banking information for commission payments
• Referral tracking and performance data

1.2 Information Collected Automatically

When you access our Services, we automatically collect:

Usage Data:

• Pages visited, links clicked, and features used
• Time and date of visits, session duration
• Referring website or application
• Search terms used to find our website

Device and Technical Information:

• IP address and approximate geographic location
• Browser type, version, and settings
• Operating system and device type
• Screen resolution and language preferences

Cookies and Similar Technologies:

We use cookies, web beacons, and similar tracking technologies to enhance your experience and analyze usage patterns. For detailed information, see Section 8 (Cookies and Tracking Technologies).

1.3 Information from Third Parties

We may receive information about you from:

• Partner Program Participants: Referral information when you are referred through our Partner Program
• Third-Party Auditors: Audit reports and verification data for Tier 2 and Tier 3 certifications
• Public Sources: Publicly available information about your organization for verification purposes
• Analytics Providers: Aggregate analytics and demographic information

2. HOW WE USE YOUR INFORMATION

We use the information we collect for the following purposes:

2.1 To Provide and Maintain Services

• Process certification applications and issue certifications
• Maintain Member Portal accounts and provide access to resources
• Generate and deliver certificates and badges
• Display certified organization information in our Public Registry
• Process payments and manage subscriptions

2.2 To Communicate With You

• Send application status updates and certification notifications
• Provide customer support and respond to inquiries
• Send renewal reminders and important account notifications
• Share updates about certification standards and policy changes
• Deliver newsletters and educational content (with your consent) as provided as part of sign-up and payment

2.3 To Improve and Develop Services

• Analyze usage patterns and optimize website performance
• Conduct research and develop new features
• Troubleshoot technical issues and debug errors
• Test and improve our certification processes

2.4 For Marketing and Business Development

• Promote our Services and share success stories
• Conduct market research and competitive analysis
• Track and analyze marketing campaign effectiveness
• Manage Partner Program referrals and commissions
• Promote additional services as we see fit from time-to-time.

2.5 For Security and Compliance

• Detect and prevent fraud, abuse, and security threats
• Enforce our Terms and Conditions and other policies
• Verify certification compliance and conduct audits
• Comply with legal obligations and regulatory requirements
• Respond to legal requests and protect our rights

3. HOW WE SHARE YOUR INFORMATION

We do not sell your personal information. We may share your information in the following circumstances:

3.1 Public Registry

Upon certification, the following information is displayed in our publicly searchable registry:

• Organization name and website URL
• Certification tier and issue date
• Link to your published AI Usage Policy
• Transparency contact information
• Certification status (active, suspended, expired)

3.2 Service Providers

We share information with trusted third-party service providers who assist us in operating our Services:

• Payment Processing: NMI (payment gateway) or any active processor who processes payment card information
• CRM and Marketing: GoHighLevel manages customer relationships and communications and any other CRM we use in our operations.
• Website Hosting: Cloud hosting providers maintain our infrastructure
• Analytics: Analytics platforms help us understand website usage
• Email Services: Email service providers deliver transactional and marketing emails

These service providers are contractually obligated to protect your information and use it only for the purposes we specify.

3.3 Third-Party Auditors

For Tier 2 and Tier 3 certifications, we share relevant application information with independent third-party auditors who verify your compliance with our standards. Auditors are bound by confidentiality agreements.

3.4 Partner Program Participants

If you are referred through our Partner Program, we share limited information (organization name, referral status, certification status) with the referring Partner for commission tracking purposes.

3.5 Business Transfers

If SiteTrust is involved in a merger, acquisition, asset sale, or bankruptcy, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our website before your information is transferred and becomes subject to a different privacy policy, as possible and necessary.

3.6 Legal Requirements

We may disclose your information when required by law or in response to:

• Valid legal process (subpoenas, court orders, search warrants)
• Government or regulatory inquiries
• Protection of our rights, property, or safety
• Prevention of fraud, abuse, or illegal activity

3.7 Aggregated or De-identified Information

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you for research, marketing, analytics, or other business purposes.

4. DATA SECURITY

4.1 Security Measures

We implement industry-standard security measures to protect your information:

• Encryption of data in transit using TLS/SSL protocols
• Encryption of sensitive data at rest
• Secure authentication and access controls
• Regular security audits and vulnerability assessments
• Employee training on data privacy and security
• Limited access to personal information on a need-to-know basis

4.2 Payment Card Security

Payment card information is processed directly by our PCI-DSS compliant payment processor (NMI) or active processor as updated from time-to-time. We do not store complete payment card numbers on our servers.

4.3 Limitations

While we implement reasonable security measures, no method of transmission or electronic storage is 100% secure. We cannot guarantee absolute security of your information. You are responsible for maintaining the confidentiality of your account credentials.

5. DATA RETENTION

5.1 Active Certifications

We retain your information for as long as your certification is active, plus a reasonable period afterward to allow for renewal or reapplication.

5.2 Expired or Revoked Certifications

After certification expiration or revocation, we retain records in accordance with internal practices as recognized by state law:

• Basic organization information for historical records.
• Certification application data.
• Financial and payment records:(for tax and accounting purposes)
• Communications and support tickets.

Our goal is to maintain the shortest period of time allowable on the retention of records. It is your responsibility upon termination to maintain your records.

5.3 Account Deletion

If you request account deletion, we will delete or anonymize your personal information within 30 days, except where retention is required by law, for fraud prevention, or to resolve disputes.

5.4 Backup Data

Information may persist in backup systems for up to 90 days after deletion from active systems, but we do not guarantee a certain period of time.

6. YOUR PRIVACY RIGHTS

Depending on your location, you may have the following rights regarding your personal information:

6.1 Access and Portability

You have the right to request a copy of the personal information we hold about you. We will provide this information in a structured, commonly used, machine-readable format.

6.2 Correction

You have the right to request correction of inaccurate or incomplete personal information. You can update most information directly through your Member Portal account.

6.3 Deletion

You have the right to request deletion of your personal information, subject to certain exceptions (e.g., legal obligations, fraud prevention, dispute resolution).

6.4 Restriction of Processing

You may request that we limit how we use your personal information in certain circumstances.

6.5 Objection

You may object to our processing of your personal information for direct marketing purposes or based on legitimate interests.

6.6 Opt-Out of Marketing

You can opt out of marketing emails at any time by clicking the "unsubscribe" link in any marketing email or by contacting us at privacy@sitetrust.com or info@sitetrust.com. Note that you cannot opt out of transactional emails related to your certification.

6.7 How to Exercise Your Rights

To exercise any of these rights, contact us at:

Email: privacy@sitetrust.com or info@sitetrust.com
Mail: Privacy Officer, Site Trust, LLC,, 2725 Abington Road, Suite 202, Fairlawn, OH 44333

We will respond to verified requests within 30 days (or as required by applicable law). We may request additional information to verify your identity before processing certain requests.

6.8 Right to Lodge a Complaint

If you believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local data protection authority.

7. CALIFORNIA PRIVACY RIGHTS (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

7.1 Categories of Information Collected

In the past 12 months, we have collected the following categories of personal information:

• Identifiers (name, email, address, IP address)
• Commercial information (transaction history, certification details)
• Internet activity (website usage, browsing history)
• Professional information (organization details, job title)
• Inferences (preferences, characteristics, behaviors)

7.2 Right to Know

You have the right to request disclosure of: (a) the categories and specific pieces of personal information we collected; (b) the categories of sources; (c) the business or commercial purpose for collecting; (d) the categories of third parties with whom we share; and (e) how we use the information.

7.3 Right to Delete

You have the right to request deletion of personal information we collected from you, subject to certain exceptions.

7.4 Right to Opt-Out of Sale

WE DO NOT SELL YOUR PERSONAL INFORMATION.

7.5 Right to Non-Discrimination

We will not discriminate against you for exercising your CCPA rights. You will not receive different pricing, quality of service, or have services denied because you exercised your rights.

7.6 Authorized Agent

You may designate an authorized agent to make requests on your behalf. We may require verification of your identity and written authorization before processing the agent's request.

8. COOKIES AND TRACKING TECHNOLOGIES

8.1 What Are Cookies

Cookies are small text files placed on your device when you visit our website. They help us recognize you, remember your preferences, and improve your experience.

8.2 Types of Cookies We Use

• Essential Cookies: Required for basic website functionality (login, navigation, security). These cannot be disabled.
• Performance Cookies: Help us understand how visitors use our website by collecting anonymous analytics data.
• Functional Cookies: Remember your preferences and settings to personalize your experience.
• Marketing Cookies: Track your browsing activity across websites to deliver relevant advertisements.

8.3 Third-Party Cookies

We use third-party services that may set cookies on your device:

• Google Analytics (website analytics)
• LinkedIn Insight Tag (advertising and analytics)
• Social media platforms (if you interact with social sharing buttons)
• Any other services not specifically listed

8.4 Managing Cookies

You can control and delete cookies through your browser settings. However, disabling cookies may limit your ability to use certain features of our website.

Most browsers accept cookies by default. You can usually modify your browser settings to:

• Block all cookies
• Block third-party cookies
• Receive notifications when cookies are set
• Delete cookies after each session

8.5 Do Not Track

Our website does not currently respond to "Do Not Track" browser signals. We will update this policy if we implement Do Not Track functionality in the future.

9. INTERNATIONAL DATA TRANSFERS

Our Services are operated from the United States and internationally as needed. If you are located outside the United States, your information will be transferred to and processed in the United States, where data protection laws may differ from those in your country.

By using our Services, you consent to the transfer of your information to the United States and other countries where we or our service providers operate.

For users in the European Economic Area (EEA), United Kingdom, or Switzerland, we implement appropriate safeguards for international data transfers, including standard contractual clauses approved by relevant authorities.

10. CHILDREN'S PRIVACY

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18.

If we become aware that we have collected personal information from a child under 18 without parental consent, we will take steps to delete such information promptly. If you believe we have collected information from a child under 18, please contact us at privacy@sitetrust.com or info@sitetrust.com.

11. THIRD-PARTY LINKS AND SERVICES

Our website may contain links to third-party websites, services, or resources. This Privacy Policy does not apply to those third-party sites.

We are not responsible for the privacy practices of third-party websites. We encourage you to review the privacy policies of any third-party sites you visit. Links to third-party sites do not constitute an endorsement by SiteTrust.

12. AI USAGE AND TRANSPARENCY

12.1 Our AI Practices

As a company committed to AI transparency, we practice what we preach. We use artificial intelligence in certain aspects of our Services, including:

• Content generation and analysis (with human oversight)
• Data analysis and pattern recognition
• Customer support assistance (chatbots with human escalation)
• Administrative and operational functions

All AI-generated or AI-assisted content is clearly labeled and subject to human review. Detailed information about our AI usage is available in our AI Usage Policy or AI Policy at sitetrust.com/ai-policy.

12.2 AI and Your Data

When we use AI systems that process your personal information:

• We ensure appropriate data protection measures are in place
• We maintain human oversight for significant decisions
• We do not use your data to train third-party AI models when possible
• We implement safeguards against bias and unfair outcomes

13. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

We will notify you of material changes by:

• Posting a prominent notice on our website
• Sending an email to the address associated with your account
• Updating the "Effective Date" at the top of this policy

Material changes will take effect 30 days after notification. Your continued use of the Services after changes take effect constitutes acceptance of the updated Privacy Policy.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

14. CONTACT INFORMATION

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Privacy Officer
Site Trust, LLC (DBA SiteTrust)
2725 Abington Road, Suite 202
Fairlawn, Ohio 44333
Email: privacy@sitetrust.com or info@sitetrust.com
Website: https://sitetrust.com
Phone: email or website form contact only