1 Introduction
Welcome to Sitemap.xml ("we," "our," or "us"). We are committed to protecting your privacy and handling your data in an open and transparent manner. This Privacy Policy explains how and why we might collect, store, use, and/or share ("process") your information when you use our services.
This policy applies to all information collected through our website ("sitemap.xml"), applications, services, APIs, and related products (collectively, the "Services"). By accessing or using our Services, you agree to the collection and use of information in accordance with this policy.
Please read carefully. If you do not agree with the terms of this Privacy Policy, please do not access the Services. We reserve the right to update this policy at any time, and continued use of the Services after such changes constitutes your acceptance.
2 Information We Collect
We collect information to provide features of our Services and to deliver the services you have requested. We may collect the following categories of information:
2.1 Personal Data
Personal data is information that can identify you as an individual. We may collect and process the following personal data:
- Identity Information: name, username, title, date of birth.
- Contact Information: billing address, delivery address, email address, phone number.
- Technical Data: IP address, login data, browser type and version, time zone setting, operating system, and platform.
- Financial Information: payment card details (processed securely through our payment provider — we do not store raw card numbers).
- Profile Information: your account details, purchased products or services, preferences, feedback, and survey responses.
- Website Sitemap Data: URLs, metadata, and content structure from the websites you authorize us to scan and index.
2.2 Usage Data
We automatically collect information about how you interact with our Services, including:
- Access Logs: records of pages visited, links clicked, features used, time spent, and navigation paths.
- Performance Metrics: loading times, error rates, API response data, and system interaction patterns.
- Device Information: hardware model, operating system, unique device identifiers, and mobile network information.
2.3 Automated Decision-Making
Some features of our Services rely on automated processing to determine sitemap priorities, indexing schedules, and API rate limits. These decisions are based on your usage patterns and configuration settings, not personal profiling.
Transparency. You can request information about any automated decision-making processes that affect you at any time by contacting our Data Protection Officer.
3 How We Use Your Data
We use the information we collect for the following business purposes:
- Service Delivery: To generate, maintain, and update your sitemaps; process API requests; and deliver our core indexing functionality.
- Account Management: To create and manage your account, process payments, and provide customer support.
- Communication: To send administrative information, service updates, security alerts, and support responses.
- Analytics & Improvement: To analyze usage trends, improve service performance, and develop new features.
- Marketing: To send promotional communications (only with your explicit consent for direct marketing). You can opt out at any time.
- Security: To detect, prevent, and address technical issues, unauthorized access, and fraudulent activity.
- Legal Compliance: To comply with applicable laws, regulations, and legal processes.
4 Legal Basis for Processing
Under the GDPR and applicable data protection laws, we rely on the following legal bases to process your personal data:
- Contractual Necessity: Processing required to perform our contract with you (providing sitemap services).
- Consent: Processing where you have given explicit consent (e.g., marketing communications, optional analytics).
- Legitimate Interests: Processing necessary for our legitimate business interests, such as service improvement, fraud prevention, and network security.
- Legal Obligation: Processing required to comply with a legal or regulatory obligation.
Note for EU/UK Users. If you are in the European Economic Area (EEA) or the United Kingdom, you have specific rights under GDPR and the UK Data Protection Act 2018. See Section 9 below for details on exercising these rights.
5 How We Share Your Data
We may share your personal data with the following categories of third parties:
- Service Providers: Cloud hosting providers (AWS, Cloudflare), payment processors (Stripe), email delivery services (SendGrid), and analytics platforms that assist in operating our Services.
- Search Engines: With your authorization, we submit sitemap data to Google, Bing, Yandex, and other search engine indexing services.
- Professional Advisors: Lawyers, auditors, and insurers who require access to perform their professional duties.
- Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction.
- Legal Requirements: When required by law, regulation, legal process, or governmental request.
We do not sell your personal data to third parties for advertising purposes.
All third-party service providers are contractually bound to protect your data and use it only for the purposes we specify. They are required to implement appropriate technical and organizational security measures.
6 International Data Transfers
Your data may be transferred to, and processed in, countries other than your country of residence. These countries may have data protection laws that differ from your jurisdiction.
When we transfer personal data outside of the European Economic Area (EEA) or the United Kingdom, we ensure an adequate level of protection by using one of the following mechanisms:
- European Commission Adequacy Decisions: Transfers to countries deemed to provide adequate protection.
- Standard Contractual Clauses (SCCs): EU and UK approved contractual safeguards.
- Binding Corporate Rules: Where applicable to intra-group transfers.
We conduct regular assessments of third-party processors and the jurisdictions in which data is processed to ensure ongoing compliance.
7 Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:
- Encryption: TLS 1.3 for data in transit; AES-256 encryption for data at rest.
- Access Controls: Role-based access, multi-factor authentication, and principle of least privilege.
- Infrastructure Security: Regular security audits, penetration testing, and continuous monitoring.
- Incident Response: Documented procedures for detecting, reporting, and investigating data breaches. We will notify affected users and supervisory authorities where required by law.
- Employee Training: Mandatory data protection and security awareness training for all staff.
No Guarantee. While we strive to protect your personal data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your information.
8 Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including satisfying any legal, accounting, or reporting requirements. Retention periods are determined by:
- Account Data: Retained for the duration of your account plus 24 months after closure for warranty and support purposes.
- Financial Records: Retained for 7 years to comply with tax and accounting regulations.
- Usage Logs: Retained for 12 months for security and analytics, then anonymized.
- Marketing Consent Records: Retained until consent is withdrawn, plus 12 months for audit purposes.
- Sitemap Data: Retained for the duration of your subscription; deleted within 30 days of account termination unless legally required otherwise.
When data is no longer needed, it is securely deleted or anonymized so that you can no longer be identified from it.
9 Your Data Protection Rights
Depending on your location, you may have the following rights regarding your personal data:
- Right of Access: Request copies of your personal data we hold.
- Right to Rectification: Request correction of inaccurate or incomplete data.
- Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data where there is no legitimate reason for continued processing.
- Right to Restrict Processing: Request that we limit how we use your data.
- Right to Data Portability: Receive your data in a structured, machine-readable format and transfer it to another service.
- Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.
- Right to Withdraw Consent: Withdraw previously given consent at any time. This does not affect the lawfulness of processing before withdrawal.
- Right to Lodge a Complaint: If you are in the EEA or UK, you have the right to lodge a complaint with a supervisory authority (e.g., Information Commissioner's Office in the UK).
How to Exercise Your Rights. To make a request under any of the above rights, contact our Data Protection Officer using the details in Section 13. We will respond within 30 days and will not charge a fee unless your request is manifestly unfounded or excessive, in which case a reasonable fee may apply.
10 Cookies & Tracking Technologies
Our website uses cookies and similar tracking technologies to collect and track information about your activity. We use the following categories of cookies:
- Essential Cookies: Required for the website to function (e.g., authentication, security). These cannot be disabled.
- Analytics Cookies: Help us understand how visitors interact with our site (e.g., Google Analytics). Data is anonymized where possible.
- Functional Cookies: Remember your preferences (e.g., language, region) to provide a personalized experience.
- Marketing Cookies: Track visitors across websites to display relevant ads. Only set with your explicit consent.
You can manage cookie preferences through our cookie consent banner or your browser settings. Blocking certain cookies may affect the functionality of our Services.
11 Children's Privacy
Our Services are not directed to children under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have inadvertently received personal data from a child under 16, we will take steps to delete that information as soon as possible.
If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately at dpo@sitemap.xml.
12 Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
- Post a prominent notice on our website at least 30 days before the change takes effect.
- Send an email notification to registered users for significant changes.
- Update the "Last Updated" date at the top of this policy.
We encourage you to review this policy periodically. Your continued use of the Services after the effective date of any modified policy constitutes your acceptance of the changes.
13 Contact Us
If you have any questions about this Privacy Policy, your data rights, or how we handle your information, please reach out to us: