Privacy Policy
Last updated: July 3, 2026
Introduction
Site Stats Database (“SSDB,” “we,” “us”) operates sitestatsdb.com, a commercial, queryable and exportable database of website metrics. This Privacy Policy explains what personal data we collect from the people who use our service, how we handle the data we publish about third-party websites, the legal bases for our processing, and the rights you have.
For the terms governing your use of the service, see our Terms & Conditions. If you own a website that appears in our database and want it removed, see Remove your site.
Who We Are (Controller)
The operator and data controller is Site Stats Database. You can contact us about privacy at hello@sitestatsdb.com.
Business address: 1 E Erie St, Suite 525-3160, Chicago, IL 60611.
Personal Data We Collect About Account Holders
When you create an account or buy a plan, we (and our processors) collect a limited amount of personal data about you:
- Account information: your email address, and the password and authentication details you set. Authentication is handled by Clerk; we never see or store your raw password.
- Billing information: your purchase, plan, and entitlement status. Payments and card details are handled by Polar.sh, which acts as the Merchant of Record. We do not receive or store your full card number.
- Technical and log data: when you use the site, our hosting provider (Vercel) processes standard request data such as your IP address, browser type, and the pages you request, for security and reliability.
- Messages you send us: if you contact us by email or through a contact form, we receive your email address and the contents of your message.
For website analytics we use Plausible, a privacy-friendly service that uses no cookies, stores no personal data, and does not track visitors across sites; we see only aggregate page-view statistics. We do not run advertising-network tracking and we do not buy or build advertising profiles about our users. If you arrive through an affiliate link, a first-party cookie records that referral so the affiliate can be credited (see Cookies and Tracking below).
How We Use Account Data and the Legal Basis
- To provide the service (create and secure your account, give you access to the data you bought, deliver exports). Legal basis: performance of our contract with you.
- To take payment and meet tax and accounting duties. Legal basis: performance of our contract and compliance with legal obligations.
- To keep the service secure and prevent abuse (for example, server logs and rate controls). Legal basis: our legitimate interest in running a safe, working service.
- To respond to your support messages. Legal basis: our legitimate interest in helping our customers, or performance of our contract.
Data We Publish About Third-Party Websites
SSDB’s core product is a database of information about websites. Some of that information can relate to identifiable people (for example, the metrics and technology profile of a personal blog or a one-person business). This section is our notice to those individuals under Article 14 of the GDPR, since we do not collect this data directly from them.
- What we collect: domain-level metrics (such as estimated traffic, authority, keywords, and the technology stack a site uses) and business-level details published on or associated with a website, such as the company name and which social platforms the site links to (platform names only). We do not store individual contact details. We do not retain contact email addresses, phone numbers, postal addresses, or social media handles or account identifiers.
- Where it comes from: most of it comes from publicly available web pages that we crawl and parse. We also license specific metrics from two vendors: DataForSEO supplies traffic estimates, total keywords, referring domains, and authority (PageRank), and Ahrefs supplies the Domain Rating metric. Domain registration dates come from public RDAP/WHOIS records.
- Why we process it (legal basis): legitimate interests under Article 6(1)(f). We provide a business-intelligence and market-research tool that aggregates information that is already public or commercially licensed. We have weighed this against the interests and rights of the individuals concerned. The data is business-facing rather than sensitive, it is gathered from public or licensed sources, it is used for professional research rather than consumer profiling, and we offer a clear, free removal route (see below). We do not process special-category data for this purpose.
- Who we share it with: our paying customers, who access it through the database and exports under the restrictions in our Terms, and our infrastructure processors listed below. We do not sell this data to data brokers for onward resale outside our own product.
- Retention: we retain third-party website data for as long as it is useful to the product and refresh it periodically. If a domain is removed at the owner’s request, it is added to an internal blocklist and excluded from future refreshes.
Rights of People Whose Data Appears in the Database
If information about you or your website is in our database, you have the right to object to our processing, to ask for your data to be erased, to ask for it to be corrected, and to ask what we hold. Because our legal basis is legitimate interests, you can object at any time and we will stop processing your domain’s data unless we have compelling legitimate grounds that override your interests. You also have the right to lodge a complaint with your local data protection authority. Because this data was not collected directly from you, we rely on the Article 14(5) exemption from notifying each person individually, as doing so would involve disproportionate effort given the scale of the dataset; this policy serves as that notice.
The fastest way to exercise these rights is the removal process on our Remove your site page, or by emailing hello@sitestatsdb.com.
Cookies and Tracking
We keep cookies to a minimum. The cookies set on this site are:
- Clerk sets essential session and authentication cookies so you can sign in and stay signed in.
- Polar.sh sets cookies needed to complete checkout.
- Affiliate attribution (Affonso): if you arrive through an affiliate link, a first-party cookie records that referral for up to 30 days so the referring affiliate is credited if you later subscribe. It is not used for general advertising and is not shared to build an advertising profile.
Our analytics (Plausible) sets no cookies at all, and we do not use advertising-network cookies. The affiliate-attribution cookie described above is the only non-essential cookie we set, and for visitors in the EU, EEA, and UK we ask for your consent before setting it.
Processors and Service Providers
We rely on the following providers to run the service. Each processes data only as needed to deliver its part of the service:
- Clerk: authentication. Stores your account email and handles passwords, multi-factor authentication, and sessions.
- Polar.sh: payments as Merchant of Record. Handles checkout, tax and VAT, invoices, and the customer portal.
- Neon: hosts our Postgres database.
- Vercel: application and edge hosting. Processes request logs and IP addresses.
- Resend: delivers messages submitted through our contact form to us, and sends transactional email.
- DataForSEO: upstream data vendor. Supplies traffic estimates, total keywords, referring domains, and authority (PageRank).
- Ahrefs: upstream data vendor. Supplies the Domain Rating metric only.
- Affonso: affiliate-program tracking. Records affiliate referrals so payouts can be attributed, and sets the first-party attribution cookie described under Cookies and Tracking.
- Plausible: privacy-friendly website analytics. Cookieless; processes page views in aggregate without storing personal data or tracking visitors across sites.
International Data Transfers
Site Stats Database operates from the USA and several of our providers are based in or process data in the USA. Where personal data of people in the EEA or UK is transferred, we rely on appropriate safeguards offered by our providers, such as standard contractual clauses.
Data Retention
We keep account and billing data for as long as you have an account and for as long as we are required to for tax, accounting, and legal purposes after that. We keep third-party website data as described in the section above. We do not keep personal data longer than necessary for the purposes set out in this policy.
Security
Communication with the site is encrypted in transit using TLS. Access to our systems is restricted, and passwords and card data are handled by specialist providers (Clerk and Polar) rather than stored by us. No system is perfectly secure, but we take reasonable measures to protect the data we hold.
Children’s Privacy
Our service is for business use and is not directed at children. We do not knowingly collect personal data from children under 13. If we learn that we have, we will delete it.
Your Rights as an Account Holder
If you have an account, you can access, correct, or delete your personal data. You can update most account details directly through Clerk, or contact us at hello@sitestatsdb.com and we will help. Depending on your location, you may also have rights to restrict or object to certain processing, to data portability, and to lodge a complaint with your local data protection authority.
California Privacy Rights (CCPA/CPRA)
This section applies to California residents and supplements the rest of this policy.
Categories of personal information we collect. From the people who use our service, we collect identifiers (such as your email address and IP address), commercial information (your purchase, plan, and entitlement status), and internet or network activity (server and request logs). Our website-research product also contains information that is publicly available about websites, some of which may relate to an individual who runs a site. We do not collect Social Security numbers, government identifiers, precise geolocation, biometric data, or financial account numbers (payments are handled by Polar), and we do not collect sensitive personal information for the purpose of inferring characteristics about you.
Selling and sharing. We do not sell or share the personal information of our account holders, and we do not use or disclose personal information for cross-context behavioral advertising. If you are an individual whose website appears in our database and you want your information made unavailable, use the removal process below; we will honor such requests.
Your California rights. Subject to identity verification and the limits the law allows, you have the right to know what personal information we have collected and how we use it, to access a copy of it, to correct inaccurate information, to delete it, and to opt out of any sale or sharing of it. We will not discriminate against you for exercising any of these rights.
How to exercise them. Email hello@sitestatsdb.com or use our contact form. If your request concerns a website you own, the fastest route is the Remove your site page. We verify requests before acting on them, and you may use an authorized agent to submit a request on your behalf.
Changes to This Policy
We may update this Privacy Policy from time to time. The current version is always posted on this page, with the “Last updated” date at the top. Please review it periodically.
Contact
For any privacy question, or to exercise your rights, email hello@sitestatsdb.com.