Sidewalk
Legal

Privacy Policy

Last updated April 28, 2026.

Summary

We collect only what we need to run Sidewalk: your account info, the material you submit to have your site built, your billing details through Stripe, and basic logs to keep the platform reliable. We do not sell your data. We use a small number of trusted vendors to operate the service, listed below.

What we collect

  • Account information: your name, email, phone (optional), and password hash.
  • Business information: the intake content you submit to have your website built, including text, images, and documents.
  • Billing information: handled by Stripe. We store Stripe customer and subscription IDs, but never your card number.
  • Operational data: tickets you open, files you upload, emails the platform sends on your behalf, and inbound emails from your customers (if you use the contact form).
  • Technical logs: IP hashes, request timing, and error traces needed to debug issues and protect the service from abuse.

How we use it

  • To build and host your website.
  • To charge you, email you about your account, and respond to support requests.
  • To investigate abuse and protect the platform.
  • To improve our service, develop new products, and conduct research, including by analyzing aggregated or de-identified business data (such as industry, location, service categories, and pricing patterns).
  • To create and distribute aggregated, de-identified datasets and market research derived from business information submitted through the platform. These datasets do not identify you or your business by name, email, phone, or account credentials.

Who we share with

We use the following vendors to operate Sidewalk. Each has its own privacy policy governing how they handle the data we send.

  • Stripe (billing and payments)
  • Resend and AWS SES (outbound and inbound email delivery)
  • Cloudflare (DNS, edge routing, file hosting via R2)
  • DigitalOcean (application servers and database)
  • Better Stack (uptime monitoring)
  • Anthropic (build tooling used while producing your site)
  • Twilio (phone-call bridging and transcripts, where applicable)

We do not sell your personal data (your name, email, phone, or account credentials) to third parties. We may share aggregated or de-identified business data (such as industry trends, service categories, and regional market patterns) with third parties, including research partners and business service providers. This data cannot be used to identify you or your specific business. We will share personally identifiable data only if required by valid legal process, and in that case we will notify you unless the law prohibits us from doing so.

Your rights

You can view, export, or delete your account data at any time. Email help@sidewalksites.org with the request and we will process it within a reasonable period. Deleting your account deletes your client record, brief, uploaded files, and email logs related to your account. Some records (billing, tax) may be retained for as long as the law requires.

Contact forms on your site

When a visitor submits the contact form on the site we build for you, we forward the submission to the recipient email addresses you configure, and we log the submission for abuse review. The submitter's IP is hashed with a server-side secret before storage, so we cannot reverse it.

Cookies and tracking

We use only the cookies needed to keep you signed in. We do not use third-party advertising or analytics tracking on the marketing site or on the websites we build for you, unless you explicitly ask us to.

Security

We encrypt data in transit with TLS, encrypt API keys at rest with AES-256-GCM in our secrets vault, and keep our servers patched. No system is perfectly secure, but we take reasonable care.

Children

Sidewalk is for business users. We do not knowingly collect data from anyone under 16.

Data retention

Upon cancellation of your account, we retain your website content and account data in an inactive state for thirty (30) days to allow for reactivation. After this period, your website content, media files, and configuration data are permanently deleted from our active systems within an additional sixty (60) days. We retain transaction records, invoices, and payment history for seven (7) years for tax and accounting compliance. Anonymized or aggregated data that cannot identify you may be retained indefinitely. You may request an export of your data at any time before permanent deletion by emailing help@sidewalksites.org.

Your privacy rights (California and EU residents)

Depending on your location, you may have rights under the California Consumer Privacy Act (CCPA) or the EU General Data Protection Regulation (GDPR). These include the right to access your personal data, request deletion (subject to legal retention requirements above), request a portable copy of your data in a structured format (CSV or JSON), and opt out of the sale of your personal information. We do not sell personally identifiable information. We may share aggregated or de-identified business data as described above. We will not discriminate against you for exercising any privacy right. To exercise these rights, email help@sidewalksites.org with the subject line "Privacy Rights Request." We will verify your identity and respond within thirty (30) days.

Changes

If we change this policy in a material way, we will email you and post a notice. The "Last updated" date at the top reflects the current version.

Contact

Questions about privacy or data requests: help@sidewalksites.org.