Home Features Pricing Documentation Services Contact DOWNLOAD

Privacy Policy

Last updated: June 2026

SiteCMD is built local-first. That's not a marketing phrase - it's the architecture. Your scan data, project configurations, and integration credentials never leave your machine. This policy explains exactly what data exists where.

Data that stays on your machine

The following data is stored locally in a SQLite database on your device and is never transmitted to us:

  • Scan results, scores, and issue history
  • Project configurations and URLs
  • Score trends and historical data
  • Report exports (PDF, CSV)
  • Code scan results and source analysis
  • Event timeline data
  • Scheduled scan configurations

Integration credentials (API keys for Google Analytics, Cloudflare, GitHub, Jira, UptimeRobot, etc.) are stored in your operating system's native keychain (macOS Keychain, Windows Credential Manager), not in the database. We never see these credentials.

Data we collect on this website

Email addresses

If you sign up for launch or release notifications on this website, we store your email address in Cloudflare KV. We use it solely to notify you about SiteCMD releases and product updates. We do not sell, share, or use your email for any other purpose. You can request removal by contacting us.

Contact form submissions

When you submit the contact form, your name, email, subject category, and message are forwarded to our support inbox through Resend, our transactional email provider. We do not store contact submissions on this website beyond what Cloudflare captures in standard request logs. Resend's handling of message contents is governed by their privacy policy.

Purchases and billing

There is no checkout trial. When you subscribe to a paid tier, Lemon Squeezy manages the payment method, renewal, cancellation, and license key. We do not run a separate SiteCMD-hosted billing database, and we do not store payment details on this website. We do not store any scan results or project data from your machine.

Web server logs

This website is served by a Cloudflare Worker. Cloudflare collects standard request logs (IP address, user agent, pages visited) as part of their service. This is governed by Cloudflare's privacy policy.

Privacy-friendly analytics

This website uses Plausible Analytics to understand aggregate page views and referrals. Plausible does not use cookies and does not build personal profiles. This marketing website does not use Google Analytics, Facebook Pixel, advertising pixels, fingerprinting, or cross-site tracking. (That is separate from the desktop app's optional, read-only Google Analytics integration, which is described below.)

Data the desktop app transmits

Update checks

SiteCMD periodically checks for application updates by contacting our update server. This request includes your current app version and operating system. No personal data, scan results, or project information is included.

License validation

If you have a paid subscription (Core or Pro), SiteCMD validates your license key with LemonSqueezy's API. This transmits your license key and device identifier. No scan data or project information is included. LemonSqueezy's handling of this data is governed by their privacy policy.

Optional usage analytics

The desktop app can send anonymous product usage events to a SiteCMD-controlled Cloudflare endpoint if you opt in. These events help us understand which workflows are used and where scans or app flows fail. They include app version, build channel, operating system family, plan tier, anonymous install identifier, event name, and small counters such as issue totals by severity. Raw event rows are retained for no more than 90 days before scheduled deletion. They do not include scan URLs, website content, source code, local file paths, project names, credentials, license keys, raw logs, request bodies, or integration data.

Optional crash and error reports

SiteCMD sends sanitized frontend errors and failed app-command diagnostics to Sentry only if you opt in through the consent prompt or under Settings → Privacy. Session replay, broad performance tracing, autocapture, and default personal data collection are disabled. Error payloads are scrubbed before sending to remove URLs, filesystem paths, email addresses, secrets, license keys, source snippets, request bodies, and provider responses.

Website scanning

When you scan a URL, SiteCMD makes HTTP requests directly from your machine to the target website. These requests are visible to the website's server in their access logs, like any other browser visit. SiteCMD identifies itself in the User-Agent header. No data from these requests is sent to us.

Third-party integrations

When you connect integrations (GA4, Cloudflare, GitHub, etc.), SiteCMD makes API calls directly from your machine to those services using credentials stored in your OS keychain. The data returned is cached locally. We do not proxy these requests and have no access to the data exchanged.

Google Analytics and Search Console data

When you connect Google Analytics or Google Search Console, SiteCMD uses Google OAuth to request read-only access to your own account data: the Google Analytics read-only scope to display your traffic metrics, and the Search Console read-only scope to display your search performance. These requests are made directly from your machine to Google's APIs, and the returned data is cached locally on your device. SiteCMD's servers never receive, proxy, store, or have access to your Google Analytics or Search Console data, and we never use it for advertising or sell it. You can revoke this access at any time from your Google Account permissions page or by disconnecting the integration in SiteCMD.

SiteCMD's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

How we protect your data

Because SiteCMD is local-first, the strongest protection for your sensitive data is that it stays on your device: your Google Analytics and Search Console data, scan results, and project configuration are never transmitted to, proxied by, or stored on SiteCMD's servers. The specific safeguards are:

  • Encryption in transit: all requests to Google's APIs (and every other connected integration) are made over HTTPS/TLS with full certificate validation. SiteCMD does not accept invalid or self-signed certificates on these connections.
  • Secure credential storage: Google OAuth access and refresh tokens are kept in your operating system's encrypted credential store (macOS Keychain, Windows Credential Manager, or the Linux Secret Service / libsecret), never in the SiteCMD database and never in plaintext on disk. The database only records that an integration is connected, not the token itself.
  • No central copy: data returned from Google is held on your device, in a short-lived in-memory cache and, where needed for correlation, in the local SQLite database. There is no SiteCMD-hosted copy, so there is no central store of your Google data for us to lose or for an attacker to breach.
  • Revocation and deletion: disconnecting the integration deletes its OAuth tokens from your operating system's credential store. You can also revoke SiteCMD's access at any time from your Google Account permissions page, and permanently delete all locally stored data by removing SiteCMD's data directory.

Data we never have access to

  • Your scan results or scores
  • The websites you scan
  • Your source code (code scan runs entirely locally)
  • Your integration API keys or tokens
  • Your analytics, uptime, or search data
  • Your project configurations
  • Your fix history or dismissed issues

Data export and deletion

You can export your entire database at any time through SiteCMD's Settings page. You can delete all scan history, individual scans, or the entire database. Since data is stored locally, deleting the SiteCMD application and its data directory removes all data permanently.

The desktop app also lets you disable telemetry, delete queued local telemetry, reset the anonymous telemetry identifier, and request deletion of uploaded SiteCMD-hosted telemetry tied to that anonymous identifier. Sentry diagnostic retention and deletion are governed by Sentry's service controls, and we keep those reports limited to sanitized error data.

Children

SiteCMD is not directed at children under 13. We do not knowingly collect personal information from children.

Changes

We may update this policy. Changes will be posted on this page with an updated date. Material changes will be communicated through the application.

Contact

Privacy questions: contact us.