DOWNLOAD
Home Features For Vibe Coders For Developers Pricing Documentation Services Contact
Privacy policy

Privacy Policy

Last updated: April 2026

SiteCMD is built local-first. That's not a marketing phrase - it's the architecture. Your scan data, project configurations, and integration credentials never leave your machine. This policy explains exactly what data exists where.

Data that stays on your machine

The following data is stored locally in a SQLite database on your device and is never transmitted to us:

  • Scan results, scores, and issue history
  • Project configurations and URLs
  • Score trends and historical data
  • Report exports (PDF, CSV)
  • Code scan results and source analysis
  • Event timeline data
  • Scheduled scan configurations

Integration credentials (API keys for Google Analytics, Cloudflare, GitHub, Jira, UptimeRobot, etc.) are stored in your operating system's native keychain (macOS Keychain, Windows Credential Manager), not in the database. We never see these credentials.

Data we collect on this website

Email addresses

If you sign up for launch notifications on this website, we store your email address in Cloudflare KV storage. We use it solely to notify you about SiteCMD launches and updates. We do not sell, share, or use your email for any other purpose. You can request removal by contacting us.

Web server logs

Cloudflare Pages serves this website. Cloudflare may collect standard web server logs (IP address, user agent, pages visited) as part of their service. This is governed by Cloudflare's privacy policy.

No analytics or tracking

This website does not use Google Analytics, Facebook Pixel, or any third-party tracking scripts. We do not set tracking cookies. We do not fingerprint browsers. We do not build user profiles.

Data the desktop app transmits

Update checks

SiteCMD periodically checks for application updates by contacting our update server. This request includes your current app version and operating system. No personal data, scan results, or project information is included.

License validation

If you have a paid subscription (Core or Pro), SiteCMD validates your license key with LemonSqueezy's API. This transmits your license key and device identifier. No scan data or project information is included. LemonSqueezy's handling of this data is governed by their privacy policy.

Website scanning

When you scan a URL, SiteCMD makes HTTP requests directly from your machine to the target website. These requests are visible to the website's server in their access logs, like any other browser visit. SiteCMD identifies itself in the User-Agent header. No data from these requests is sent to us.

Third-party integrations

When you connect integrations (GA4, Cloudflare, GitHub, etc.), SiteCMD makes API calls directly from your machine to those services using credentials stored in your OS keychain. The data returned is cached locally. We do not proxy these requests and have no access to the data exchanged.

Data we never have access to

  • Your scan results or scores
  • The websites you scan
  • Your source code (code scan runs entirely locally)
  • Your integration API keys or tokens
  • Your analytics, uptime, or search data
  • Your project configurations
  • Your fix history or dismissed issues

Data export and deletion

You can export your entire database at any time through SiteCMD's Settings page. You can delete all scan history, individual scans, or the entire database. Since data is stored locally, deleting the SiteCMD application and its data directory removes all data permanently.

Children

SiteCMD is not directed at children under 13. We do not knowingly collect personal information from children.

Changes

We may update this policy. Changes will be posted on this page with an updated date. Material changes will be communicated through the application.

Contact

Privacy questions: contact us.