Privacy Policy

TDC Sites (“we”, “us”, or “our”) operates the website-building platform. This Privacy Policy details our practices concerning the collection, storage, utilization, and transmission of personal and analytical information associated with visitors to our primary domain, registered visual builders, collaborators, and visitors to user-published sites.

By registering for an account or using TDC Sites, you consent to the data processes described in this policy. If you do not agree with these practices, please refrain from using the platform.

We collect personal information directly from you, as well as automatically through your interactions with the site builder:

• Account Registration: When creating an account, we collect your name, email address, password hashes, and profiles from OAuth providers (such as Google profile data) or secure biometric Passkey credential tokens.
• Visual Design Content: All page structures, LiquidJS layout configurations, custom database schemas, CMS text collections, uploaded media assets, and site preferences are stored securely on our database.
• Billing Information: All subscription payments are processed via Stripe. We do not store raw credit card numbers or security codes. Stripe shares basic billing identifiers (such as active plan levels, invoice status, and the last 4 digits of the card) with us to maintain account state.
• Form Submissions: If you embed forms on your published websites, we collect and store the submission data entered by your visitors (which you can review and export as CSV).

We use the collected information for the following operational purposes:

• To compile, cache, and host visual layouts, rendering them instantly to visitors on our multi-tenant edge domain systems.
• To provision automated edge SSL certificates and update DNS routing tables.
• To manage workspace collaborations, displaying names and profile emails to other team members in your shared environments.
• To process invoices and billing renewals via Stripe.
• To facilitate layout compositions created using the AI Co-Pilot Assistant.
• To supply basic analytical graphs (visitor page views, devices, and referrers) in your site owner dashboard.

We do not sell, trade, or lease your personal information. We transfer data to third-party services only under strict confidentiality and operational safeguards:

• Payment Processing: Billing coordinates are shared directly with Stripe.
• Edge Infrastructure: Visual templates and media assets are cached and compiled on edge nodes (such as Vercel and AWS) to serve user websites efficiently.
• AI Services: Textual prompts passed to the AI Co-Pilot may be routed through AI processing pipelines (such as OpenAI) to return structural code edits. No proprietary databases are shared for model training.
• Legal Obligations: We may disclose data if required by subpoena, judicial order, or to enforce our platform terms.

We use cookies and browser storage (such as `localStorage`) for platform functionality:

• Authentication: Cookies are set by NextAuth/Better-Auth to maintain active login states securely.
• Preferences: Your selected theme preference (light vs dark mode) is written to `localStorage` to avoid page flicker on initialization.
• Built-in Analytics: For published sites, our custom analytical scripts capture non-identifiable parameters (e.g., browser type, referrer URLs, pages visited). This tracking does not employ persistent cross-site tracking cookies.

TDC Sites implements robust physical and electronic security protocols. All communication between the browser, editor canvas, API endpoints, and edge networks is encrypted using Transport Layer Security (TLS/HTTPS). Critical database values, such as webhook API keys and third-party credentials, are stored encrypted at rest.

Our visual layout builder maintains history snapshot logs. Reverted layout designs are safely archived in version tables. However, no electronic transmission or cloud storage is completely impenetrable. While we strive to maintain optimal protections, we cannot guarantee absolute data security.

Depending on your geographic location, you may possess specific rights regarding your personal information under the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), or other privacy laws:

• Access & Export: You can download CSV records of your site form submissions, workspace details, and profile content directly from your dashboard.
• Correction: You may edit your email coordinates and name in the Profile client area.
• Deletion (“Right to be Forgotten”): You have the right to request deletion of your account and related published sites, which we will process in accordance with data retention boundaries.

We retain account information for as long as your account is active or needed to provide the Services. If you delete your account or cancel your subscription, we will delete or anonymize your personal data within 30 days, except for data we are required to retain by law (such as Stripe tax records and financial transactions).

Analytical logs and visitor data gathered on behalf of your published sites are subject to sliding window limits and will be periodically pruned automatically.

For questions, clarifications, data requests, or if you wish to exercise your rights under local privacy regulations, please contact TDC Sites support at: