Legal

Privacy Policy

Effective April 19, 2026

This Privacy Policy explains how nagiflow LLC (“we”, “us”) handles information when you use SiteMQ (the “Service”), including sitemq.com and any sites we host on your behalf. By using the Service you agree to the practices described below.

1. Information we collect

1.1 Information you provide

  • Account details. Your name, email address, and authentication tokens issued by Firebase Authentication when you sign in with Google or email.
  • Site content. Text, images, hours, contact details, and other content you enter through the editor or import from your existing site.
  • Billing. Plan selection and payment method information. Card details are collected and stored by Stripe; we only retain a transaction reference and the last four digits.
  • Support correspondence. Messages you send to [email protected] or through in-app chat.

1.2 Information we collect automatically

  • Usage and diagnostic data. Pages viewed, actions taken, errors encountered, device type, browser, approximate location derived from IP, and referrer.
  • Public crawl data. When you submit a domain, we fetch publicly accessible pages from that domain to build a preview. We do not attempt to bypass robots.txt, authentication walls, or paywalls.
  • Cookies and local storage. We use first-party cookies and browser storage for session authentication and preferences. We do not sell this data.

2. How we use information

  • To operate, secure, and improve the Service.
  • To build, host, and keep your site current.
  • To process payments, manage subscriptions, and issue refunds.
  • To respond to questions and provide support.
  • To send service-related notices (billing, security, policy changes).
  • To comply with legal obligations and enforce our Terms.

We do not use your site content to train generative models for other customers. We do use aggregated, de-identified operational metrics to improve quality.

3. How we share information

We share information only with service providers who help us run the Service, and only to the extent needed to do so. Current primary sub-processors:

  • Google / Firebase — authentication, hosting infrastructure.
  • Cloudflare — CDN, DNS, and Pages hosting for customer sites.
  • Stripe — payment processing.
  • Anthropic / OpenAI — AI models used for rebuild and content generation. Content is sent as needed to generate your site; providers do not train on this data under our API agreements.

We may also disclose information when required by law, to protect the rights and safety of users or the public, or in connection with a merger, acquisition, or sale of assets (subject to this Policy).

4. International transfers

We are based in Tokyo, Japan, and our sub-processors operate globally. Information you provide may be processed in the United States, the European Union, and other jurisdictions. We rely on standard contractual clauses and equivalent safeguards where applicable.

5. Retention

We keep account and site content for as long as your subscription is active. After cancellation we retain it for 90 days so you can reactivate, then delete it. Billing records are kept for seven years to meet tax and accounting obligations. Backups are rotated on a rolling 30-day schedule.

6. Your choices

  • Access, correct, or export your account data from the dashboard.
  • Request deletion by emailing [email protected]. We will respond within a reasonable period, typically 30 days.
  • Disable non-essential cookies through your browser.
  • Opt out of marketing email from the unsubscribe link in any such message.

Residents of the EEA, UK, California, and other jurisdictions with specific privacy rights may have additional rights (access, rectification, erasure, restriction, portability, objection). Contact us to exercise them.

7. Security

We use encryption in transit (TLS) and at rest, role-based access controls, and audit logging. No system is perfectly secure; if we learn of a breach affecting your data we will notify you and the appropriate authorities as required by law.

8. Children

The Service is not directed to children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us information, contact [email protected] and we will delete it.

9. Changes

We may update this Policy. Material changes will be announced by email or in-app notice at least 14 days before they take effect. Continued use of the Service after the effective date constitutes acceptance.

10. Contact

nagiflow LLC
Bunkyo-ku, Tokyo, Japan
Email: [email protected]