Privacy Policy

This Privacy Policy explains what information Sitios SV collects, how we use it, and how we protect both your data and the data of the websites we manage. We keep it in plain English on purpose, because trust is the whole point.

Who we are

Sitios SV is a managed WordPress operations company. We maintain, secure, host, and recover WordPress websites for businesses across the United States, in English and Spanish. “Sitios SV”, “we”, “us”, and “our” refer to Sitios SV. “You” refers to anyone who visits this site, contacts us, or hires us to manage a website.

If you have any question about this policy or your data, email us at contacto@sitiossv.com.

What information we collect

We collect three kinds of information.

Information you give us. When you fill out a form, request a quote, or hire us, we collect your name, email address, phone number if you provide it, your website address, and any details you choose to share about your site or your business.

Information we collect automatically. Like most websites, we collect basic technical data when you visit, such as your IP address, browser type, the pages you view, and how you reached us. We use this to keep the site secure and to understand what content is useful.

Client website data. When you hire us to manage your site, we are given access to your WordPress dashboard, your hosting or server, and sometimes your domain and email settings. Through that access we may see your site files, your database, and any data your site stores. We treat all of that as confidential and only use it to do the work you hired us for.

How we use your information

We use the information above to respond to your messages, prepare quotes, deliver the services you hire us for, send you invoices, keep your site and ours secure, and improve our own website. We do not sell your personal information, and we do not share it for advertising.

How we access and protect client website credentials

Managing a website means handling sensitive access. We take that seriously, so here is exactly how we handle it.

• Least privilege. We ask only for the level of access a job actually needs, and we remove our access when the work is finished or when you ask.
• Multi-factor authentication. We enable multi-factor authentication on our own accounts that can reach client sites, wherever the platform supports it.
• Encrypted storage. We store credentials in an encrypted password manager, never in plain text, and never in email or chat.
• Confidentiality. Your credentials and your site data are confidential. We do not share them, and we are happy to sign a non-disclosure agreement on request.

Cookies and analytics

This site uses a small number of cookies. Some are needed for the site to work. Others help us measure traffic through Google Analytics 4, so we can see which pages are useful. We also use Google reCAPTCHA on our forms to block spam, which sets its own cookies. You can block or delete cookies in your browser settings, though some parts of the site may not work as well if you do.

Third parties and sub-processors

We rely on a few trusted providers to run our business and to host this site. These providers process limited data on our behalf:

Provider	What it does
Hostinger	Web hosting for this site
Google (Workspace, Analytics, reCAPTCHA)	Business email, site analytics, spam protection
Cloudflare	Security and content delivery, where used

When we manage your website, your own hosting company and any services your site already uses are also part of the chain. A full list of our sub-processors, and a Data Processing Agreement, are available on request at contacto@sitiossv.com.

Data processing, GDPR and CCPA

For the websites we manage, we usually act as a data processor, which means we handle data on your instructions while you remain the data controller. For our own website and marketing, we act as the data controller.

We support the rights given by laws like the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). We do not sell or share personal information for cross-context advertising, so there is nothing to opt out of in that sense, but you can still exercise your rights at any time. We can provide a Data Processing Agreement and, where relevant, Standard Contractual Clauses on request.

Healthcare and regulated clients

If you run a medical, dental, or other healthcare practice, we follow HIPAA-aware practices when we maintain your site. We configure forms, caching, and logs to avoid capturing protected health information where we can, and we will discuss a Business Associate Agreement (BAA) for qualifying healthcare clients before any work that could involve patient data. A standard marketing website usually should not store protected health information, and we will tell you plainly if yours does.

Data retention

We keep contact and project information for as long as we are working together and for a reasonable period afterward, so we can answer questions and meet our legal and tax duties. Site backups we hold are kept on a rolling basis, typically about 30 days, unless your plan says otherwise. Billing records are kept as long as the law requires. You can ask us to delete information we no longer need to keep.

Your privacy rights

You can ask us to:

• tell you what personal information we hold about you,
• correct information that is wrong,
• delete information we no longer need to keep,
• and give you a copy of your information in a portable format.

To make any of these requests, email contacto@sitiossv.com. We will respond within the time the law allows, and we may need to confirm your identity first.

Our security practices

Security is the core of what we do, so we hold our own house to the same standard:

• connections to this site are encrypted in transit with HTTPS (TLS),
• backups that contain client data are encrypted,
• access to client sites uses multi-factor authentication and least-privilege accounts,
• and this site is monitored and firewalled with Wordfence.

No method of storage or transmission is ever perfectly secure, but we work hard to protect your data and to fix any problem quickly.

Data breach notification

If we ever confirm a data breach that affects your personal information or the site we manage for you, we will notify you without undue delay, and we aim to do so within 72 hours of confirming it. We will tell you what happened, what data was involved, and what we are doing about it.

Changes to this policy

We may update this policy as our services or the law change. When we do, we will update the date at the top of the page. For significant changes, we will make a reasonable effort to let active clients know.

Contact us

If you have any question about this Privacy Policy, your data, or to request a Data Processing Agreement, NDA, or sub-processor list, email contacto@sitiossv.com and a real person will answer.

Privacy FAQ

Is a privacy policy required on a WordPress site?

In most cases, yes. If your site collects any personal data, even just through a contact form or analytics, privacy laws like GDPR and CCPA expect you to publish a privacy policy. It is also a basic trust signal that serious clients and Google look for.

How do I make my WordPress site GDPR compliant?

Start by publishing a clear privacy policy, adding a cookie consent banner, limiting the data your forms collect, and making sure any analytics or third-party tools you use are configured correctly. We handle this as part of our care plans.

Do you sign a Data Processing Agreement (DPA) or BAA?

Yes. We can provide a Data Processing Agreement on request, and we will discuss a Business Associate Agreement (BAA) for qualifying healthcare clients before any work that could involve patient data.

Where is my data stored?

Our own website is hosted with Hostinger in the United States. The site we manage for you stays on your hosting. We can confirm exact data locations and provide a sub-processors list on request.