Legal

Privacy Policy

Last updated · 4 July 2026

This Privacy Policy explains how PreviewSend collects, uses, shares, and protects your personal data, and the rights you have over it. We have tried to write it in plain language; if anything is unclear, please ask.

1. Who we are

PreviewSend (“PreviewSend”, “we”, “us”, or “our”) provides a hosting service for small static and AI-generated websites: you upload a site, we give you a stable link, and you can update that link over time. This Privacy Policy explains what personal data we collect when you use PreviewSend at https://previewsend.comand the related applications and APIs (together, the “Service”), why we collect it, and the choices and rights you have.

For the purposes of the EU General Data Protection Regulation (“GDPR”) and the UK GDPR, PreviewSend is the data controller of the personal data described in this policy. You can reach us about anything in this policy at leon@previewsend.com.

2. Scope of this policy

This policy covers personal data we process as a controller about our account holders, their authorised users, billing contacts, and visitors to our marketing site. It does not govern the content you upload or the data you collect from visitors to the websites you host with us — for that, see “Content you host with us” below, where you are the controller and we act as your processor.

3. Information we collect

Information you give us.

  • Account data — the email address you sign up with, and (if you set one) a password. If you sign in with Google or GitHub, we receive your email address and basic profile identifier from that provider instead of a password.
  • Workspace data — workspace and project names, team members you invite, and roles you assign.
  • Billing data — your plan, and the billing details required to charge you. Card numbers are entered directly with our payment processor (Stripe) and are never stored on our servers; we keep only a customer reference, plan, and payment status.
  • Content you upload — the website files (HTML, CSS, JavaScript, images, and other assets), versions, custom-domain settings, and any reviewer comments or approvals associated with your projects.
  • Communications — messages you send us through the contact form, by email, or in support requests, including your name, email, and the contents of your message.

Information we collect automatically.

  • Usage and log data — IP address, browser and device type, pages and features used, timestamps, referring URLs, and aggregate visit counts for your hosted sites (used to enforce plan limits and detect abuse).
  • Essential cookies — a session/authentication cookie that keeps you signed in. See “Cookies”.

Information from third parties. When you authenticate with Google or GitHub we receive the data described above from that provider; when you pay, Stripe confirms the outcome of the transaction to us.

4. How we use your information

We use personal data to:

  • provide, operate, and maintain the Service and your account;
  • host, process, store, and serve the websites and content you upload;
  • process payments, manage subscriptions, and send billing and renewal notices;
  • send service and transactional messages (for example sign-in, password reset, team invites, and notifications that a version is ready);
  • respond to your enquiries and provide support;
  • enforce plan limits and our Acceptable Use Policy, and keep the Service secure by preventing fraud, abuse, and other harmful activity;
  • understand and improve the Service in aggregate; and
  • comply with our legal obligations and enforce our agreements.

We do not use your account data or uploaded content to build advertising profiles, and we do not sell personal data.

6. Cookies and similar technologies

We keep cookies to a minimum. We use a small number of strictly necessary cookies — principally an authentication cookie that keeps you signed in and protects against cross-site request forgery. These are required for the Service to function and cannot be switched off through the app.

We do not use third-party advertising or cross-site tracking cookies. We use a product-analytics tool to understand how the Service is used (see “Product analytics” below), but it operates server-side and does not place advertising or cross-site tracking cookies in your browser. You can clear or block cookies in your browser, but the signed-in parts of the Service will not work without the essential cookie.

7. Product analytics

To understand how the Service is used and to prioritise improvements, we use PostHog as a product-analytics provider. We capture a small set of server-side product events — for example account creation, project creation, version uploads, preview views, and reviewer comments or approvals.

These events are tied to a pseudonymous identifier (an internal account, workspace, or reviewer reference) together with limited non-content metadata such as a project slug or page path. We do not send your name, email address, the files you upload, or the contents of your hosted sites to our analytics provider, and we do not use analytics to build advertising profiles. Where the GDPR or UK GDPR applies, we rely on our legitimate interest in understanding and improving the Service. You can ask us to stop processing your data for analytics by contacting leon@previewsend.com.

8. How we share information

We do not sell your personal data. We share it only with the service providers (“sub-processors”) that help us run the Service, and only as needed to provide it:

These providers are bound by contract to process personal data only on our instructions and to protect it. We may also disclose personal data: (a) to comply with the law or a valid legal request; (b) to protect the rights, safety, and property of PreviewSend, our users, or the public, including to investigate abuse; and (c) in connection with a merger, acquisition, financing, or sale of assets, in which case we will require the recipient to honour this policy and will notify you of any change of controller.

9. International data transfers

Our production database runs in the European Union (Germany), and Cloudflare serves content from a global edge network. Some of our providers (such as Stripe, Resend, and PostHog) are based in or process data in the United States. Where personal data is transferred outside your country or the European Economic Area, we rely on appropriate safeguards — such as the European Commission’s Standard Contractual Clauses and equivalent UK mechanisms — to protect it. You can contact us for more information about these safeguards.

10. Data retention

We keep personal data only for as long as we need it for the purposes described in this policy:

  • Account, workspace, and content — for the life of your account. When you delete a project, version, or workspace, or close your account, we delete the associated content from active systems within a reasonable period and from routine backups as those backups expire (typically within 30 days).
  • Billing records — for as long as required by tax and accounting law, which may extend beyond the life of your account.
  • Logs and security data — for a limited period appropriate to security and abuse prevention.

11. How we protect your information

We use technical and organisational measures appropriate to the risk, including encryption in transit (HTTPS/TLS), access controls and least-privilege access to production systems, isolation of customer workspaces, and regular backups. No method of transmission or storage is completely secure, so we cannot guarantee absolute security, but we work to protect your data and to notify you and the relevant authorities of a breach where the law requires.

12. Your rights

Depending on where you live, you may have some or all of the following rights over your personal data: to access it; to correct inaccurate data; to delete it; to restrict or object to certain processing; to portability (receive your data in a usable format); and to withdraw consent where we relied on it. Exercising these rights will not lead to discriminatory treatment.

You can exercise many of these directly in the app (for example by editing or deleting projects, or closing your account). For anything else, email leon@previewsend.com and we will respond within the time the law allows. We may need to verify your identity first. If you are in the EEA or UK and believe we have not handled your data properly, you may lodge a complaint with your local data protection authority, though we hope you will contact us first.

13. California privacy rights (CCPA / CPRA)

If you are a California resident, you have the right to know what personal information we collect and how we use and share it, to request access to and deletion of that information, to correct inaccurate information, and to be free from discrimination for exercising your rights. The categories of personal information we collect and our purposes are described in the sections above.

We do not sell your personal information, and we do not share it for cross-context behavioural advertising. To make a request, email leon@previewsend.com. You may use an authorised agent to submit a request on your behalf, subject to verification.

14. Content you host with us

When you upload a website to PreviewSend and we serve it to your visitors, you decide what content and what personal data that site contains and collects. For that data you are the controller and we act as your processor, handling it on your behalf and on your instructions to provide hosting.

You are responsible for having a lawful basis to process your visitors’ data, for providing your own privacy notice on your hosted sites where required, and for responding to your visitors’ requests. If you need a data processing agreement (DPA) for this relationship, contact us.

15. Children's privacy

The Service is not directed to children, and you must be at least 16 years old (or the age of digital consent in your country) to create an account. We do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact us and we will delete it.

16. Changes to this policy

We may update this policy from time to time. When we make material changes, we will update the “Last updated” date above and, where appropriate, notify you by email or in the app. Your continued use of the Service after an update means you accept the revised policy.

17. Contact us

Questions, requests, or complaints about this policy or your personal data can be sent to leon@previewsend.com or through our contact page.