Standards

Privacy Policy

Standards Privacy Policy
Last Updated: 03.09.26

 

How This Privacy Policy Applies

Standards Site Inc. (“Standards,” “we,” “us,” or “our”) operates the Standards platform, including the website at standards.site, the application at app.standards.site, and related services and APIs (collectively, the “Services”). This Privacy Policy describes what information we collect, how we use it, when we share it, and your rights regarding your data. For customers who have entered into a separate Software as a Service Agreement with Standards Site Inc., this Privacy Policy is incorporated into that agreement by reference, and in the event of any conflict, the terms of the SaaS Agreement will prevail.

By accessing or using our Services, you accept the practices outlined in this policy, including future updates.

What Information We Collect and Receive

We collect information in the following ways:

Account Information. When you create an account, we collect your name, email address, and authentication credentials. If you sign in through a third-party provider (such as Google, Microsoft, or SAML SSO), we receive basic profile information from that provider.

Billing Information. When you subscribe to a paid plan, payment information is collected and processed by our payment processor, Stripe. We do not store full credit card numbers on our servers.

Content and Files. We store the content you create, upload, or manage through the platform, including documents, images, fonts, and other assets.

Usage Information. We collect information about how you interact with our Services, including pages visited, features used, IP addresses, browser type, and device information.

API Data. If you access our Services through our API, we collect API credentials, request logs (including timestamps, endpoints accessed, and IP addresses), and usage metrics for the purposes of security, rate limiting, and abuse prevention.

Published Project Visitor Data. When visitors access a published project, we may collect their email address (if authentication is required), IP address, the time of their visit, and interaction data such as page views, downloads, and other engagement events. This data is made available to the workspace owner. Where the workspace owner has enabled relevant settings, visitor identity information may also be made available to custom scripts running on the published project.

Communications. We retain messages you send to our support team or through other communication channels.

Types of Cookies We Utilize

Standards uses cookies for:

• Security: Detecting unauthorized access
• Localization: Providing local language experiences
• Site Features: Delivering functionality and services
• Performance: Routing traffic and optimizing user experience
• Analytics: Understanding and improving features

Users can control cookies through browser settings, though blocking them may limit website functionality.

Limiting or Blocking Cookies and Our Do Not Track Policy

Your browser may give you the ability to control cookies, which may depend on the type of cookie, and browsers can be set to reject browser cookies. However, blocking or deleting cookies may prevent you from using the Website.

Some browsers have “do not track” features that allow you to tell a website not to track you. These features are not all uniform. If you block cookies, certain features on the Website may not work. If you block or reject cookies, not all of the tracking described here will stop.

Note that certain options you select are browser- and device-specific.

 

Custom Code on Published Projects

Our platform allows users to embed custom code and third-party scripts on their published projects. Standards may also provide tools and APIs that make visitor interaction data available to those scripts. These scripts and the data they process are controlled by the user, not by Standards. Standards does not control, review, or assume responsibility for the data practices of user-embedded code or for how visitor data made available through our platform tools is used by that code. Visitors to published projects should refer to the publishing organization’s own privacy policy for information about additional data collection on those projects.

 

How We Use the Information We Collect

We use the information we collect to:

• Provide, maintain, and improve our Services
• Process transactions and manage subscriptions
• Provide customer support and respond to inquiries
• Monitor and enforce API usage, rate limits, and acceptable use policies
• Send transactional communications related to your account and Services
• Send newsletters and promotional offers (with your consent or where permitted by law)
• Track usage trends and analyze the effectiveness of our Services
• Provide workspace owners with visitor access logs for their published projects
• Detect and prevent fraud, abuse, and unauthorized access
• Enforce applicable law and our Terms of Service
• Protect the rights and safety of Standards, our users, and the public

 

California Users

Under California Civil Code Section 1798.83, we do not sell or transfer personal information to third parties for direct marketing purposes without your consent.
Contact: [email protected]

 

Nevada Users

Nevada residents have specific rights under Nevada Revised Statutes Chapter 603A (Senate Bill 220). This section describes those rights and how Nevada residents can exercise them.

Right to Opt Out of Sale of Personal Information

Nevada residents have the right to direct us not to sell certain covered information that we have collected or will collect about them. Under Nevada law, “sale” means the exchange of certain covered information for monetary consideration to another person for that person to license or sell the covered information to additional persons.

Covered information under Nevada law includes:

• First and last name
• Address
• Email address
• Phone number
• Social Security number or other government-issued identifier

We do not currently sell covered information as defined by Nevada law. However, if our practices change, Nevada residents may exercise their opt-out right as described below.

How to Submit an Opt-Out Request

Nevada residents may submit a verified request to opt out of the sale of covered information by contacting us at:

Email: [email protected]

Mail: Standards Site Inc., 212 Franklin Street, Brooklyn, NY 11222, United States

Verification of Requests

To verify the authenticity of your request and confirm your identity, we will use commercially reasonable means. You may be asked to provide:

• Your full name and email address associated with your account
• Additional information to confirm your identity and Nevada residency
• Verification that you are the person about whom we have collected information

Response Timeline

We will respond to verified opt-out requests within sixty (60) days of receipt. If we require additional time (up to an additional thirty (30) days), we will inform you of the reason and extension period in writing.

No Discrimination

We will not discriminate against you for exercising your rights under Nevada privacy law. This means we will not:

• Deny you goods or services
• Charge you different prices or rates for goods or services
• Provide you a different level or quality of goods or services
• Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services

Authorized Agents

You may designate an authorized agent to submit an opt-out request on your behalf. The authorized agent must provide written proof of their authorization to act on your behalf.

Questions or Concerns

If you have questions about your Nevada privacy rights or wish to exercise them, please contact us using the contact information provided in the “Contact” section of this Privacy Policy.

Contact: [email protected]

 

European Union Users

EU data protection law requires a lawful basis for processing personal data. Standards relies on:

Consent: Users affirmatively provide consent for specific purposes, such as creating an account or opting in to marketing communications.

Contract Performance: Processing necessary to provide the Services you have requested, including account management, content hosting, and API access.

Legitimate Interests: We use data in ways expected from normal business operations without materially harming user rights, such as preventing fraud, improving our Services, and sending promotional communications (with opt-out rights).

How We Share the Information We Collect

Information Never Shared Publicly. Email addresses, IP addresses, API credentials, and user communications are not shared publicly.

Published Project Visitor Data. When visitors access a published project, their access information (including email address, if authenticated, and IP address) may be made available to the workspace owner. Workspace owners may export this data. Where custom code is present on a published project, visitor data may also be made available to that code and any third-party services it connects to, as configured by the workspace owner. Standards does not control how workspace owners or their custom code use this data.

Third-Party API Access. If you authorize third-party applications to access your data through our API, those applications will receive the data you have authorized them to access. Standards is not responsible for the privacy practices of third-party applications. You should review the privacy policies of any third-party application before authorizing access to your data.

Information Shared for Protection and Legal Compliance.

We reserve the right to disclose information we collect from or about you when we believe that doing so is reasonably necessary to comply with the law or law enforcement, to prevent fraud or abuse, or to protect Standards Site’s legal rights, property, or the safety of Standards Site, its users, or others. You hereby authorize us, to share or disclose your personal information, including, without limitation, any content, records, or electronic communications of any kind, when we determine, in our sole discretion, that the disclosure of such information is necessary to identify, contact, or bring legal action against you if and to the extent:

• You are or may be violating this Privacy Policy;
• You are interfering with the rights or property of Standards Site or a third party;
• You are violating any applicable law, rule, or regulation;
• Necessary or required by any applicable law, rule, or regulation; and/or
• Requested by governmental authorities in the event of any investigation, act of terrorism, or instance of local, regional, or national emergency.

In the event that Standards Site is acquired by or merged with a third-party entity, or sells all or substantially all of its assets, we reserve the right, in any of these circumstances, to transfer or assign the information and content we have collected from our users as part of such merger, acquisition, sale, or other change of control. In the unlikely event of our bankruptcy, insolvency, reorganization, receivership, or assignment for the benefit of creditors, or the application of laws or equitable principles affecting creditors’ rights generally, we may not be able to control how your personal information is treated, transferred, or used.

Data Retention

Information is retained as long as necessary to provide our Services, comply with legal obligations, and resolve disputes. API logs are retained for security and abuse prevention purposes. Aggregated, anonymized, or pseudonymized data may be retained indefinitely.

Cross-Border Data Transfers

Standards operates in the United States, where data is collected and processed. U.S. data protection laws may differ from those in other countries. For European users, personal information transferred outside the EEA is protected using Standard Contractual Clauses pursuant to applicable EU regulations.

Contact: [email protected]

Children’s Privacy

Standards complies with the Children’s Online Privacy Protection Act (COPPA) and does not knowingly collect personal information from children under 13. Parents who suspect data has been collected from a child should contact: [email protected]

Accessing Your Information

Users in certain countries, including the EEA, have rights regarding their personal information:

• Confirm whether personal data is being processed and access copies of that data
• Request correction, removal, or restriction of your information
• Receive your data in a machine-readable format or request its transfer to another service
• Withdraw consent without affecting the lawfulness of prior processing
• Object to automated individual decision-making with legal effects
• Lodge complaints with your data protection regulator
• Object to processing based on legitimate interests

Email Notifications

Users receive transactional emails and may elect to receive marketing communications, which can be adjusted at any time. We maintain a no-spam policy, honor unsubscribe requests within seven business days, and include opt-out links in all marketing emails.

Contact: [email protected]

Security

Standards follows industry-standard security practices to protect your data, including encryption of data in transit and at rest. However, no method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee absolute data security. Standards is not responsible for unauthorized third-party breaches.

General Data Protection Regulation (GDPR)

Standards is a Data Controller of user information. Our legal bases for collection and processing include: contract necessity, user consent, legitimate organizational interests, and legal compliance. EEA residents have rights to access, update, delete, rectify, object to, restrict, and port their data, as well as to withdraw consent.

Data Sub-processors:

• Sub-processor, Location, Purpose
• Google Cloud, US, Hosting and infrastructure
• Cloudflare, US, Networking and security
• Postmark, UK, Transactional email
• Mailchimp, US, Marketing email
• Sentry, US, Error tracking
• Plain, UK, Customer support
• Stripe, US, Payment processing

Updates to this Privacy Policy

Standards may modify this Privacy Policy at any time. Material changes will be communicated by posting a notice on our website or by emailing affected users. The effective date appears at the top of this document. Updated versions apply prospectively only.

Contact

Direct privacy questions to:

• Email: [email protected]
• Mail: 212 Franklin Street, Brooklyn, NY 11222, United States