Skip to main content
← Back to home

Privacy Policy

Last Updated: April 19, 2026

1. Who We Are

The Good Site Co, operated by The AI Shop LLC (“we,” “us,” “our”), builds intelligent websites for established businesses. This Privacy Policy explains how we collect, use, and protect your information when you visit thegoodsite.co or use our client portal.

2. Information We Collect

When You Visit Our Site

  • Page views and interactions (Google Analytics 4, with consent)
  • IP address and browser information (server logs)
  • Cookies for session management and analytics

When You Use Our Audit Tool

  • The URL you submit for analysis
  • Results from Google PageSpeed Insights (a public API)

When You Become a Client

  • Name, email address, and business information
  • Content you provide for your website
  • Portal account data (via Google OAuth sign-in)
  • Payment information (processed securely by Stripe)

3. How We Use Your Information

  • Build and deliver your website
  • Provide client portal access and support
  • Process payments and manage subscriptions
  • Improve our services and site experience
  • Communicate about your project and account
  • Send transactional and service-related emails. You may opt out of non-essential communications at any time via email or portal settings.

4. Legal Basis for Processing

We process your data under these legal bases:

  • Contract: To deliver services you have engaged us for.
  • Consent: For analytics cookies and marketing communications.
  • Legitimate interest: To improve our services, maintain security, and prevent fraud.
  • Legal obligation: To comply with applicable laws and regulations.

5. AI Usage

We use AI tools (Anthropic Claude) to assist with content generation, site analysis, and workflow automation. AI-generated content is reviewed by our team before use. We do not send passwords or payment information to AI services.

6. Data Sharing

We share data only with service providers necessary to deliver our services:

  • Google (authentication, analytics)
  • Vercel (hosting)
  • Supabase (database)
  • Stripe (payments)
  • Anthropic (AI content assistance)
  • SendGrid (transactional email)

We do not sell or share your personal information for cross-context behavioral advertising.

7. International Data Transfers

Our services and sub-processors are based in the United States. If you access our services from outside the US, your data will be transferred to and processed in the US. For transfers from the European Economic Area, we rely on Standard Contractual Clauses (SCCs) as approved by the European Commission.

8. Cookies

  • Essential cookies: Session management. No consent required.
  • Analytics cookies: Google Analytics 4. For visitors in the European Economic Area, analytics cookies require opt-in consent. For US visitors, analytics cookies are active by default with the option to opt out via our cookie banner.

Our site does not currently respond to Do Not Track (DNT) browser signals. We honor cookie consent preferences as set through our cookie banner.

9. Your Rights

Depending on your location, you may request to access, correct, delete, or export your data. Contact us at privacy@theaishop.co. We respond within 30 days.

California Residents (CCPA/CPRA)

If you are a California resident, you have the right to:

  • Know what personal information we collect and why
  • Request deletion of your personal information
  • Opt out of the sale or sharing of your personal information (we do not sell or share PI)
  • Non-discrimination for exercising your privacy rights

We have not sold or shared personal information in the preceding 12 months. To submit a request, email privacy@theaishop.co.

10. Children's Privacy

Our services are not directed to children under 13 (or under 16 in the European Economic Area). We do not knowingly collect personal information from children. If we learn that we have collected data from a child, we will delete it promptly. Contact us at privacy@theaishop.co if you believe a child has provided us with personal data.

11. Data Breach Notification

In the event of a data breach affecting your personal information, we will notify affected individuals and relevant authorities as required by applicable law. For breaches subject to GDPR, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach.

12. Security

We protect your data with encryption in transit and at rest, OAuth authentication, row-level database security, and role-based access control.

13. Changes

We may update this policy periodically. Material changes will be communicated via email or our site. Continued use after changes constitutes acceptance.

14. Contact

For privacy questions: privacy@theaishop.co