Privacy Policy

Last updated: April 1, 2026

1. Who We Are

endlesstesting.ai ("Endless Testing", "we", "us") is an AI-powered A/B testing platform operated by CroLab. This policy explains how we collect, use, and protect data when you use our website, dashboard, SDK, and CLI tools.

2. Data We Collect

2.1 Website Visitors (endlesstesting.ai)

When you visit our marketing site, we collect:

  • Page views, referrer, browser type, device type, country (via PostHog analytics)
  • No personal data is collected unless you identify yourself (e.g., by signing up)

2.2 Dashboard Users (app.endlesstesting.ai)

When you create an account, we collect:

  • Email address, name (via Clerk authentication)
  • Usage data: tests created, domains added, dashboard interactions
  • Payment information is processed by Stripe — we do not store credit card numbers

2.3 SDK Data (Your Website Visitors)

When you install our SDK on your website, the SDK collects from your visitors:

  • Page URL, variant assignment, impressions, clicks, and conversion events
  • A random session identifier (stored in localStorage, expires after 30 days)
  • No personally identifiable information (PII) is collected by the SDK
  • No cookies are set by the SDK — only localStorage is used
  • IP addresses are not stored

3. How We Use Data

  • To provide and improve the A/B testing service
  • To allocate traffic to variants using Thompson sampling
  • To determine statistical winners and generate new test variants
  • To send transactional emails (account, billing)
  • To understand how our website and dashboard are used (analytics)

4. Data Storage & Security

  • Data is stored in MongoDB hosted on secure cloud infrastructure
  • All data is transmitted over HTTPS (TLS 1.2+)
  • Authentication is handled by Clerk with industry-standard security
  • Payment processing is handled by Stripe (PCI DSS compliant)
  • We do not sell, rent, or share your data with third parties for marketing purposes

5. Third-Party Services

We use the following third-party services that may process data:

  • PostHog — product analytics (privacy-friendly, no cross-site tracking)
  • Clerk — authentication and user management
  • Stripe — payment processing
  • OpenRouter — AI model inference for variant generation (page content only, no visitor data)
  • Digital Ocean — application hosting
  • Cloudflare — CDN and DNS

6. Your Rights (GDPR / CCPA)

You have the right to:

  • Access the personal data we hold about you
  • Request correction or deletion of your data
  • Export your data in a portable format
  • Object to processing of your data
  • Withdraw consent at any time

To exercise any of these rights, email [email protected].

7. Data Retention

  • Account data is retained while your account is active
  • Analytics events (SDK data) are retained for 12 months
  • Upon account deletion, all associated data is removed within 30 days

8. Cookies

Our marketing site uses PostHog which may store a cookie or localStorage entry for analytics session tracking. The SDK installed on your site does not set cookies — it uses localStorage only.

9. Changes to This Policy

We may update this policy from time to time. Changes will be posted on this page with an updated date. Continued use of the service after changes constitutes acceptance.

10. Contact

For privacy-related questions, contact us at [email protected].