Privacy Policy

Last updated: March 18, 2026

1. Who we are

SplitCheck provides A/B testing and traffic splitting software for digital marketers. You can contact us at [email protected].

2. What data we collect

We collect the following categories of personal information:

• Account data: your email address and authentication credentials when you sign up.
• Billing data: payment information is processed and stored by Stripe. We store only your Stripe customer ID and subscription status — we never see or store your card details.
• Test configuration data: the test names, URLs, and settings you create in the dashboard.
• Visitor redirect data: hashed IP addresses and anonymised visitor tokens for users redirected through your test links. We do not store raw IP addresses.
• Google Analytics tokens: OAuth access and refresh tokens if you connect a Google Analytics account, stored encrypted and used only to read your GA4 data on your behalf.
• Usage data: standard web server logs including browser type, referring URLs, and pages visited.

3. How we use your data

• To provide and operate the SplitCheck service.
• To process payments and manage your subscription.
• To send transactional emails (e.g. billing receipts).
• To improve and debug the service.
• To comply with legal obligations.

We do not sell your data. We do not use your data for advertising.

4. Data sharing

We share data only with the following third-party service providers, and only as necessary to operate the service:

• Supabase — database and authentication hosting (data stored in US-East region).
• Stripe — payment processing.
• Cloudflare — DNS, edge network, and redirect infrastructure.
• Google — analytics data access (only if you connect GA4).
• DigitalOcean — cloud infrastructure hosting (Toronto region).

5. Cookies

SplitCheck uses cookies in two contexts:

• Authentication cookies: set by Supabase to keep you logged in to the dashboard.
• Visitor assignment cookies: set on end-users redirected through your test links, to ensure they consistently see the same variant. These cookies contain a random UUID and no personally identifiable information. They expire after 90 days.

6. Data retention

We retain your account and test data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days. Anonymised aggregate data may be retained for longer for analytical purposes.

7. Your rights

Depending on your jurisdiction, you may have rights to access, correct, delete, or export your personal data. To exercise these rights, contact us at [email protected]. We will respond within 30 days.

8. Canadian residents (PIPEDA)

SplitCheck complies with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA). You have the right to access your personal information and to challenge its accuracy. Contact our Privacy Officer at [email protected].

9. European residents (GDPR)

If you are located in the European Economic Area, you have additional rights under GDPR including the right to erasure, restriction of processing, and data portability. Our legal basis for processing is contract performance (to provide the service you signed up for) and legitimate interests. To exercise your rights, contact us at [email protected].

10. Security

We use industry-standard security measures including TLS encryption in transit, hashed storage of sensitive identifiers, and row-level security on all database tables. However, no system is completely secure and we cannot guarantee absolute security.

11. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by posting a notice in the dashboard. Your continued use of SplitCheck after changes constitutes acceptance of the updated policy.