Privacy Policy

Last updated: December 17, 2024

1. Introduction

CraftedPath, LLC ("Company," "we," "us," or "our") operates SplitChameleon, a visual A/B testing platform. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our website at splitchameleon.com and our services (collectively, the "Service").

By using SplitChameleon, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please do not use the Service.

2. Information We Collect

From Account Holders

When you create an account, we collect:

  • Account Information: Name, email address, and password (stored securely hashed)
  • Company Information: Company name (if applicable)
  • Payment Information: Processed securely through Stripe. We do not store complete credit card numbers; we only receive the card type and last four digits for display purposes.
  • Profile Information: Optional avatar image
  • Social Login Data: If you sign in via Google or GitHub, we receive your name, email, and a unique identifier from that provider
  • Two-Factor Authentication: If enabled, we store encrypted 2FA secrets and recovery codes

From Website Visitors (via our tracking script)

When our customers install our tracking script on their websites, we collect the following from their visitors:

  • Visitor ID: A randomly generated identifier stored in a cookie to recognize returning visitors
  • Page URL: The page path where the visitor is viewing a test
  • Test Assignments: Which variation of a test was shown to the visitor
  • Conversion Events: When a visitor reaches a success URL defined by the test
  • User Agent: Used only to filter out bots and automated traffic

What we do NOT collect from website visitors: We do not collect IP addresses, personal names, email addresses, form inputs, or any other personally identifiable information from visitors to our customers' websites.

Automatically Collected Information

When you use our website and Service, we automatically collect:

  • Log data (IP address, browser type, access times)
  • Device information (device type, operating system)
  • Usage information (pages visited, features used)

3. How We Use Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Process payments and manage subscriptions
  • Send transactional emails (account verification, password resets, subscription notices)
  • Respond to customer support inquiries
  • Detect and prevent fraud, abuse, and security issues
  • Analyze usage patterns to improve the Service
  • Deliver A/B test variations and track conversions for our customers

4. Information Sharing

We do NOT sell your personal data to third parties.

We may share your information with:

  • Stripe: For payment processing
  • OAuth Providers: Google and GitHub for authentication only
  • Service Providers: Hosting providers, email services, and other vendors who assist in operating the Service, bound by confidentiality obligations
  • Legal Requirements: When required by law, court order, or governmental authority
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, with notice to you

5. Cookies & Tracking

On SplitChameleon.com

We use cookies to:

  • Session cookies: Keep you logged in and maintain your session
  • Preference cookies: Remember your settings and preferences

On Customer Websites (via tracking script)

Our tracking script uses:

  • _opt_vid cookie: A visitor identifier cookie with a 30-day expiration. This cookie uses SameSite=Lax and is only accessible to our tracking domain.
  • localStorage: Temporarily caches test assignments for 5 minutes to reduce server requests

These tracking technologies are used solely for the purpose of delivering A/B test variations and measuring conversion events.

6. Data Retention

We retain different types of data for different periods:

  • Account Data: Retained for the duration of your account plus 30 days after account deletion
  • Visitor Session Data: Retained for 90 days
  • Payment Records: Retained as required by law (typically 7 years for tax purposes)
  • Server Logs: Retained for 30 days

7. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • All data transmitted over HTTPS/TLS encryption
  • Passwords stored using secure one-way hashing
  • Sensitive data encrypted at rest
  • Access controls limiting data access to authorized personnel
  • Regular security reviews and updates

While we strive to protect your information, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

8. Your Rights

You have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate personal data
  • Deletion: Request deletion of your account and personal data
  • Export: Request an export of your data in a portable format
  • Opt-out: Unsubscribe from marketing emails at any time

To exercise these rights, contact us at [email protected].

9. Children's Privacy

The Service is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will take steps to delete that information.

10. Third-Party Links

Our Service may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review the privacy policies of any third-party sites you visit.

11. Customer Responsibilities

If you are a SplitChameleon customer using our Service to run A/B tests on your website:

  • You are the data controller for any visitor data collected through our tracking script on your website
  • SplitChameleon acts as a data processor on your behalf
  • You are responsible for updating your own privacy policy to disclose the use of A/B testing
  • You are responsible for obtaining any necessary consents from your website visitors
  • You must comply with all applicable privacy laws and regulations

We recommend adding a disclosure to your privacy policy that you use third-party A/B testing services to improve user experience.

12. Changes to Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

We encourage you to review this Privacy Policy periodically for any changes. Your continued use of the Service after changes are posted constitutes acceptance of the updated Privacy Policy.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

Email:[email protected]

Company: CraftedPath, LLC
Louisville, Kentucky