Privacy Policy

1. Who we are

Conversion IQ (“Conversion IQ”, “we”, “us”, or “our”) is a software-as-a-service product operated by Webtec, based in Sweden, European Union. You can contact us at [email protected] for any privacy-related question, or via our contact page.

When we refer to “the Service” or “the Platform” in this document, we mean the website conversioniq-app.com, its subdomains and any feature you use while logged in to your Conversion IQ account.

2. Scope of this policy

This Privacy Policy applies to personal data we process when you visit our website, create an account, run a conversion audit, interact with our emails, or contact us. It does not apply to third-party websites we link to, nor to the content of the websites you audit (you remain the controller of that data).

3. Data we collect

3.1 Account data

When you create an account we collect your email address, a hashed password, your business name, the URL of the site you want audited, and optionally your industry and currency. We use this data to operate the Service and communicate with you.

3.2 Audit data

When you submit a website URL, we fetch publicly accessible pages from that URL, extract their HTML, copy and meta information, and process this content using large language models to generate a conversion audit. Audit results are stored in our database and displayed in your dashboard.

3.3 Billing data

Payments are processed by Stripe, Inc. We never see or store your card details on our servers. Stripe shares with us only the information we need to manage your subscription: your customer ID, subscription status, plan and the last four digits of your card.

3.4 Usage data

Like most websites, we automatically record limited usage data when you interact with the Service: IP address, user agent (browser and OS), pages visited, referring URL and timestamps. We use this data to secure the Service, debug problems and improve the product.

3.5 Cookies

We use a small number of cookies to make the Service work. See the Cookies section below.

4. How we use your data

• To provide the Service — run audits, deliver reports, manage your account and subscription.
• To communicate with you — send transactional emails (account confirmations, weekly audit reports, receipts), respond to support requests, and occasionally notify you about product updates. You can opt out of product updates at any time.
• To secure the Service — detect abuse, prevent fraud and enforce our Terms.
• To improve the product — understand which features are used and where users struggle.
• To comply with the law — respond to legal requests and enforce our rights.

5. Legal basis for processing (GDPR)

If you are in the European Economic Area or the United Kingdom, we rely on the following legal bases under the GDPR:

• Contract — processing necessary to provide the Service you subscribed to (account data, audit data, billing data).
• Legitimate interest — product analytics, security, fraud prevention, basic server logs.
• Consent — marketing emails beyond transactional ones. You can withdraw consent at any time.
• Legal obligation — keeping invoices and tax records for as long as required by Swedish law.

6. Subprocessors

To run Conversion IQ we rely on a small number of trusted third-party providers. Each one is bound by a data-processing agreement and processes your data only on our instructions:

• Supabase (United States) — database and authentication.
• Stripe (United States) — payment processing and subscription management.
• Resend (United States) — transactional email delivery.
• Abacus.AI (United States) — hosting and large-language-model inference for audit generation.

Where data is transferred outside the EEA, we rely on the European Commission’s Standard Contractual Clauses to ensure an adequate level of protection.

7. Data retention

• Account data — kept for as long as your account is active. Deleted within 30 days of account closure.
• Audit data — kept while you remain subscribed. Historical audits remain available in your dashboard so you can track progress over time.
• Billing data — invoices are retained for seven years to comply with Swedish bookkeeping law.
• Server logs — retained for up to 30 days.

8. Your rights

You have the right to access the personal data we hold about you, correct it, delete it, restrict or object to its processing, and request a machine-readable export (data portability). To exercise any of these rights, email [email protected]. We will respond within 30 days.

If you believe we have handled your data unlawfully, you have the right to lodge a complaint with your local supervisory authority — in Sweden, IMY.

9. Cookies

We use cookies sparingly. The cookies we set are:

• Session cookie — keeps you signed in to your Conversion IQ account. Strictly necessary. Expires when you log out or after 30 days of inactivity.
• CSRF token — protects you from cross-site-request-forgery attacks on form submissions. Strictly necessary.
• Stripe cookies — set on our checkout and billing pages to prevent fraud. See Stripe’s cookie policy.

We do not use advertising cookies, we do not sell your data, and we do not share your email with third parties for marketing purposes.

10. Security

Data is encrypted in transit (TLS 1.2+) and at rest. Passwords are stored as salted bcrypt hashes. Access to production systems is restricted to authorised engineers on a need-to-know basis and protected by two-factor authentication.

No system is perfectly secure — if you discover a vulnerability, please email us at [email protected].

11. Children

Conversion IQ is not directed at individuals under 16 and we do not knowingly collect personal data from minors. If you believe a minor has provided us with personal information, please contact us and we will delete it.

12. Changes to this policy

We may update this policy from time to time. When we do, we will change the “Last updated” date at the top and, for material changes, notify active users by email at least 30 days before the changes take effect.

13. Contact

Questions about privacy? Get in touch or email [email protected].