Privacy Policy

1. What we collect

• Scan URL — the store URL you submit for analysis.
• Email — only if you opt-in to receive the full report or product updates.
• Payment data — handled entirely by Stripe. We never see or store your card details.
• Pixel events — only on stores where you install our pixel; behavioral data, no PII unless you specifically opt-in to associate it.

2. What we do NOT collect

• Customer names (unless they opt-in via email)
• IP addresses in identifiable form — analytics are anonymized
• Tracking cookies — scans are cookieless by default
• Cross-site browsing — we only see traffic on frictionlessai.net and on pixel-installed stores

3. How we use data

• Scan data — to generate your report and improve the aggregate benchmark
• Email — to send your report and occasional product updates (unsubscribe anytime in one click)
• Aggregate scores — feed into our anonymous benchmark dataset; no individual store is identifiable from public data

4. Third parties

• Stripe — payment processing. Their privacy policy applies to payment data.
• Google Analytics 4 — aggregate website traffic, anonymized.
• Microsoft Clarity — aggregate session analytics, anonymized.
• No other third-party data sharing. No data is sold.

5. Your GDPR rights

• Access — request a copy of all data we hold about you
• Deletion — request full deletion; we comply within 30 days
• Portability — request a structured machine-readable export
• Object — opt out of analytics or email at any time

Send any of these requests to enrico.boeker@gmx.de.

6. Data retention

• Scan data: 12 months
• Email: until you unsubscribe
• Payment records: 7 years (German legal requirement, AO §147)
• Benchmark aggregates: indefinite (anonymized, no individual identification possible)

7. Legal basis (GDPR Article 6)

• Art. 6(1)(b) — performance of contract (delivering scan reports)
• Art. 6(1)(f) — legitimate interest (improving the service, fraud prevention)
• Art. 6(1)(a) — consent (email marketing, only on explicit opt-in)

8. Contact