Embeditor

Effective June 22, 2026

Privacy Policy

How Embeditor collects, uses, and protects information.

First draft for review. Confirm company legal name, contact email, subprocessors, retention periods, billing provider, and international transfer mechanism before publishing.

This Privacy Policy explains how Embeditor collects, uses, shares, and protects information when people use our website, app, APIs, embeddable editor, analytics, AI editing features, and related services.

Embeditor is a product for editing live websites, publishing variations, and measuring page and conversion performance. Because the product can run as an embedded script on customer websites, this policy distinguishes between account users who use Embeditor directly and visitors to customer websites where Embeditor is installed.

1. Roles

For account, billing, marketing, product, and support information, Embeditor acts as the business or controller responsible for the information we collect.

For visitor analytics and variation exposure data collected on a customer website, Embeditor generally acts as a service provider or processor for the customer. The customer controls the website, decides whether to install Embeditor, chooses what to test or track, and is responsible for providing any required notices, consents, and opt-outs to its visitors.

2. Information we collect from account users

  • Account information, such as name, email address, password credentials handled through our authentication provider, organization membership, invitation status, and profile details.
  • Customer site information, such as site domains, page URLs or page keys, page metadata, variations, checkpoints, editor operations, published content, and settings.
  • Editor and AI interaction data, such as selected page elements, prompts, instructions, generated suggestions, accepted or rejected edits, usage logs, and tool-call metadata.
  • Support and communications data, such as messages, feedback, survey responses, and email preferences.
  • Security and usage data, such as IP address, device and browser information, log data, authentication events, rate-limit signals, and approximate usage activity.
  • Billing and transaction data if paid plans are enabled, such as plan, invoices, payment status, and billing contact details. Payment card details should be processed by our payment provider, not stored directly by Embeditor.

3. Information collected from customer website visitors

When a customer installs the Embeditor script on its website, we may process pseudonymous visitor analytics so the customer can run split tests and understand performance. The exact data depends on the customer's configuration.

  • Pseudonymous visitor and session identifiers, which may be stored in browser storage to keep variation assignment consistent.
  • Site, page, and variation identifiers, including whether the visitor saw the control or a variation.
  • Event and conversion data, such as checkpoint completions, selected element events, HubSpot or Typeform form submission events where the customer configures those checkpoints, timestamps, and related page context.
  • Engagement metrics, such as time on page, scroll depth, time to first interaction, bounce status, page views, and unique-view counts.
  • Device and technical data, such as user agent, browser, operating system, mobile status, IP address processed by our servers and infrastructure, request headers, and security/rate-limit data.

4. Information we do not intentionally collect

Embeditor is not designed to collect sensitive personal information, payment card numbers, government identifiers, protected health information, children's data, or the contents of private forms from customer website visitors. Customers must not configure Embeditor to collect sensitive or regulated data unless they have a written agreement with Embeditor that specifically permits it.

5. Cookies and similar technologies

We and our service providers may use cookies, localStorage, sessionStorage, pixels, SDKs, and similar technologies for authentication, security, preferences, editor state, variation assignment, visitor/session identification, analytics, and product improvement.

Customers are responsible for determining whether Embeditor's use on their websites requires cookie banners, consent tools, or other disclosures under laws that apply to them.

6. How we use information

  • Provide, secure, maintain, and improve Embeditor.
  • Authenticate users, manage accounts, invite team members, and provide support.
  • Load the editor, save operations, publish website variations, restore versions, and measure variation performance.
  • Provide AI editing features, including by sending prompts, selected page context, and related instructions to AI service providers when those features are used.
  • Detect, prevent, and investigate abuse, fraud, security incidents, and service reliability issues.
  • Communicate about product updates, security, support, and administrative matters.
  • Comply with legal obligations and enforce our agreements.

7. How we share information

We do not sell personal information. We also do not share personal information for cross-context behavioral advertising unless this policy is updated to say otherwise and any required opt-out is provided.

  • Service providers and subprocessors that host, store, secure, transmit, analyze, or help operate the service, such as cloud hosting, database, email, authentication, support, AI, and analytics providers.
  • Customers, for information collected on their websites or in their workspaces, including visitor analytics, page performance data, and editor activity tied to their account.
  • AI providers, when users choose AI editing or generation features.
  • Professional advisors, auditors, insurers, and legal counsel.
  • Authorities, courts, or third parties when we believe disclosure is required by law, needed to protect rights or safety, or necessary to enforce our agreements.
  • Successors in connection with a merger, acquisition, financing, reorganization, or sale of assets.

8. AI features

When users use AI features, prompts, selected page content, operation history, instructions, and generated outputs may be processed by Embeditor and by AI providers. Users should not submit sensitive, confidential, regulated, or third-party data to AI features unless they have the rights and approvals needed to do so.

9. Customer responsibilities

  • Maintain an accurate privacy notice for the customer website.
  • Obtain legally required consent before using Embeditor for analytics, cookies, local storage, experimentation, or conversion tracking.
  • Avoid using Embeditor on sites directed to children under 13 or equivalent minimum ages in other jurisdictions.
  • Avoid configuring checkpoints or page content in ways that send sensitive or regulated data to Embeditor.
  • Honor visitor privacy rights and forward requests to Embeditor when our help is needed.

10. Retention

We keep information for as long as reasonably necessary to provide the service, comply with legal obligations, resolve disputes, enforce agreements, maintain security, and support backups and audit logs. Account users may request deletion of account information. Customers may request deletion of their workspace, site, page, variation, operation, and visitor analytics data subject to legal, security, and backup limitations.

Before publishing, Embeditor should confirm and insert specific default retention periods for visitor analytics, logs, backups, and inactive accounts.

11. Security

We use administrative, technical, and organizational safeguards designed to protect information. No online service can guarantee absolute security. Customers are responsible for securing their own accounts, permissions, websites, and integration keys.

12. International transfers

Embeditor and its service providers may process information in the United States and other countries. If required, Embeditor will use appropriate transfer mechanisms, such as standard contractual clauses, data processing terms, or participation in applicable data transfer frameworks.

13. Privacy rights

Depending on where you live, you may have rights to request access, correction, deletion, portability, restriction, objection, or withdrawal of consent. You may also have the right to opt out of certain disclosures or targeted advertising. To exercise rights, contact us at privacy@embeditor.com.

If your request relates to data collected on a customer website, we may direct you to that customer or help the customer respond because the customer controls that data.

14. California privacy notice

California residents may have rights to know, access, correct, delete, and opt out of sale or sharing of personal information, and to be free from discrimination for exercising those rights. Embeditor does not sell personal information and does not share it for cross-context behavioral advertising as described in this policy.

15. Children

Embeditor is not directed to children under 13, and we do not knowingly collect personal information from children under 13. Customers may not use Embeditor on child-directed websites without a written agreement that specifically permits that use.

16. Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version with a new effective date. If changes are material, we will provide additional notice where required.

17. Contact

Contact: privacy@embeditor.com. Before publishing, replace this with the correct legal entity name, mailing address, and privacy contact.