Privacy Policy

Last updated January 6, 2026

This Privacy Notice for CRO Forge (“we,” “us,” or “our”) explains how and why we may access, collect, store, use, and/or share (“process”) your personal information when you use our services (“Services”). This includes situations where you:

Visit our website at https://croforge.com/ or any of our websites that link to this Privacy Notice

Use CRO Forge, our AI-powered platform for smarter website content testing

Interact with us in other related ways, including sales, marketing, or events

Questions or concerns? Reviewing this Privacy Notice will help you understand your privacy rights and available choices. We are responsible for determining how your personal information is processed. If you do not agree with our policies and practices, please do not use our Services. If you have further questions or concerns, you may contact us at [email protected].

Summary Of Key Points

This summary highlights the main points of our Privacy Notice. You can find additional details on any topic by following the links referenced with each key point or by reviewing the table of contents below to locate the relevant section.

What personal information do we process?
When you visit, use, or navigate our Services, we may process personal information depending on how you interact with us and the Services, the choices you make, and the products or features you use. Learn more about the personal information you disclose to us.

Do we process any sensitive personal information?
Certain information may be considered “special” or “sensitive” in some jurisdictions, such as racial or ethnic origin, sexual orientation, or religious beliefs. We do not process sensitive personal information.

Do we collect information from third parties?
We do not collect personal information from third parties.

How do we process your information?
We process your information to provide, improve, and manage our Services, communicate with you, ensure security and prevent fraud, and comply with legal obligations. We may also process your information for other purposes when you have provided your consent. We only process personal information when we have a valid legal basis to do so. Learn more about how we process your information.

In what situations and with which parties do we share personal information?
We may share personal information in specific situations and with specific third parties. Learn more about when and with whom your personal information is shared.

How do we keep your information safe?
We implement appropriate organisational and technical safeguards to protect your personal information. However, no method of electronic transmission or storage can be guaranteed to be completely secure. As a result, we cannot guarantee that unauthorised parties such as hackers or cybercriminals will never be able to access, misuse, or alter your information. Learn more about how we safeguard your data.

What rights do you have?
Depending on your geographic location, applicable privacy laws may grant you certain rights regarding your personal information. Learn more about your privacy rights.

How can you exercise your rights?
The simplest way to exercise your rights is by submitting a data subject access request or contacting us directly. We will review and respond to all requests in accordance with applicable data protection laws.

What Information Do We Collect?

Personal information you disclose to us

We collect personal information that you voluntarily provide when you register for the Services, express interest in our products or Services, participate in activities on the Services, or otherwise communicate with us.

Personal Information Provided by You.
The personal information we collect varies depending on how you interact with us and the Services, the choices you make, and the features you use. This information may include:

  • Names
  • Email addresses
  • Usernames
  • Passwords
  • Contact preferences
  • Contact or authentication data
  • Billing addresses
  • Debit or credit card numbers

Sensitive Information:
We do not process sensitive personal information.

Payment Data:
If you make purchases through the Services, we may collect information required to process your payment, such as your payment method number and associated security code. All payment information is processed and stored by Stripe. You can review Stripe’s privacy practices through their privacy notice available at: https://support.stripe.com/topics/privacy.

Social Media Login Data:
You may have the option to register or log in using your existing social media accounts, such as Facebook, X, or other social platforms. If you choose this option, we will receive certain profile information from the social media provider, as described in the section titled “HOW DO WE HANDLE YOUR SOCIAL LOGINS?” below.

All personal information you provide must be accurate, complete, and up to date. You are responsible for notifying us of any changes to your personal information.

Information automatically collected

We automatically collect specific information when you visit, use, or navigate the Services. This information does not directly identify you but may include device and usage details such as your IP address, browser type, device characteristics, operating system, language preferences, referring URLs, device name, country, location, and information about how and when you use the Services. This data is primarily used to maintain security, operate the Services, and support internal analytics and reporting.

Like many businesses, we also use cookies and similar tracking technologies. Additional information is available in our Cookie Notice.

The automatically collected information includes:

Log and Usage Data:
This includes service-related diagnostic, usage, and performance data automatically collected by our servers and recorded in log files. Depending on your interaction with the Services, this may include IP address, device details, browser type, settings, activity timestamps, pages viewed, searches performed, feature usage, system activity, error reports, and hardware settings.

Device Data:
We collect data about the devices you use to access the Services, such as computers, smartphones, tablets, or other devices. This may include IP address or proxy server details, device and application IDs, location data, browser type, hardware model, internet service provider or mobile carrier, operating system, and system configuration.

Location Data:
We collect location-related information based on your device settings. This may include precise or approximate location data derived from GPS, IP address, or other technologies. The amount of data collected depends on your device type and settings. You may disable location access through your device settings, though doing so may limit certain Service features.

Google API

Any information received from Google APIs is handled in accordance with the Google API Services User Data Policy, including compliance with the Limited Use requirements.

How Do We Process Your Information?

In Short: We process your information to operate, improve, and manage our Services, communicate with you, maintain security, prevent fraud, and comply with legal requirements. Additional processing may occur with your consent.

We process personal information for various purposes depending on how you interact with the Services, including:

  • To support account creation and authentication and manage user accounts. We process your information to allow you to create an account, log in securely, and maintain proper account functionality.
  • To protect vital interests. We may process personal information when necessary to protect an individual’s vital interests, such as preventing harm.

What Legal Bases Do We Rely On To Process Your Information?

If you are located in the EU or UK

The General Data Protection Regulation (GDPR) and the UK GDPR require us to identify the lawful bases on which we rely when processing personal information. Accordingly, we may process your personal information based on the following legal grounds:

Consent: We may process your personal information when you have given us clear permission to do so for a specific purpose. You have the right to withdraw your consent at any time.

Legal Obligations: We may process your information where it is necessary to comply with legal or regulatory requirements, including cooperating with law enforcement or regulatory authorities, exercising or defending legal claims, or disclosing information as evidence in legal proceedings.

Vital Interests: We may process your personal information when it is necessary to protect your vital interests or those of another individual, such as in situations involving potential threats to personal safety.

If you are located in Canada. We may process your personal information if you have provided express consent for a specific purpose or where consent can reasonably be inferred (implied consent). You may withdraw your consent at any time.

In certain limited circumstances, applicable Canadian law permits us to process personal information without consent, including but not limited to situations where:

  • Collection is clearly in the interests of an individual and consent cannot be obtained promptly
  • Processing is required for investigations or fraud detection and prevention
  • The information is necessary for business transactions where legal conditions are satisfied
  • The information is included in a witness statement and required to assess, process, or settle an insurance claim
  • Processing is required to identify injured, ill, or deceased individuals or to communicate with next of kin
  • There are reasonable grounds to believe an individual is, has been, or may be a victim of financial abuse
  • Seeking consent would compromise the availability or accuracy of the information and the collection is reasonable for investigating a breach of an agreement or a violation of Canadian law
  • Disclosure is required to comply with a subpoena, warrant, court order, or court rules
  • The information was produced in the course of employment, business, or professional activities and is collected consistently with its original purpose
  • The collection is solely for journalistic, artistic, or literary purposes
  • The information is publicly available as defined by applicable regulations

When And With Whom Do We Share Your Personal Information?

We may share or transfer your personal information in the following situations:

Business Transfers. Your information may be shared or transferred as part of, or during negotiations for, any merger, sale of company assets, financing, or acquisition of all or part of CRO Forge by another entity.

Do We Use Cookies And Other Tracking Technologies?

We use cookies and related technologies such as web beacons and pixels to gather information when you interact with our Services. These technologies help us maintain security, prevent system failures, fix bugs, remember your preferences, and support core website functionality.

We may also allow third-party service providers to use tracking technologies on our Services for analytics and advertising purposes. This includes managing and displaying advertisements, tailoring advertising to your interests, or sending reminders such as abandoned cart notifications, subject to your communication preferences. These third parties may display interest-based advertisements either on our Services or on other websites.

To the extent that such tracking technologies are considered a “sale” or “sharing” of personal information (including targeted advertising) under applicable U.S. state privacy laws, you may opt out by submitting a request as described in the section titled “DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?”

Additional details on how we use cookies and how you can manage or refuse them are provided in our Cookie Notice.

Google Analytics

We may share certain information with Google Analytics to help monitor and analyse usage of the Services. The Google Analytics Advertising Features we may use include:

Google Analytics Demographics and Interests Reporting

Remarketing with Google Analytics

Google Display Network Impressions Reporting

You can opt out of Google Analytics tracking across our Services by visiting: https://tools.google.com/dlpage/gaoptout

You may also manage Google Analytics Advertising Features through Google Ads Settings or your mobile app ad settings. Additional opt-out options are available at: http://optout.networkadvertising.org/

http://www.networkadvertising.org/mobile-choice

For more information, please review Google’s Privacy & Terms documentation.

Do We Offer Artificial Intelligence-based Products?

As part of our Services, CRO Forge offers tools and features that rely on artificial intelligence, machine learning, or related technologies (collectively, “AI Products”). These AI Products are intended to enhance functionality, improve insights, and deliver innovative solutions. Your use of AI Products is governed by this Privacy Notice.

Use of AI Technologies

We deliver AI Products through third-party service providers (“AI Service Providers”), including OpenAI. To enable these features, your inputs, outputs, and personal information may be shared with and processed by these AI Service Providers in accordance with this Privacy Notice and the legal bases described in “WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR INFORMATION?”

You must not use the AI Products in a way that violates the terms or policies of any AI Service Provider.

Our AI Products
Our AI-powered features are designed to support the following functions:

  • AI-driven insights
  • AI-based search
  • Predictive analytics
  • Automation
  • Text and content analysis
  • How We Process Your Data Using AI

All personal information processed through our AI Products is handled in accordance with this Privacy Notice and our contractual agreements with third-party providers. We apply appropriate safeguards to protect your data and ensure a high level of security throughout the AI processing lifecycle.

How Do We Handle Your Social Logins?

Our Services allow you to register and log in using third-party social media account credentials (such as Facebook or X). If you choose this option, CRO Forge will receive specific profile information from the relevant social media provider. The information shared may differ depending on the provider, but typically includes your name, email address, profile picture, friends list, and any other information you have chosen to make publicly available on that platform.

We use the information received from social media providers solely for the purposes described in this Privacy Notice or as otherwise clearly disclosed to you through the Services. Please note that we do not control, and are not responsible for, how third-party social media platforms collect, use, or share your personal information. We encourage you to review the privacy policies of those providers to understand their data practices and how you can manage your privacy settings on their platforms.

How Long Do We Keep Your Information?

We will store your personal information for the duration necessary to achieve the purposes described in this Privacy Notice, unless applicable law requires or permits a longer retention period (such as for tax, accounting, or legal compliance purposes). No purpose outlined in this Privacy Notice requires us to retain your personal information for longer than the period during which you maintain an active account with us.

When we no longer have a legitimate business need to process your personal information, we will either delete or anonymise it. If deletion or anonymisation is not immediately possible (for example, because the data is stored in backup archives), we will securely store the information and isolate it from further processing until deletion becomes feasible.

How Do We Keep Your Information Safe?

We have implemented reasonable and appropriate technical and organisational safeguards designed to protect the security of the personal information we process. However, despite these measures, no electronic transmission over the internet or method of data storage can be guaranteed to be completely secure. As a result, we cannot promise or guarantee that unauthorised third parties, such as hackers or cybercriminals, will never be able to bypass our security and gain access to your information.

While we take reasonable steps to protect your personal information, any transmission of personal data to or from our Services is done at your own risk. You should access the Services only within a secure environment.

Do We Collect Information From Minors?

CRO Forge does not knowingly collect, solicit, or market personal information from children under 18 years of age, nor do we knowingly sell such information. By using the Services, you confirm that you are at least 18 years old or that you are the parent or legal guardian of a minor and consent to that minor’s use of the Services.

If we become aware that we have collected personal information from an individual under the age of 18, we will deactivate the account and take reasonable steps to promptly delete such information from our records. If you believe we may have collected information from a child under 18, please contact us at [email protected].

What Are Your Privacy Rights?

If you are a resident of certain regions, including the United States (depending on state law), the European Economic Area (EEA), the United Kingdom (UK), Switzerland, or Canada, you may have rights under applicable data protection laws. These rights may include the ability to review, update, or delete your personal information, or to terminate your account, subject to local legal requirements.

In regions such as the EEA, UK, Switzerland, and Canada, your rights may include:

  • The right to request access to and obtain a copy of your personal information
  • The right to request correction or deletion of your personal information
  • The right to restrict the processing of your personal information
  • The right to data portability, where applicable
  • The right not to be subject to certain forms of automated decision-making

In certain circumstances, you may also have the right to object to the processing of your personal information. You may exercise these rights by contacting us using the details provided in the section titled “HOW CAN YOU CONTACT US ABOUT THIS NOTICE?” below. We will respond to all requests in accordance with applicable data protection laws.

If you are located in the EEA or UK and believe that we are unlawfully processing your personal information, you have the right to lodge a complaint with your local data protection authority.
If you are located in Switzerland, you may contact the Federal Data Protection and Information Commissioner.

Withdrawing Your Consent Where we rely on your consent to process personal information, you have the right to withdraw that consent at any time by contacting us or updating your preferences. Please note that withdrawing consent does not affect the lawfulness of processing carried out before the withdrawal, nor does it affect processing conducted under other lawful bases where permitted by law.

Marketing and Promotional Communications You may opt out of receiving marketing and promotional communications at any time by clicking the unsubscribe link in our emails or by contacting us using the details provided below. After unsubscribing, you may still receive service-related communications that are necessary for account administration, responding to requests, or other non-marketing purposes.

Account Information

If you wish to review, update, or terminate your account, you may:

Log in to your account settings and update your information.

Upon request to terminate your account, we will deactivate or delete your account and remove your information from our active databases. However, we may retain certain information to prevent fraud, resolve disputes, assist with investigations, enforce our legal terms, or comply with legal obligations.

Cookies and Similar
Technologies Most web browsers automatically accept cookies by default. You may choose to configure your browser to remove or reject cookies, but doing so may affect the availability or functionality of certain features of the Services. For additional information, please review our Cookie Notice.

If you have questions or concerns regarding your privacy rights, you may contact us at [email protected].

Controls For Do-not-track Features

Most web browsers and certain mobile operating systems and applications include a Do-Not-Track (“DNT”) feature that allows users to signal their preference not to have their online activities tracked. At present, there is no universally accepted standard for recognising or responding to DNT signals.

As a result, CRO Forge does not currently respond to DNT browser signals or similar automated mechanisms. If a recognised standard for online tracking is adopted in the future that we are required to follow, we will update this Privacy Notice accordingly.

Under California law, we are required to disclose how we respond to DNT signals. Because no industry or legal standard currently exists for honouring such signals, we do not respond to them at this time.

Do United States Residents Have Specific Privacy Rights?

Categories of Personal Information We Collect

Over the past twelve (12) months, we have not collected any of the following categories of personal information. This includes identifiers such as real names, aliases, postal addresses, telephone or mobile numbers, unique personal identifiers, online identifiers, Internet Protocol (IP) addresses, email addresses, or account names. We have not collected personal information as defined under the California Customer Records statute, including name, contact details, education, employment or employment history, or financial information.

We do not collect protected classification characteristics under state or federal law, such as gender, age, date of birth, race or ethnicity, national origin, marital status, or other demographic data. We also do not collect commercial information, including transaction details, purchase history, financial details, or payment information.

Additionally, we do not collect biometric information such as fingerprints or voiceprints, nor do we collect internet or other network activity information, including browsing history, search history, online behaviour, interest data, or interactions with websites, applications, systems, or advertisements. We do not collect geolocation data related to device location.

We do not collect audio, electronic, sensory, or similar information, including images, audio recordings, video recordings, or call recordings created in connection with our business activities. We also do not collect professional or employment-related information such as business contact details, job titles, work history, or professional qualifications, nor do we collect education-related information, including student records or directory information.

Finally, we do not create or collect inferences drawn from personal information to build profiles or summaries about an individual’s preferences or characteristics, and we do not collect any sensitive personal information.

We may also collect additional personal information outside the categories listed above when you interact with us in person, online, by phone, or by mail in situations such as:

  • Receiving assistance through our customer support channels
  • Participating in customer surveys, feedback programs, or contests
  • Supporting the delivery of our Services and responding to your questions or requests
  • Sources of Personal Information
  • You can learn more about the sources of personal information we collect by reviewing the section titled “WHAT INFORMATION DO WE COLLECT?”
  • How We Use and Share Personal Information
  • Details about how we use your personal information are explained in the section “HOW DO WE PROCESS YOUR INFORMATION?”
  • Will Your Information Be Shared With Anyone Else?

We may disclose your personal information to our service providers under written contracts that govern how such information is handled. Additional details about disclosures can be found in the section “WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?”

We may use personal information for our own internal business purposes, such as conducting internal research related to technology development and service improvement. This type of use does not constitute the sale of personal information.

We have not disclosed, sold, or shared any personal information with third parties for business or commercial purposes during the preceding twelve (12) months. We do not sell or share the personal information of website visitors, users, or other consumers, and we do not intend to do so in the future.

Your Rights

Under certain US state data protection laws, you may have specific rights regarding your personal information. These rights are not absolute, and we may decline a request where permitted by law. Your rights may include:

  • The right to know whether we are processing your personal data
  • The right to access your personal data
  • The right to correct inaccuracies in your personal data
  • The right to request deletion of your personal data
  • The right to obtain a copy of personal data you have previously provided to us
  • The right to non-discrimination for exercising your privacy rights
  • The right to opt out of the processing of personal data used for targeted advertising, the sale or sharing of personal data (as defined under California law), or profiling that produces legal or similarly significant effects

Depending on the US state in which you reside, you may also have the following additional rights:

  • The right to access the categories of personal data being processed (as permitted by applicable law, including Minnesota privacy law)

  • The right to obtain a list of categories of third parties to whom personal data has been disclosed (as permitted by applicable law, including California and Delaware privacy laws)
  • The right to obtain a list of specific third parties to whom personal data has been disclosed (as permitted by applicable law, including Minnesota and Oregon privacy laws)
  • The right to review, understand, question, and correct how personal data has been profiled (as permitted by applicable law, including Minnesota privacy law)
  • The right to limit the use and disclosure of sensitive personal data (as permitted by applicable law, including California privacy law)
  • The right to opt out of the collection of sensitive data and personal data collected through voice or facial recognition features (as permitted by applicable law, including Florida privacy law)

How to Exercise Your Rights
You may exercise your privacy rights by submitting a data subject access request, emailing us at [email protected], visiting contact, or by using the contact information provided at the end of this Privacy Notice.

In accordance with applicable US state privacy laws, you may designate an authorised agent to submit a request on your behalf. We may deny requests submitted by an authorised agent if they fail to provide valid proof of authorisation as required by law.

Request Verification
Once we receive your request, we will verify your identity to ensure that you are the individual whose information is being requested. The personal information provided in your request will be used solely for verification, security, or fraud prevention purposes. If we cannot verify your identity using the information we already have, we may request additional information.

If a request is submitted through an authorised agent, we may require further information to verify your identity, and the agent must provide a written and signed authorisation permitting them to act on your behalf.

Appeals
If we decline to take action on your request under applicable US state data protection laws, you may appeal our decision by emailing us at [email protected]. We will respond in writing with an explanation of the action taken or the reason for denying the appeal. If your appeal is denied, you may submit a complaint to your state attorney general.

California “Shine The Light” Law
Under California Civil Code Section 1798.83, commonly known as the “Shine The Light” law, California residents may request, once per year and free of charge, information regarding the categories of personal information (if any) that we disclosed to third parties for direct marketing purposes, along with the names and addresses of those third parties during the previous calendar year. California residents may submit such requests using the contact details provided in the section “HOW CAN YOU CONTACT US ABOUT THIS NOTICE?”

Do We Make Updates To This Notice?

We may revise this Privacy Notice from time to time. Any updated version will be identified by a revised “Last Updated” date displayed at the top of this Privacy Notice. If we make significant or material changes, we may inform you by prominently displaying a notice on our website or by sending you a direct notification where appropriate. We encourage you to regularly review this Privacy Notice so you remain informed about how we safeguard your personal information.

How Can You Contact Us About This Notice?

If you have any questions, concerns, or comments regarding this Privacy Notice, you may contact us by email at [email protected] or by postal mail at the address below:

  • CRO Forge
  • 13 Saltgrass Ave, Tarneit VIC 3029
  • Australia

How Can You Review, Update, Or Delete The Data We Collect From You?

Depending on the laws applicable in your country of residence or your US state of residence, you may have the right to request access to the personal information we collect about you, receive details regarding how that information has been processed, request corrections to inaccurate data, or ask for the deletion of your personal information. You may also have the right to withdraw your consent to our processing of your personal information.

Please note that these rights may be subject to limitations or exceptions under applicable law. To exercise your rights to review, update, or delete your personal information, please complete and submit a data subject access request through the appropriate channels.

CRO Forge
Smarter website content testing with AI

Navigation

CRO Forge for

Resources

Legal

Social