Automated tool for ab testing ideas & examples for your site
Sign In Get Started

Privacy Policy

Last updated: March 30, 2026

This Privacy Policy describes how abTestBot, operated by Marginwalkers ("we," "us," or "our"), collects, uses, and shares your personal information when you use our website at https://abtestbot.com and related services (collectively, the "Service"). By using the Service, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

We collect the following types of information:

Account Information

  • Your name and email address when you create an account
  • Website URLs you submit for analysis
  • Password (stored in hashed form; we never store or have access to your plain-text password)
  • Billing information (processed and stored by Stripe; we do not store your full credit card number)

Usage Data

  • Pages you visit within the Service
  • Features you use and actions you take (e.g., generating ideas, saving favorites)
  • Device information such as browser type, operating system, and screen resolution
  • IP address and approximate geographic location
  • Date and time of access

Cookies

  • We use essential cookies to maintain your authentication session and remember your preferences
  • We may use optional analytics cookies to understand how the Service is used; you can opt out of these at any time

2. How We Use Your Information

We use the information we collect to:

  • Provide and maintain the Service — including generating A/B test ideas for your websites, managing your account, and processing payments
  • Analyze your websites for test ideas — we visit the publicly accessible pages of URLs you submit to generate AI-powered optimization suggestions
  • Improve the Service — we use aggregated and anonymized usage data to understand how our features are used and to develop new features
  • Communicate with you — to send transactional emails (account confirmations, password resets, billing receipts), idea digest emails you have opted into, and important service announcements
  • Ensure security — to detect and prevent fraud, abuse, and unauthorized access to your account

3. Website Analysis

When you submit a URL for analysis, our Service visits the publicly accessible pages of that website to generate A/B test ideas. This is the same content any visitor to that website would see.

We do not:

  • Access your website's analytics, admin panels, or backend systems
  • Collect or store your visitors' personal information
  • Access any password-protected or authenticated areas of your website
  • Collect customer data, transaction data, or any non-public information from your website
  • Install any code, scripts, or tracking pixels on your website

Our analysis is limited strictly to publicly visible content such as page layout, text, images, and navigation structure.

4. Google Integrations (Optional)

If you choose to connect Google Search Console or Google Analytics 4 to your account, we access the following data on your behalf via Google's official OAuth 2.0 authorization flow:

Google Search Console

  • Search performance data: queries, impressions, clicks, click-through rate, and average position for your verified properties
  • Page-level performance breakdowns by device and country

Google Analytics 4

  • Aggregated page metrics: sessions, engagement rate, bounce rate, average session duration, conversions, and revenue by page path and traffic source
  • We access only aggregate analytics data — we never access individual user records, personally identifiable visitor information, or raw event-level data

How we use this data

  • To generate data-informed A/B test ideas specific to your actual traffic and conversion patterns
  • To validate the results of completed experiments against real analytics changes
  • Data from Google integrations is stored in your workspace and is never sold, shared with third parties, or used to train AI models

Token storage

  • OAuth refresh tokens are encrypted at rest using AES-256-GCM encryption before being stored in our database
  • Access tokens are short-lived and refreshed automatically — we never store long-lived access tokens in plaintext
  • You can disconnect any Google integration at any time from Settings → Integrations, which immediately revokes and deletes all stored tokens and synced data

Google integration scopes we request are read-only ("sensitive" tier under Google's OAuth policy). We request only the minimum data necessary to power the features described above. You can review and revoke our access at any time via Google Account Permissions.

5. Data Storage & Security

We take the security of your data seriously and implement appropriate technical and organizational measures to protect it:

  • All data is transmitted over encrypted connections (TLS/SSL)
  • User data and authentication are managed through Supabase, which provides enterprise-grade security including row-level security and encrypted data storage
  • Our application is hosted on Cloudflare, providing DDoS protection, a global CDN, and edge security
  • Passwords are cryptographically hashed and never stored in plain text
  • Access to production systems is restricted to authorized personnel only
  • Google OAuth refresh tokens are encrypted at rest using AES-256-GCM before storage
  • Integration credentials are stored per-workspace and can be deleted by the account owner at any time

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to following industry best practices.

6. Third-Party Services

We use the following third-party services to operate the Service. Each has its own privacy policy governing the use of your information:

  • Stripe — payment processing. When you subscribe to a paid plan, your payment information is collected and processed directly by Stripe. We do not store your full credit card details. See Stripe's Privacy Policy.
  • Supabase — authentication, database, and data storage. Your account data and generated ideas are stored securely in Supabase. See Supabase's Privacy Policy.
  • Cloudflare — website hosting, CDN, and security. See Cloudflare's Privacy Policy.
  • Google (Search Console & Analytics 4) — if you connect Google integrations, data is accessed via Google's official APIs. See Google's Privacy Policy.
  • Resend — transactional and digest email delivery. We share only your email address and name as necessary to deliver messages. See Resend's Privacy Policy.

We do not sell, rent, or trade your personal information to any third party.

7. Data Retention

  • Active accounts: Your account data, generated ideas, and website analysis results are retained for as long as your account is active and you maintain a relationship with us.
  • Account deletion: When you delete your account, all of your personal data, saved ideas, and website analysis data will be permanently deleted within 30 days. Some anonymized, aggregated data may be retained for analytical purposes.
  • Billing records: We may retain billing transaction records as required by applicable tax and financial regulations, even after account deletion.

8. Your Rights

You have the following rights regarding your personal information:

  • Access: You can access all the data we hold about you through your account dashboard at any time.
  • Correction: You can update or correct your account information through your account settings.
  • Deletion: You can request deletion of your account and all associated data by contacting us or through your account settings. Deletion will be completed within 30 days.
  • Export: You can export your generated ideas and analysis data from your account.
  • Cancellation: You can cancel your subscription at any time through your account settings. Your account will remain accessible until the end of your current billing period.
  • Opt-out: You can opt out of non-essential emails (such as idea digests) at any time through your account settings or by using the unsubscribe link in any email.

To exercise any of these rights, you can contact us via our contact form.

9. Cookies

We use essential cookies only to maintain your authentication session and ensure the Service functions properly. These cookies are strictly necessary and cannot be disabled while using the Service.

We may also use optional analytics cookies to understand how visitors interact with the Service. These cookies are not required for the Service to function, and you can opt out of them at any time through your browser settings or our cookie preferences.

We do not use advertising cookies or share cookie data with third-party advertisers.

10. Children's Privacy

The Service is not directed at children under the age of 13, and we do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected personal information from a child under 13, we will take steps to delete that information as quickly as possible. If you believe a child under 13 has provided us with personal information, please contact us via our contact form.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make changes, we will update the "Last updated" date at the top of this page. For significant changes, we will notify you by email or through a prominent notice on the Service.

Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of the updated policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: