Privacy Policy

Last updated: 23 February 2026

Your privacy matters. This policy explains what data PageDuel collects, why, and how it is protected. We comply with the EU General Data Protection Regulation (GDPR) and German data protection law (BDSG).

1. Data Controller

The data controller responsible for the processing of your personal data is:

Bogdan Nichovski

Bünde, Germany

Email: privacy@pageduel.com

2. Data We Collect

We collect data in the following categories:

2.1 Account Data

When you register, we collect your name and email address. This is required to create and manage your account.

2.2 Usage Data

We collect information about how you use PageDuel — pages visited, features used, experiments created, and timestamps. This helps us improve the product and diagnose issues.

2.3 Experiment Data

PageDuel stores the A/B test configurations and aggregated result data for experiments you create. Visitor-level data collected by our tracking snippet on your website is anonymised and aggregated before storage — we do not store individual visitor profiles.

2.4 Payment Data

Payments are handled by Stripe. We store only non-sensitive billing metadata (plan, subscription status, Stripe customer ID). Full card details are never stored on our servers.

2.5 Technical Data

When you visit pageduel.com, our servers may log your IP address, browser type, operating system, and referrer URL. These logs are used for security and error monitoring and are retained for a maximum of 30 days.

3. Legal Basis for Processing

We rely on the following legal bases under Article 6 GDPR:

Contract performance (Art. 6(1)(b)): Processing your account and payment data is necessary to provide the service you signed up for.
Legitimate interests (Art. 6(1)(f)): We process usage and technical data to maintain security, prevent abuse, and improve the product.
Consent (Art. 6(1)(a)): Where we send marketing communications, we rely on your explicit consent, which you can withdraw at any time.
Legal obligation (Art. 6(1)(c)): We may process data where required by applicable law (e.g. tax records).

4. How We Use Your Data

Providing, operating, and maintaining the PageDuel service
Processing payments and managing your subscription
Sending transactional emails (password reset, billing receipts, trial reminders)
Responding to support requests
Detecting and preventing fraud, abuse, or security incidents
Improving product features based on aggregated usage patterns
Sending product updates and marketing emails (only with your consent)

We do not sell, rent, or trade your personal data to third parties.

5. Third-Party Services

We use the following third-party processors, each bound by a data processing agreement:

Service	Purpose	Location
Stripe	Payment processing	USA (Standard Contractual Clauses)
Vercel	Hosting & infrastructure	USA / EU (Standard Contractual Clauses)
Resend / Transactional Email	Email delivery	USA (Standard Contractual Clauses)

Data transfers to countries outside the EEA are protected by Standard Contractual Clauses (SCCs) as approved by the European Commission.

6. Data Retention

Account data: Retained for the duration of your account and deleted within 30 days of account deletion.
Experiment data: Retained for the duration of your account.
Server logs: Deleted after 30 days.
Payment records: Retained for 10 years as required by German tax law (§ 147 AO).

7. Your Rights (GDPR)

As a data subject, you have the following rights under the GDPR:

Right of access (Art. 15): Request a copy of the personal data we hold about you.
Right to rectification (Art. 16): Request correction of inaccurate data.
Right to erasure (Art. 17): Request deletion of your data (“right to be forgotten”).
Right to restriction (Art. 18): Request that we limit processing of your data.
Right to data portability (Art. 20): Receive your data in a machine-readable format.
Right to object (Art. 21): Object to processing based on legitimate interests.
Right to withdraw consent: Where processing is based on consent, you can withdraw it at any time.

To exercise any of these rights, contact us at privacy@pageduel.com. We will respond within 30 days. You also have the right to lodge a complaint with the relevant data protection authority. In Germany, this is the Landesbeauftragte für Datenschutz und Informationsfreiheit NRW.

8. Cookies & Tracking

PageDuel uses only essential cookies required to operate the service (session authentication, CSRF protection). We do not use advertising cookies or third-party tracking pixels.

The PageDuel tracking snippet installed on your website assigns an anonymous visitor ID (stored in localStorage) to enable experiment assignment. No personally identifiable information is transmitted from your visitors to our servers.

9. Security

We implement appropriate technical and organisational measures to protect your data, including encryption in transit (TLS), encrypted storage, and access controls. In the event of a data breach that poses a risk to your rights, we will notify the relevant supervisory authority within 72 hours and affected users without undue delay.

10. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email or an in-app notice at least 14 days before they take effect. The “Last updated” date at the top of this page reflects the most recent revision.

11. Contact

For any privacy-related questions or to exercise your rights, contact us at:

Bogdan Nichovski

Bünde, Germany

Email: privacy@pageduel.com