Privacy policy

Last updated January 26, 2023

1. Introduction

PageVitals ApS ("PageVitals", "we", "us") provides web performance monitoring services ("Software" or "Services"). We are a privacy-first company, committed to minimizing data collection and protecting the privacy of our customers, and their end users. This Privacy Policy describes our practices in gathering, securing, and using application and personal data.

By making web performance data or personal data available to us through our website, Services, or related communication, you agree to the terms of this Privacy Policy and you expressly consent to the processing of your data in accordance with this Privacy Policy.

Our privacy policy depends on which group you belong to:

Visitors on pagevitals.com who haven't signed up for an account
Users of the PageVitals Admin UI (app.pagevitals.com)
End users visiting a website that uses PageVitals Field Testing script

We'll go through each group in the following sections

2. Visitors on pagevitals.com who haven't signed up for an account

We use Field Testing on pagevitals.com which is completely anonymous and does not track PII or behavior. You can read more about what data is collected in section 4.

If you give us consent, we will use the chat provider Crisp for providing support and customer success services. You can see the Crisp's privacy policy here

If you give us consent, we will use the session replay tool Mouseflow for improving our website, discovering UX issues and bugs. You can read Mouseflow's privacy policy here

2.3 Data you give us

PageVitals collects your email address if you voluntarily enter it when subscribing to our newsletter, or similar.

If you want to try our demo on your website, we'll collect:

Your website's domain
Publicly available and anonymous information collected by crawling your website via a synthetic browser.

3. Users of the PageVitals Admin UI (app.pagevitals.com)

3.1 Data you give us

When you sign up for an account or accept an invitation into an existing account, we will collect the following data:

Your email address
Either an encrypted token from Google or Microsoft if you use them as login provider
Or, a cryptographically safe salted and hashed password (using bcrypt)
Your name
The country of your Internet Service Provider
Your profile picture, if provided via Google or Microsoft
An account name that you choose
Your website domain

3.2 Data we collect automatically

We use our own Field Testing solution. You can read more about this in section 4.

We use the chat provider Crisp for providing support, customer success services and newsletter mail-outs. You can see the Crisp's privacy policy here.

We use the session replay tool Mouseflow for improving our web app, discovering UX issues and bugs. You can read Mouseflow's privacy policy here, and you can opt out here.

We use Twilio SendGrid to send out transactional emails. See their privacy policy here

We use Stripe to handle billing. Credit card information is never sent to our platform. Read Stripe's privacy policy here.

4. End users visiting a website that uses PageVitals Field Testing script

When a browser visits to a website that has the PageVitals Field Testing script installed, the following data is collected:

The country of the Internet Service Provider
The operating system
The browser name
The device type (desktop, mobile or tablet)
Anonymous performance data typically available through the performance.getEntries() array.
Technical browser events such as largest-contentful-paint, layout-shift and interaction-to-next-paint, as used by the public web-vitals.js script
Note that we immediately discard both the IP address and the User-Agent string at the edge, so this information isn't stored by us (unfortunately it's not technically possible to avoid sending this at all).
No cookies are set (or any other similar browser persistence mechanism).
No user behavior is monitored, such as mouse or keyboard events.

According to our interpretation of the EU GDPR law, the EU ePrivacy Directive and CCPA, the above doesn't require consent. Even though we very temporarily get access to the end user's IP address before we discard it, this alone isn't enough to constitute PII since we have no lawful means of accessing personal data held by the end user's ISP, and we are not reasonably capable of linking this data to particular consumer or household.

Note that despite the above, it's the responsibility of the PageVitals client to make sure local law is followed.

5. How We Protect Your Information

PageVitals uses a variety of security measures to maintain the safety of your Personal Data. All transmitted data is using Transport Layer Security (TLS) version 1.2 or above. Passwords are salted and hashed using the recommended algorithms. Payment information is sent directly to Stripe and never stored on our platform.

PageVitals will never sell your personal data to anyone. Your personal data is only accessible to PageVitals employees, contractors, and our service providers that require the data in order for our Software to operate.

6. Cookies

A cookie is a string of information that a website stores on a visitor's computer, and that the visitor's browser provides to the website each time the visitor returns. We use cookies to help identify and track visitors, their usage of our website, and their website access preferences. PageVitals visitors who do not wish to have cookies placed on their computers should set their browsers to refuse cookies before using the PageVitals website, Service, or other materials. Certain features may not function properly without the aid of cookies.

7. Privacy Policy Changes

PageVitals may change our Privacy Policy from time to time, at our sole discretion. PageVitals encourages visitors to frequently check this page for any changes to its Privacy Policy. Your continued use of this site after any change in this Privacy Policy will constitute your acceptance of such change.

Table of contents