Table of contents
Last updated January 26, 2023
- Visitors on pagevitals.com who haven't signed up for an account
- Users of the PageVitals Admin UI (app.pagevitals.com)
- End users visiting a website that uses PageVitals Field Testing script
We'll go through each group in the following sections
2. Visitors on pagevitals.com who haven't signed up for an account
2.1 Data collected without consent
We use Field Testing on pagevitals.com which is completely anonymous and does not track PII or behavior. You can read more about what data is collected in section 4.
2.2 Data collected with consent
2.3 Data you give us
PageVitals collects your email address if you voluntarily enter it when subscribing to our newsletter, or similar.
If you want to try our demo on your website, we'll collect:
- Your website's domain
- Publicly available and anonymous information collected by crawling your website via a synthetic browser.
3. Users of the PageVitals Admin UI (app.pagevitals.com)
3.1 Data you give us
When you sign up for an account or accept an invitation into an existing account, we will collect the following data:
- Your email address
- Either an encrypted token from Google or Microsoft if you use them as login provider
- Or, a cryptographically safe salted and hashed password (using
- Your name
- The country of your Internet Service Provider
- Your profile picture, if provided via Google or Microsoft
- An account name that you choose
- Your website domain
3.2 Data we collect automatically
We use our own Field Testing solution. You can read more about this in section 4.
4. End users visiting a website that uses PageVitals Field Testing script
When a browser visits to a website that has the PageVitals Field Testing script installed, the following data is collected:
- The country of the Internet Service Provider
- The operating system
- The browser name
- The device type (desktop, mobile or tablet)
- Anonymous performance data typically available through the
- Technical browser events such as
interaction-to-next-paint, as used by the public web-vitals.js script
- Note that we immediately discard both the IP address and the User-Agent string at the edge, so this information isn't stored by us (unfortunately it's not technically possible to avoid sending this at all).
- No cookies are set (or any other similar browser persistence mechanism).
- No user behavior is monitored, such as mouse or keyboard events.
According to our interpretation of the EU GDPR law, the EU ePrivacy Directive and CCPA, the above doesn't require consent. Even though we very temporarily get access to the end user's IP address before we discard it, this alone isn't enough to constitute PII since we have no lawful means of accessing personal data held by the end user's ISP, and we are not reasonably capable of linking this data to particular consumer or household.
Note that despite the above, it's the responsibility of the PageVitals client to make sure local law is followed.
5. How We Protect Your Information
PageVitals uses a variety of security measures to maintain the safety of your Personal Data. All transmitted data is using Transport Layer Security (TLS) version 1.2 or above. Passwords are salted and hashed using the recommended algorithms. Payment information is sent directly to Stripe and never stored on our platform.
PageVitals will never sell your personal data to anyone. Your personal data is only accessible to PageVitals employees, contractors, and our service providers that require the data in order for our Software to operate.