Smart CRO AgentSmart CRO Agent
Data Protection

GDPR & Privacy.

We are committed to protecting your personal data and your rights under EU/UK data protection law.

1. Who We Are

Smart CRO Agent ("we", "us", "our") is the data controller for personal data collected through this website. If you have questions, contact us via our .

2. What Data We Collect

  • Account data: email address, display name, and hashed password when you register.
  • Usage data: URLs you submit for analysis, audit results, and timestamps of actions.
  • Technical data: IP address, browser type, and device information for security and rate-limiting purposes.
  • Authentication tokens: a short-lived access token stored in browser memory and a refresh token stored in an httpOnly cookie.

3. How We Use Your Data

  • To provide and improve the audit service.
  • To authenticate you and keep your session secure.
  • To send transactional emails (password resets, account notices).
  • To comply with legal obligations.

We do not sell your personal data or use it for third-party advertising.

4. Legal Basis for Processing

We process your data under the following legal bases (GDPR Art. 6):

  • Contract performance — to provide the service you signed up for.
  • Legitimate interests — for fraud prevention, security logging, and service improvement.
  • Consent — for non-essential cookies (you may withdraw consent at any time).

5. Cookies

We use the following cookies:

  • refresh_token (httpOnly, Secure) — essential session cookie. 7-day expiry. Cannot be accessed by JavaScript.
  • cookie_consent (localStorage) — stores your cookie preference. Not a cookie, stored locally.

We do not use advertising or tracking cookies.

6. Your Rights

Under GDPR you have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate data (via your Profile page).
  • Erase your data ("right to be forgotten") — contact us to request deletion.
  • Restrict or object to processing.
  • Data portability — request an export of your audit history.
  • Withdraw consent at any time without affecting lawfulness of prior processing.

To exercise any right, please . We will respond within 30 days.

7. Data Retention

We retain account data for as long as your account is active. Audit results are stored for 12 months by default. You can delete individual audits or your entire account at any time.

8. Third-Party Services

  • Google OAuth — optional login via Google. Subject to Google's Privacy Policy.
  • Google Gemini API — page content is sent to Gemini for AI analysis. No personally identifiable data is included in analysis requests.

9. Changes to This Policy

We may update this policy. Material changes will be communicated via email or a notice on this page. Last updated: April 2026.

Questions about your data?