OptiWolf
Product
A/B testingTest ideas, prove winners PersonalizationRight message, right visitor Popups & lead captureTurn visitors into leads The whole suite →
PricingFree scanCRO Academy
Sign in Start free
Terms of ServicePrivacy PolicyCookies & StorageData Processing AgreementAcceptable Use

OptiWolf Privacy Policy

Effective date: July 2, 2026 · OptiWolf is operated by UniBreeze Kft. (Budapest, Hungary)

OptiWolf is operated by UniBreeze Kft. (1141 Budapest, Paskál utca 48. fszt. 1., Hungary; company reg. no. 01-09-281663; tax no. 25162749-2-42). Contact for anything in this policy: [email protected].

1. Two roles: read the section that applies to you

OptiWolf handles personal data in two distinct roles:

  1. As a controller, for our own operations: visitors to optiwolf.com, users of the free CRO scanner, customer accounts on app.optiwolf.com, billing, and support. Sections 2 to 5 cover this.
  2. As a processor, for data our Snippet processes on our customers' websites. There, the website owner (our customer) is the controller and decides purposes; we process on their instructions under our Data Processing Agreement. Section 6 describes exactly what that processing is.

If you visited a website that uses OptiWolf and want to exercise your privacy rights for data collected there, please contact that website's operator: they control that data. We support them in fulfilling your request, and we forward any request we receive directly to them where we can identify them.

2. Data we collect as a controller

ContextDataPurposeLegal basis
Visiting optiwolf.comServer and edge logs (IP address, user agent, requested URLs), processed transiently for delivery, security, and rate limitingOperate and protect the siteLegitimate interests
Free CRO scannerThe website URL you submit and, if you request the full report, your email addressProduce and email your report; follow-up about OptiWolfConsent / legitimate interests
Creating an accountName, email address, password (stored only as a bcrypt hash), workspace nameProvide the service, authentication, service messagesContract
Billing (paid plans)Billing details and payment status, handled by our payment processor; we do not store card numbersCharge subscriptions, invoicing, tax complianceContract / legal obligation
Support and emailCorrespondence you send to our addressesAnswer you, improve the serviceLegitimate interests

We do not run advertising trackers on our sites and we do not sell personal data. Fonts on optiwolf.com are self-hosted, so no font request leaves our infrastructure. One third-party request does occur and is disclosed for accuracy: the free scanner's page-preview image is currently fetched from WordPress.com mShots (Automattic receives the URL you typed and your IP address). The scanner carries your email between its steps in your browser's sessionStorage only; it never appears in a URL.

3. Retention (controller data)

  • Account data: for the life of the account. To delete your account and its data, contact [email protected]; we complete deletion within 30 days, except data we must keep (for example invoices, per Hungarian accounting law: 8 years).
  • Login sessions: expire after 30 days.
  • Scanner submissions: until the report flow is complete plus a reasonable follow-up window; you can opt out of follow-up at any time.
  • Backups: database backups are retained for up to 35 days, then rotate out.

4. Your rights

Under the GDPR you can request access, rectification, erasure, restriction, portability, and object to processing based on legitimate interests. Write to [email protected]; we respond within one month. You may also lodge a complaint with a supervisory authority. Ours is the Hungarian National Authority for Data Protection and Freedom of Information (NAIH, Budapest, naih.hu).

US state privacy laws (CCPA/CPRA and similar). We do not sell or share personal information as those laws define it, and we do not use it for cross-context behavioral advertising. For data our Snippet processes on customers' sites, we act as a service provider/processor. You can exercise applicable rights via [email protected].

5. Security and where data lives

The service is hosted on infrastructure in Germany (EU), fronted by Cloudflare's edge network. Passwords are stored as bcrypt hashes; transport is encrypted with TLS; database access is parameterized and tenant-scoped; webhooks we send are HMAC-signed. Vendors that process personal data for us are listed in Section 7 and, for our processor role, in the DPA's subprocessor annex. Where a vendor processes data outside the EEA, we rely on adequacy decisions (including the EU-US Data Privacy Framework where certified) and Standard Contractual Clauses.

6. What the Snippet processes on customers' websites (processor role)

When a customer installs OptiWolf on their site, the Snippet processes the following in visitors' browsers and sends the following to our servers:

Transmitted to OptiWolf (pseudonymous event data):

  • a random first-party visitor identifier and session identifier (no cross-site tracking, no advertising IDs, no fingerprinting);
  • experiment exposure and conversion events, including the page URL where they happened;
  • for revenue goals: order value, currency, and an order reference for deduplication;
  • campaign widget events (impression, dismiss, click, submit, teaser interactions);
  • Leads: where a visitor submits a form the customer configured (typically email, optionally name or other fields the customer defined, a consent flag, and the page of submission). Leads are stored for the customer and delivered to endpoints the customer configures.

Never transmitted (stays in the visitor's browser). This is a deliberate design property of OptiWolf, not marketing: the behavioral visitor profile used for targeting (pages visited, session counts, referrer and UTM history) is computed and stored only in the visitor's browser (localStorage), and merge-tag personalization values (for example a first name read from the site's own cookie or URL) are resolved and rendered in the browser and never sent to our servers. OptiWolf keeps no server-side behavioral profile of any visitor. Personalization decisions are made on-device.

Retention of processor data. Leads are kept per each customer's retention setting (by default until the customer deletes them; customers can set an automatic purge window and can delete by email address across campaigns). Event data is kept for the life of the customer's experiments and account. Visitor IP addresses are used transiently (delivery, rate limiting, abuse prevention) and are not stored with event or lead records.

The full processor terms, including data categories, subprocessors, and international transfers, are in the Data Processing Agreement. The browser storage keys the Snippet uses are enumerated in the Cookie and Local Storage Policy.

7. Vendors we share data with (controller role)

VendorWhatWhere
Cloudflare, Inc.DNS, CDN/edge, DDoS protection, email routing for our @optiwolf.com addressesGlobal edge; EU/US, DPF-certified
DigitalOcean, LLCCloud infrastructure hosting the serviceGermany (EU)
Automattic (WordPress.com mShots)Scanner preview screenshotsUS
Payment processor (Stripe)Subscription billing, once paid plans are liveEU/US, SCCs
Transactional email providerService emails (verification, notifications), once live; named here and in the DPA annex before useTo be selected

8. Children

Our sites and service are for businesses and are not directed at children. We do not knowingly collect data from anyone under 16.

9. Changes

We will post updates to this policy at optiwolf.com/privacy with a new effective date, and notify account holders of material changes.

Contact: [email protected] · UniBreeze Kft., 1141 Budapest, Paskál utca 48. fszt. 1., Hungary

OptiWolf

CRO & lead generation, all in one. A/B testing, personalization, and popups for marketers. Convert more, guess less.

Product
A/B testingPersonalizationPopups & lead capturePricingStart free
Resources
Free CRO scanCRO AcademyPlaybooksHow it works
Company
Why OptiWolfPlansSign in
© 2026 OptiWolf · operated by UniBreeze Kft. All rights reserved.Privacy · Terms · Cookies · DPA · Acceptable use