Back to Home

Privacy Policy

Last updated: March 10, 2026

1. Introduction

PricingFast Inc. ("Company", "we", "our", or "us") operates PricingFast (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our Service.

This policy applies to two categories of individuals:

  • Platform Users — businesses and individuals who sign in to PricingFast via Stripe OAuth to create and manage pricing experiments
  • End-Customers — visitors to Platform Users' websites who interact with the PricingFast SDK as part of pricing experiments

PricingFast acts as a data controller for Platform User data, and as a data processor for End-Customer data (processing it on behalf of Platform Users).

By using the Service, you consent to the data practices described in this policy. If you do not agree with this policy, please do not use the Service.

2. Information We Collect

2.1 Platform User Information

When you connect your Stripe account via OAuth, we collect:

  • Stripe account ID and user ID
  • Business name (from your Stripe account)
  • Email address
  • Stripe OAuth access and refresh tokens (stored encrypted)
  • Subscription and billing status (via Stripe)

2.2 End-Customer Data

Through the PricingFast SDK installed on Platform Users' websites, we collect the following End-Customer data:

  • Visitor ID (pf_vid — a randomly generated UUID, not personally identifiable on its own)
  • Experiment variant assignments
  • Conversion events
  • Stripe customer IDs (when a conversion occurs)
  • Revenue amounts (from Stripe transactions)

We do NOT collect end-customer names, email addresses, or payment card details via the SDK. End-Customer data is processed solely for the purpose of experiment analytics.

2.3 Usage and Analytics Data

We automatically collect certain information when Platform Users use the Service:

  • PostHog — product analytics events including feature usage, interactions, and funnel tracking
  • Vercel Analytics — page views, web vitals, and performance metrics

2.4 Cookies and Tracking Technologies

We use the following cookies:

  • iron-session — Platform User authentication session cookie (essential)
  • stripe_oauth_state — CSRF protection during Stripe OAuth flow (5-minute expiry)
  • pf_vid — End-Customer visitor ID set by the PricingFast SDK (30-day expiry)
  • __ph_* cookies — PostHog product analytics cookies

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Provide and maintain the Service: Process transactions, create and manage your account, deliver features
  • Experiment analytics: Process End-Customer data to calculate experiment results, statistical significance, and revenue impact
  • Stripe product/price management: Read and write products and prices in your connected Stripe account as part of experiment execution
  • Improve and optimize: Analyze usage patterns, identify bugs, develop new features
  • Communicate with you: Send transactional updates, respond to inquiries, provide customer support
  • Security and fraud prevention: Detect and prevent unauthorized access, abuse, or fraudulent activity
  • Legal compliance: Comply with legal obligations, enforce our terms, protect our rights

4. How We Share Your Information

We may share your information in the following circumstances:

4.1 Service Providers

We share information with the following third-party services:

  • Stripe — billing, payment processing, and connected account management
  • Supabase — database hosting and backend infrastructure
  • Vercel — application hosting and deployment
  • PostHog — product analytics

4.2 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have.

4.3 Legal Requirements

We may disclose your information if required by law, subpoena, or other legal process, or if we believe disclosure is necessary to:

  • Comply with legal obligations
  • Protect our rights, property, or safety
  • Prevent fraud or abuse
  • Protect the security of the Service

4.4 With Your Consent

We may share your information for other purposes with your explicit consent or at your direction.

5. Data Processing for End-Customers

PricingFast processes End-Customer data as a data processor on behalf of Platform Users (the data controllers). Key points:

  • Sub-processors: End-Customer data is stored in Supabase (database) and served via Vercel (hosting)
  • Retention: End-Customer data is retained for the duration of the associated experiment plus 90 days after experiment deletion
  • Platform User responsibility: Platform Users are responsible for maintaining their own privacy policies that disclose the use of PricingFast and the pf_vid cookie
  • No sale: We do not sell End-Customer data to third parties
  • No marketing use: We do not use End-Customer data for our own marketing or advertising purposes

A Data Processing Agreement (DPA) is available upon request at support@pricingfa.st.

6. Data Retention

We retain data according to the following schedule:

  • Platform User account data: Retained while your account is active, deleted or anonymized within 90 days of account deletion
  • Experiment data: Retained while the experiment is active, plus 90 days after deletion
  • End-Customer data: Retained for the duration of associated experiments plus 90 days
  • Stripe OAuth tokens: Deleted immediately upon revocation or account termination

We may retain anonymized or aggregated data indefinitely for analytics, research, and improvement of the Service.

7. Data Security

We implement appropriate technical and organizational security measures to protect your information from unauthorized access, disclosure, alteration, or destruction:

  • Encryption of data in transit (SSL/TLS) and at rest
  • Encrypted storage of Stripe OAuth tokens
  • Access controls and authentication mechanisms
  • Incident response procedures

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

8. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information:

8.1 Access and Portability

You have the right to access and receive a copy of your personal information in a structured, machine-readable format.

8.2 Correction

You can update or correct your personal information through your account settings or by contacting us.

8.3 Deletion

You have the right to request deletion of your personal information, subject to certain legal exceptions.

8.4 Opt-Out of Marketing

You can unsubscribe from marketing emails by clicking the "unsubscribe" link in any email or updating your communication preferences.

8.5 Cookie Preferences

You can manage cookie preferences through your browser settings. However, disabling certain cookies may affect Service functionality.

To exercise any of these rights, please contact us at support@pricingfa.st. We will respond to your request within 30 days.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your own. Our service providers operate infrastructure in the following regions:

  • Supabase — database hosted in the United States
  • Vercel — edge network with global points of presence
  • PostHog — United States
  • Stripe — United States with global infrastructure

When we transfer your information internationally, we take appropriate safeguards to ensure your data is protected in accordance with this Privacy Policy and applicable laws.

10. Children's Privacy

Our Service is not intended for children under the age of 18. We do not knowingly collect personal information from children under 18.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us. We will take steps to delete such information from our systems.

If we learn that we have collected personal information from a child under 18 without parental consent, we will delete that information as quickly as possible.

11. Third-Party Links and Services

The Service may contain links to third-party websites, applications, or services. We are not responsible for the privacy practices of these third parties.

We encourage you to review the privacy policies of any third-party services before providing them with your personal information.

This Privacy Policy does not apply to information collected by third-party websites or services linked from our Service.

12. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information we collect, use, and share
  • Right to delete your personal information
  • Right to opt-out of the sale of your personal information
  • Right to non-discrimination for exercising your privacy rights

We do not sell your personal information to third parties. To exercise your CCPA rights, please contact us at support@pricingfa.st.

13. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent at any time (where processing is based on consent)
  • Right to lodge a complaint with a supervisory authority

Our legal bases for processing:

  • Contract: Processing Platform User data is necessary to perform our contract with you
  • Legitimate interest: Product analytics via PostHog and Vercel Analytics to improve the Service
  • Platform User instructions: End-Customer data is processed on behalf of Platform Users as data processor

A Data Processing Agreement (DPA) is available upon request at support@pricingfa.st. To exercise your GDPR rights, please contact us at support@pricingfa.st.

14. Do Not Track Signals

Some browsers have a "Do Not Track" feature that lets you tell websites you do not want your online activities tracked. We currently do not respond to Do Not Track signals. However, you can manage cookies and tracking technologies through your browser settings.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons.

We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We may also notify you via email or through the Service.

Your continued use of the Service after any changes indicates your acceptance of the updated Privacy Policy. We encourage you to review this policy periodically.

16. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We are committed to resolving privacy concerns in a timely and transparent manner.