Privacy Notice
At Growthbook, Inc. (“we”, “us”, “our”, or “GrowthBook”) we take your privacy very seriously. Please read this privacy notice carefully as it contains important information on how and why we collect, store, use, and share your personal information. It also explains your rights in relation to your personal information.
By using the www.growthbook.io website (“Site”) and any related services and/or features (together with the Site, the “Service”) you acknowledge that you accept the practices and policies outlined in this Privacy Notice. If you have any questions or comments about this Privacy Notice or our use of your data, please contact us at privacy@growthbook.io.
When our customers use the GrowthBook Services on their own websites and products, they remain responsible for their own privacy and security practices, which may differ from ours.
1. Personal Information We Collect About You.
We may collect and use the following personal information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household:
• User Account Data: We collect name, email address, IP address, and job title when creating user accounts.
• Additional Data You Provide: additional personal data may be collected through use of the Services, customer support, feedback that you provide, interacting with forms on our website and responses to surveys, questionnaires and submitting support tickets.
• Personal Data Provided by Others: we receive information about you and your company collected from third party or public sources or that we receive from companies that partner with us to provide products and services. This may include information from our advertising and market research partners, who may provide us with information about your interest in and engagement with our online advertisements.
• Transaction and Payment information: We may collect information and details associated with your purchases, including payment-related information collected by our third-party payment processors on our behalf. We do not directly collect or store any payment card information but may receive billing address, tax id numbers, or other non-sensitive information associated with your payment card from our third-party processors.
• Automatically Collected Data: Whenever you interact with the Service, we automatically receive and store certain types of information, including information that your browser automatically sends. Such information may include information such as your web request, Internet Protocol (“IP”) address, device identifiers, location information, device information (such as OS type or browser type), cookie IDs, referring / exit pages and URLs, interaction information (such as clickstream data), domain names, pages viewed, crash data, and other similar technical data. We also collect usage, viewing, logs, metrics and other device and technical data collected when you visit our Sites, use the GrowthBook Service as an end user, or open or reply to emails we send.
• We may also collect non-personally identifiable information. We may use both personal information and non-personally identifiable information to create aggregate information to improve and enhance our Services.
2. How Your Personal Information is Collected.
We collect this personal information directly from users through our website and email. However, we may also collect information automatically in the following ways:
• Cookies and similar technologies: like many online services, we use cookies on our website, which automatically collect certain types of usage and device information when you use our Services, including IP address, browser type, Internet service provider, platform type, device type, operating system, date and time stamp, a unique device or account ID, usage information and other similar information; and
• Via our Services: We collect information about user activity on our Services, including actions (like logging in, logging out, time on site, pages or features accessed, time and date of access, and other similar usage information). We use this information to provide, improve, and promote our Services. Additionally, if you are using the Managed Warehouse/ClickHouse service, the collection of data will include (i) default properties (e.g., IP address, device and browser type, location and session identifiers and (ii) custom properties as solely determined by you/the customer. Custom data may not include any sensitive personal information or personally identifiable information unless such information is appropriately de-identified in accordance with applicable laws and industry standards prior to transmission to GrowthBook.
3. Why Your Personal Information is Collected.
The collection of personal information is required for us to provide the GrowthBook Service. If you do not provide your personal information, it may delay or prevent us from providing the Services to you. The personal information we collect from our users, which may include your personal information, is necessary for us to provide our Services to the user. More information on our Services can be found on our Site at https://www.growthbook.io. We also collect some personal information for operational reasons such as user authentication, maintaining and improving our Services, training, quality control and legal compliance.
4. Promotional Communications.
We may use your personal information to send you updates (by email) about our Services, including exclusive offers, promotions or new products or Services.
We have a legitimate interest in processing your personal information for promotional purposes (see above “Why Your Personal Information is Collected”). This means we do not usually need your consent to send you promotional communications. However, where consent is needed, we will ask for this consent separately and clearly.
We will always treat your personal information with the utmost respect and we do not sell or share your personal information with other organizations for marketing purposes (see below “Who We Share Your Personal Information With”).
You have the right to opt out of receiving promotional communications at any time by:
• Contacting us at support@growthbook.io;
• Updating your preferences in the account settings page; or,
• Using the “unsubscribe” link in emails or “STOP” number in texts, if applicable.
We may ask you to confirm or update your marketing preferences if you instruct us to provide further products or services in the future, or if there are changes in the law, regulation, or the structure of our business.
5. Who We Share Your Personal Information With.
We routinely share personal information with:
• Service providers we use to help deliver our services to you such as payment service providers, and third parties providing business related functions;
• Other third parties we use to help us run our business, such as data centers or website hosts which may store the information we collect on our behalf;
• Third parties and connected services you choose to utilize as part of the service;
We only allow our service providers to handle your personal information if we are satisfied they take appropriate measures to protect your personal information. We also impose contractual obligations on service providers relating to ensure they can only use your personal information to provide services to us and to you.
We may also share personal information with external auditors, law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.
We may also need to share some personal information with other parties, such as during a business merger or re-structuring. We will typically anonymize information, but this may not always be possible. The recipient of the information will be bound by confidentiality obligations.
Other than as disclosed in this notice, we will not share your personal information with any other third party.
We do not exchange personal information collected from your use of the Service for money. Some applicable privacy laws, including the California Consumer Privacy Act as amended by the California Privacy Rights Act, define “sale” and “sharing” of personal information more broadly to include certain disclosures to third parties for other forms of valuable consideration, including for cross-context behavioral advertising. Where any of our data-handling activities meet that broader definition, we treat them as a “sale” or “sharing” for purposes of the applicable law and provide the corresponding rights and opt-out mechanisms described in the “Your State Privacy Rights” section below.
6. Where Your Personal Information is Held.
Information is held at our third-party service providers located in the United States as described above. By using our Services, you consent to your personal information being transferred to and processed in the United States (see above: “Who We Share Your Personal Information With”).
7. How Long Your Personal Information Will Be Kept.
We will keep your personal information while you have an account with us or while we are providing services to you. Thereafter, we will keep your personal information for as long as is necessary:
• To respond to any questions, complaints or claims made by you or on your behalf;
• To show that we treated you fairly; or
• To keep records required by law.
We will not retain your personal information for longer than necessary for the purposes set out in this notice. Different retention periods apply for different types of personal information. When it is no longer necessary to retain your personal information, we will delete or anonymize it.
8. Browser Extensions (GrowthBook Visual Editor, DevTools).
This section describes how the GrowthBook Visual Editor browser extension, and the DevTools extension handles your information.
The Visual Editor is an optional tool you install from the Chrome Web Store to create A/B test variations visually on your own websites using a what-you-see-is-what-you-get editor. The first time you use the extension, you click “Connect,” which opens GrowthBook in a new tab; once you sign in, GrowthBook generates a Personal Access Token (“PAT”) on your behalf and the PAT is stored in the extension so that it can call the GrowthBook API on your behalf to create draft experiments from the visual changes you make. The Visual Editor also includes AI-assisted features, hosted by GrowthBook, that can render variation changes for you in response to natural-language prompts. The practices described below apply only when you install and use the extension; they are in addition to the practices described elsewhere in this notice, which continue to apply to the underlying GrowthBook Services.
Information stored locally on your device. The extension uses your browser’s built-in chrome.storage.sync to store a small set of items so that it can function; if you have Chrome Sync enabled, these items may also be synchronized to Google’s servers under your Google account. The stored items fall into the following categories: the API host URL of the GrowthBook instance the extension is connected to (for example, the GrowthBook Cloud API host or a self-hosted URL you specify); the PAT issued to you by GrowthBook; your interface preferences (such as theme and language); and a short-lived cache of AI-suggestion responses associated with the experiment you are editing.
Information sent to GrowthBook when you use AI-assisted features. When you actively use an AI-assisted feature of the extension, the extension transmits the following to the GrowthBook back-end at the API host you have configured: the AI prompt text you write or select; a structured digest of the page’s Document Object Model (“DOM”), consisting of element selectors, HTML tag names, short text snippets, and a limited set of element attributes (such as id, name, and aria-label) sufficient for the AI to reason about the page — and expressly excluding the contents of form fields, scripts, stylesheets, and the full page HTML; optionally, a reference image, if you have chosen to provide one as context for an AI image-generation flow; the active tab URL at the moment you create a new experiment, so that it can be recorded as the experiment’s editor URL; and standard request metadata, including the PAT in the Authorization header and the organization ID derived from that PAT. Information transmitted to GrowthBook through the extension is retained on the same basis as your other GrowthBook account data, as described in the “How Long Your Personal Information Will Be Kept” section above.
AI sub-processors. The extension does not call any third-party AI service directly. When you use an AI-assisted feature, the GrowthBook back-end forwards your prompt and the DOM digest to a third-party AI provider — currently Anthropic, Google, OpenAI, or xAI — configured by your organization in GrowthBook’s AI settings. The choice of provider is controlled by your organization’s administrator, and the extension itself has no visibility into which provider processes a given request. Once data leaves the GrowthBook back-end, the receiving provider’s own privacy and data-retention practices apply to that data.
The DevTools Extension also uses a PAT, which is added manually or automatically on launch, and stored in the same manner as the Visual Editor extension. The DevTools extension reads and caches information about your GrowthBook setup (feature flags, experiments, attributes, and architypes).
Things we do not do through the extensions. We do not collect your browsing history (other than the active tab URL described above when you create a new experiment), the contents of form fields on pages you visit, your saved credentials, your cookies, your localStorage contents from the pages you visit, or telemetry, analytics, or user-activity tracking about your use of the extension. The extension does not execute JavaScript or modify the DOM of any page you visit until you explicitly open the side panel and take an action.
Your choices. You can revoke the extension’s access at any time by deleting the PAT from your GrowthBook account settings, or by uninstalling the extension (which removes all locally stored items from your device). You can also disconnect the extension without uninstalling by opening the gear menu in the side panel and selecting “Disconnect,” which removes the stored PAT but keeps the API host so reconnecting is one click away. AI-assisted features can be disabled at the organization level through GrowthBook’s AI settings, in which case the prompt and DOM-digest data described above will not be sent.
9. Your State Privacy Rights.
California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia provide (now or in the future) their state residents with rights to:
• Confirm whether we process the personal information.
• Access and delete certain personal information.
• Correct inaccuracies in their personal information, taking into account the information’s nature processing purpose (excluding Iowa and Utah).
• Data portability.
• Opt-out of personal data processing for:
◦ targeted advertising (excluding Iowa);
◦ sales; or
◦ profiling in furtherance of decisions that produce legal or similarly significant effects (excluding Iowa and Utah).
• Either limit (opt-out of) or require consent to process sensitive personal data.
The exact scope of these rights may vary by state. To exercise any of these rights please privacy@growthbook.io. To appeal a decision regarding a consumer rights request please contact privacy@growthbook.io. Nevada provides its residents with a limited right to opt-out of certain personal information sales. Residents who wish to exercise this sale opt-out rights may submit a request to this designated address: privacy@growthbook.io. However, please know we do not currently sell data triggering that statute’s opt-out requirements.
10. Keeping Your Personal Information Secure.
We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorized way. We limit access to your personal information to those who have a genuine business need to access it. Those processing your information will do so only in an authorized manner and are subject to a duty of confidentiality. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
11. More Information and How to Exercise Your Rights.
If you would like more information on our privacy policies or wish to exercise any of your rights as described in this Privacy Notice, please:
Email us at privacy@growthbook.io.
12. Changes to This Privacy Notice.
This privacy notice was published and last updated on the date set forth above. We may change or update this privacy notice from time to time by posting the new notice on our website. We may additionally provide notice through the service or by email that the notice has been updated, however, you should regularly review this Privacy Notice to stay informed of our policies and practices.
13. “Do Not Track.”
Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers at this time.
14. Contacting Us.
If you have any questions about this Privacy Notice or our privacy practices, please contact us at privacy@growthbook.io, or send mail to: GrowthBook, Inc., 1950 W Corporate Way # 34560, Anaheim, CA 92801.