Product policy
Privacy
This page explains what cro.doctor needs to create a report, which outside services help process it, and how to request deletion.
Effective
The short version
cro.doctor analyzes publicly accessible SaaS marketing pages. When you submit a URL, we crawl public pages, create an automated report, and store that report so it can remain available through its link. Public page content and screenshots may be processed by OpenAI and the configured remote-browser provider. We do not ask for website passwords and you should not submit private, authenticated, or confidential URLs.
Information we process
- The public website URL you submit and public content available from pages we inspect.
- Page screenshots, headings, visible copy, links, pricing information, and other observable marketing-site signals.
- Optional context you provide, such as traffic range, conversion goal, or competitor domains.
- The generated diagnosis, findings, rewrites, scores, and report metadata.
- Basic technical information needed to operate and secure the service, such as timestamps, errors, and request/network information.
- If you purchase a report, payment status, Paddle transaction and customer identifiers, and contact or billing details supplied through checkout. Paddle acts as merchant of record and processes raw card details; cro.doctor does not.
- Messages you send to hello@cro.doctor.
How we use it
- To retrieve and analyze the public pages you asked us to audit.
- To generate, display, unlock, and support your report.
- To process a one-time payment and prevent duplicate or fraudulent fulfillment.
- To diagnose failures, control abuse, monitor cost, and improve report quality.
- To respond to support, refund, privacy, and deletion requests.
We do not use the submitted URL as permission to access a private dashboard, bypass authentication, or interact with non-public customer data.
Service providers
The service depends on specialist providers that process data for us:
- OpenAI processes page excerpts, structured signals, prompts, model outputs, and screenshots used for automated analysis.
- Browserbase provides the current remote browser infrastructure. cro.doctor configures its session video recording and session logging features off; Browserbase still processes the connection and usage metadata needed to operate each browser session.
- Steel may provide alternate remote browser infrastructure, proxying, and bot-protection handling when configured.
- Paddle acts as merchant of record and processes checkout, payment, tax, fraud-prevention, and receipt information for paid reports.
- Hosting, database, logging, and security providers process the limited technical data needed to operate the service.
Provider locations can mean information is processed outside your country. The exact production provider list may change as infrastructure changes; this page should be updated when material processors change.
Report links are bearer links
A report link works like a key. Anyone who receives a valid link can view the report access attached to it, including paid content when the link carries paid access. Share it only with people you trust. If a link is exposed, contact us so we can delete the report; link rotation may not always be available.
Browser storage and cookies
cro.doctor does not currently use advertising or behavioral-analytics cookies. Paddle and infrastructure providers may use storage or necessary cookies to secure checkout and operate the service. We will update this notice and obtain any required consent before adding nonessential tracking.
Retention and deletion
Reports and their submitted context are retained while they remain available through the report link. This is not a promise of permanent storage, and you should download anything you need to keep. Payment and transaction records may be retained for accounting, fraud prevention, dispute handling, and legal obligations.
To request deletion of a report or associated personal information, email hello@cro.doctor with the report link and enough information to verify the request. We will remove data we control unless retention is required for a legitimate legal, security, or payment-record purpose.
Your choices
Depending on where you live, you may have rights to request access, correction, deletion, restriction, portability, or objection, and to complain to a data-protection authority. These rights are not absolute and depend on applicable law. Contact us at hello@cro.doctor.
Security and limitations
We use reasonable technical and organizational measures appropriate to a small web service, but no internet transmission or storage system is perfectly secure. Do not submit credentials, private URLs, personal customer data, trade secrets, or material you are not authorized to process.
Children
cro.doctor is a business website-analysis service and is not directed to children. Do not use the service if you are not old enough to enter a contract where you live.
Changes and contact
We may update this notice when the product or its providers change. The effective date above will change when we make a material revision. Questions and privacy requests can be sent to hello@cro.doctor.