Privacy policy.
Last updated · May 5, 2026
Eyepup is a website analytics tool. There are two kinds of people whose data flows through it: our customers (the developers and teams who sign up at eyepup.com), and their visitors (the people who land on websites that have installed the Eyepup tracker). This policy covers both.
Plain English summary: we record visitor sessions on customer websites so an AI can summarize what blocked them from converting. We do not sell data. We do not run advertising. We use industry- standard subprocessors (Vercel, Supabase, Hetzner, OpenRouter, PostHog OSS) and we list every one of them below.
1. Data we collect from our customers
When you sign up at eyepup.com we collect:
- Email address and a password hash (handled by Supabase Auth)
- Team name, billing plan, and usage counters
- Site domains you connect to Eyepup
- API tokens you mint (
epk_live_*) — stored hashed - Server logs (timestamps, IP, request paths) for security and debugging
We use this data to operate your account, enforce plan limits, send transactional email (signup confirmations, password resets, weekly digests if you opted in), and respond to support requests. We do not use it for advertising.
2. Data we process about your visitors
When you install the Eyepup tracker (/t/<key>.js) on your website, our script collects, on every visit:
- An anonymous distinct ID stored in localStorage (no third-party cookies)
- Page URLs, referrer, click and scroll events
- An rrweb session recording — a virtual DOM playback of the page (no screen capture, no audio)
- Browser, device, and approximate geolocation derived from IP at the edge (we do not store the raw IP alongside the session)
- UTM parameters and campaign identifiers if present in the URL
For this data, you (the customer) are the data controller and Eyepup is the data processor. You are responsible for telling your visitors what you record and obtaining any consent your jurisdiction requires (cookie banner, GDPR/CCPA notice, etc.). We do not show our own banner on your site.
The rrweb library masks input fields by default so that text typed into <input> /<textarea> elements never leaves the browser. You can also annotate any element with data-eyepup-mask to redact it.
3. How AI processing works
Eyepup's distinguishing feature is that an AI watches the rrweb recording (rendered to MP4) and writes a one-paragraph dossier explaining what blocked the visitor from converting. We send the rendered video and structured event metadata to large language models routed through OpenRouter (currently Google Gemini 2.5 Flash for video, DeepSeek v4 Pro for text reasoning).
OpenRouter and the underlying model providers operate under zero-data-retention agreements: the video and prompts are not retained for training and are deleted after the request completes. The dossier text is stored in our database and made available to you (and only you) via the dashboard, CLI, and MCP server.
4. Subprocessors
We use the following companies to operate Eyepup:
- Vercel (Delaware, USA) — hosts the eyepup.com web application and serverless functions
- Supabase (Delaware, USA) — Postgres database for account/team metadata and authentication
- Hetzner Cloud (Germany / USA) — hosts the analytics agent, PostHog OSS event ingestion, and rrweb-to-MP4 render worker
- Backblaze B2 (eu-central-003) — encrypted database backups
- OpenRouter (USA) — LLM routing layer; routes to Google, Anthropic, OpenAI, DeepSeek depending on tier
- npm / GitHub (USA) — distribution of the
eyepup-mcppackage and source code - Resend (USA) — transactional email delivery
We will update this list when we change subprocessors. Material changes are announced on this page.
5. Cookies
On eyepup.com (our marketing and dashboard) we set:
sb-<ref>-auth-token— Supabase session cookie (essential, set on login)- No analytics, advertising, or third-party tracking cookies
On customer websites, the Eyepup tracker stores a random distinct ID in localStorage (not a cookie). Whether your visitors need to consent to this depends on your jurisdiction.
6. Retention
- Account data: kept while your account is active. Deleted within 30 days of account closure.
- Visitor session events and recordings: 90 days by default. Customers on higher plans can extend.
- AI-generated dossiers: kept as long as the underlying session is retained.
- Server logs: 30 days.
- Encrypted backups: 90 days rolling.
7. Your rights (GDPR, CCPA, and equivalents)
If you are an Eyepup customer, you can access, export, correct, or delete your account data at any time from your settings or by emailing privacy@eyepup.com.
If you are a visitor of a website that uses Eyepup and you want your data removed, the customer (the website you visited) is the data controller. Contact them first; they can delete you via the Eyepup excluded_distinct_ids mechanism. If you cannot reach them, email us at privacy@eyepup.com and we will assist.
We will respond to verified requests within 30 days.
8. Security
All data is encrypted in transit (TLS) and at rest. API tokens are stored as hashes. Database backups are encrypted with BorgBackup before leaving the production environment. We use two-factor authentication on every administrative system. We do not have a SOC 2 attestation today; we will publish one when we do.
9. Children
Eyepup is not directed at children under 16. We do not knowingly collect data from children. If you believe a child has used Eyepup, contact privacy@eyepup.com and we will delete the data.
10. Changes to this policy
We will post material changes on this page and update the “Last updated” date. If a change materially affects how we process customer data, we will email account owners at least 14 days before it takes effect.
11. Contact
- Privacy questions / data requests: privacy@eyepup.com
- Security disclosures: security@eyepup.com
- General: hello@eyepup.com