Privacy Policy
Last updated: March 2026
Who We Are
PullPage ("we", "us", "our") is operated by a natural person based in Switzerland.
Email: contact@pull.page
Website: https://pull.page
Web App: https://app.pull.page
This Privacy Policy explains what personal data we collect, how we use it, and what rights you have.
This policy complies with the Swiss Federal Act on Data Protection (revDSG/nDSG), the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), the Brazilian General Data Protection Law (LGPD), the South African Protection of Personal Information Act (POPIA), and other applicable data protection laws.
Data We Collect
2.1 Account Data
When you create an account, our authentication provider Clerk (clerk.com) collects:
• Email address
• Name (if provided)
• Profile data from your login provider (e.g. Google)
Clerk also stores the following encrypted metadata on our behalf:
• Your active plan (Free, One-Time, Freelancer, Agency)
• Number of exports used per month
• Export history (URL, page count, file size, date)
2.2 Payment Data
Payments are processed by Stripe (stripe.com). We never store your credit card or bank details directly. Stripe receives:
• Email address
• Payment method details (credit card, etc.)
• Billing address
2.3 Export Data
When you export a website, we create a ZIP file stored on Cloudflare R2 (cloudflare.com). These files are automatically deleted after 30 days. We store the following metadata:
• The exported URL
• Number of pages and assets
• ZIP file size
• Timestamp of the export
2.4 Analytics Data
We use PostHog (posthog.com) for website analytics. PostHog is configured with cookieless server hash mode (cookieless_mode: "on_reject"). This means:
• If you consent to analytics cookies: PostHog collects usage data linked to a pseudonymous identifier stored in a first-party cookie.
• If you do not consent: PostHog counts visitors using a privacy-preserving server-side hash that cannot be used to identify you. No cookies or local storage are used.
PostHog data is hosted in the European Union (eu.i.posthog.com).
2.5 Support Chat Data
We use Crisp (crisp.chat) to provide live chat support. Crisp is only loaded if you consent to functional cookies. When you use the chat widget, Crisp may collect:
• Messages you send
• Email address (if provided)
• Browser type and operating system
• IP address
2.6 Newsletter Data
If you subscribe to our newsletter, we collect your email address via Formspark (formspark.io). Your email is used solely to send you updates about PullPage. You can unsubscribe at any time by clicking the unsubscribe link in any email or by contacting us.
2.7 Technical Data
When you visit our website, the following data may be automatically collected by our hosting providers:
• IP address (anonymized where possible)
• Date and time of access
• Pages visited
• Browser type and operating system
• Referrer URL
This data is used for technical operations and security and is not linked to your user account.
2.8 Google Fonts
Our website uses fonts provided by Google LLC. When you access our website, your browser may establish a connection to Google servers to load these fonts. This may transmit your IP address to Google. For more information, see Google's Privacy Policy: https://policies.google.com/privacy
How We Use Your Data
We process your data exclusively for the following purposes:
• Providing and operating the PullPage service
• User authentication and account management
• Processing payments and subscriptions
• Enforcing usage limits (export quotas)
• Analyzing website usage to improve our service (with your consent)
• Providing customer support via live chat (with your consent)
• Sending newsletter updates (with your consent)
• Technical troubleshooting and security
• Communication regarding your account
We do not sell, rent, or share your personal data with third parties for their own marketing purposes.
Legal Basis
Switzerland (revDSG/nDSG):
• Contract performance (Art. 31 para. 2 lit. a nDSG)
• Legitimate interests (Art. 31 para. 1 nDSG)
• Consent where given (Art. 31 para. 1 nDSG)
European Union (GDPR):
• Contract performance (Art. 6(1)(b) GDPR)
• Legitimate interests (Art. 6(1)(f) GDPR)
• Consent (Art. 6(1)(a) GDPR) — for analytics cookies and newsletter
California (CCPA/CPRA):
We do not sell or share personal information as defined by the CCPA. California residents have the right to know, delete, and opt out. See Section 8 for details.
Brazil (LGPD):
• Consent (Art. 7, I LGPD) and contract performance (Art. 7, V LGPD)
South Africa (POPIA):
• Consent and legitimate interest (Section 11 POPIA)
Cookies and Similar Technologies
Our website uses cookies and similar technologies. For detailed information about the cookies we use, their purposes, and how to manage them, please refer to our Cookie Policy at: https://pull.page/cookies
You can manage your cookie preferences at any time via the cookie settings on our website.
Third-Party Services
We use the following third-party services that may process your data:
• Clerk (clerk.com) — Authentication — USA — https://clerk.com/legal/privacy
• Stripe (stripe.com) — Payments — USA — https://stripe.com/privacy
• PostHog (posthog.com) — Analytics — EU — https://posthog.com/privacy
• Crisp (crisp.chat) — Support chat — EU — https://crisp.chat/en/privacy/
• Cloudflare R2 (cloudflare.com) — File storage — Global/EU — https://cloudflare.com/privacypolicy/
• Vercel (vercel.com) — Frontend hosting — USA/Global — https://vercel.com/legal/privacy-policy
• Railway (railway.app) — Backend hosting — USA — https://railway.app/legal/privacy
• Formspark (formspark.io) — Newsletter forms — EU — https://formspark.io/legal/privacy-policy/
• Google Fonts (google.com) — Web fonts — USA — https://policies.google.com/privacy
International Data Transfers
Some of our service providers are located outside Switzerland and the European Economic Area (EEA), particularly in the United States. Data transfers to these countries are protected by:
• Standard Contractual Clauses (SCCs) as approved by the European Commission and the Swiss FDPIC
• Adequacy decisions where available
• The EU-US Data Privacy Framework, where applicable
We ensure that all data transfers comply with applicable data protection laws.
Your Rights
Depending on your location, you have the following rights:
All users:
• Access: Request information about the data we hold about you
• Rectification: Request correction of inaccurate data
• Deletion: Request deletion of your data, subject to legal retention obligations
• Data portability: Request your data in a commonly used, machine-readable format
• Objection: Object to the processing of your data
• Withdraw consent: Withdraw previously given consent at any time without affecting the lawfulness of prior processing
EU/EEA residents (GDPR):
All of the above, plus the right to lodge a complaint with your local data protection supervisory authority.
Swiss residents (revDSG/nDSG):
All of the above, plus the right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC): https://www.edoeb.admin.ch
California residents (CCPA/CPRA):
• Right to know what personal information is collected and how it is used
• Right to delete personal information
• Right to opt out of the sale or sharing of personal information (we do not sell or share your data)
• Right to non-discrimination for exercising your rights
To submit a request, contact us at contact@pull.page.
Brazil residents (LGPD):
All rights listed above, plus the right to lodge a complaint with the Brazilian National Data Protection Authority (ANPD).
South Africa residents (POPIA):
All rights listed above, plus the right to lodge a complaint with the Information Regulator of South Africa.
To exercise any of your rights, contact us at: contact@pull.page
We will respond to your request within 30 days (or within the time period required by applicable law).
Data Retention and Deletion
• Account data: Stored as long as your account exists
• Export files (ZIP): Automatically deleted after 30 days
• Export metadata: Automatically deleted after 30 days
• Payment data: Retained by Stripe according to their policies and legal requirements (up to 10 years for accounting records)
• Analytics data: Retained by PostHog for up to 12 months
• Support chat data: Retained by Crisp according to their policies
• Newsletter email: Stored until you unsubscribe
• Server logs: Deleted after a maximum of 90 days
When you delete your account, all personal data under our control is removed unless legal retention obligations apply.
. Data Security
We take appropriate technical and organizational measures to protect your data:
• Encrypted transmission (TLS/HTTPS) for all connections
• Authentication via Clerk with current security standards
• No local storage of payment data
• Automatic deletion of export files after 30 days
• Access restrictions at server and application level
• PostHog analytics data hosted in the EU
• Regular review of security measures
. Children's Privacy
PullPage is not intended for use by children under the age of 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, please contact us at contact@pull.page and we will promptly delete it.
. Changes to This Policy
We may update this Privacy Policy at any time. The current version is always available at: https://pull.page/privacy
The "Last updated" date at the top indicates the most recent revision. For material changes, we will notify registered users by email.
. Contact
For questions or requests regarding this Privacy Policy:
Email: contact@pull.page
Privacy Policy
Last updated: March 2026
Who We Are
PullPage ("we", "us", "our") is operated by a natural person based in Switzerland.
Email: contact@pull.page
Website: https://pull.page
Web App: https://app.pull.page
This Privacy Policy explains what personal data we collect, how we use it, and what rights you have.
This policy complies with the Swiss Federal Act on Data Protection (revDSG/nDSG), the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), the Brazilian General Data Protection Law (LGPD), the South African Protection of Personal Information Act (POPIA), and other applicable data protection laws.
Data We Collect
2.1 Account Data
When you create an account, our authentication provider Clerk (clerk.com) collects:
• Email address
• Name (if provided)
• Profile data from your login provider (e.g. Google)
Clerk also stores the following encrypted metadata on our behalf:
• Your active plan (Free, One-Time, Freelancer, Agency)
• Number of exports used per month
• Export history (URL, page count, file size, date)
2.2 Payment Data
Payments are processed by Stripe (stripe.com). We never store your credit card or bank details directly. Stripe receives:
• Email address
• Payment method details (credit card, etc.)
• Billing address
2.3 Export Data
When you export a website, we create a ZIP file stored on Cloudflare R2 (cloudflare.com). These files are automatically deleted after 30 days. We store the following metadata:
• The exported URL
• Number of pages and assets
• ZIP file size
• Timestamp of the export
2.4 Analytics Data
We use PostHog (posthog.com) for website analytics. PostHog is configured with cookieless server hash mode (cookieless_mode: "on_reject"). This means:
• If you consent to analytics cookies: PostHog collects usage data linked to a pseudonymous identifier stored in a first-party cookie.
• If you do not consent: PostHog counts visitors using a privacy-preserving server-side hash that cannot be used to identify you. No cookies or local storage are used.
PostHog data is hosted in the European Union (eu.i.posthog.com).
2.5 Support Chat Data
We use Crisp (crisp.chat) to provide live chat support. Crisp is only loaded if you consent to functional cookies. When you use the chat widget, Crisp may collect:
• Messages you send
• Email address (if provided)
• Browser type and operating system
• IP address
2.6 Newsletter Data
If you subscribe to our newsletter, we collect your email address via Formspark (formspark.io). Your email is used solely to send you updates about PullPage. You can unsubscribe at any time by clicking the unsubscribe link in any email or by contacting us.
2.7 Technical Data
When you visit our website, the following data may be automatically collected by our hosting providers:
• IP address (anonymized where possible)
• Date and time of access
• Pages visited
• Browser type and operating system
• Referrer URL
This data is used for technical operations and security and is not linked to your user account.
2.8 Google Fonts
Our website uses fonts provided by Google LLC. When you access our website, your browser may establish a connection to Google servers to load these fonts. This may transmit your IP address to Google. For more information, see Google's Privacy Policy: https://policies.google.com/privacy
How We Use Your Data
We process your data exclusively for the following purposes:
• Providing and operating the PullPage service
• User authentication and account management
• Processing payments and subscriptions
• Enforcing usage limits (export quotas)
• Analyzing website usage to improve our service (with your consent)
• Providing customer support via live chat (with your consent)
• Sending newsletter updates (with your consent)
• Technical troubleshooting and security
• Communication regarding your account
We do not sell, rent, or share your personal data with third parties for their own marketing purposes.
Legal Basis
Switzerland (revDSG/nDSG):
• Contract performance (Art. 31 para. 2 lit. a nDSG)
• Legitimate interests (Art. 31 para. 1 nDSG)
• Consent where given (Art. 31 para. 1 nDSG)
European Union (GDPR):
• Contract performance (Art. 6(1)(b) GDPR)
• Legitimate interests (Art. 6(1)(f) GDPR)
• Consent (Art. 6(1)(a) GDPR) — for analytics cookies and newsletter
California (CCPA/CPRA):
We do not sell or share personal information as defined by the CCPA. California residents have the right to know, delete, and opt out. See Section 8 for details.
Brazil (LGPD):
• Consent (Art. 7, I LGPD) and contract performance (Art. 7, V LGPD)
South Africa (POPIA):
• Consent and legitimate interest (Section 11 POPIA)
Cookies and Similar Technologies
Our website uses cookies and similar technologies. For detailed information about the cookies we use, their purposes, and how to manage them, please refer to our Cookie Policy at: https://pull.page/cookies
You can manage your cookie preferences at any time via the cookie settings on our website.
Third-Party Services
We use the following third-party services that may process your data:
• Clerk (clerk.com) — Authentication — USA — https://clerk.com/legal/privacy
• Stripe (stripe.com) — Payments — USA — https://stripe.com/privacy
• PostHog (posthog.com) — Analytics — EU — https://posthog.com/privacy
• Crisp (crisp.chat) — Support chat — EU — https://crisp.chat/en/privacy/
• Cloudflare R2 (cloudflare.com) — File storage — Global/EU — https://cloudflare.com/privacypolicy/
• Vercel (vercel.com) — Frontend hosting — USA/Global — https://vercel.com/legal/privacy-policy
• Railway (railway.app) — Backend hosting — USA — https://railway.app/legal/privacy
• Formspark (formspark.io) — Newsletter forms — EU — https://formspark.io/legal/privacy-policy/
• Google Fonts (google.com) — Web fonts — USA — https://policies.google.com/privacy
International Data Transfers
Some of our service providers are located outside Switzerland and the European Economic Area (EEA), particularly in the United States. Data transfers to these countries are protected by:
• Standard Contractual Clauses (SCCs) as approved by the European Commission and the Swiss FDPIC
• Adequacy decisions where available
• The EU-US Data Privacy Framework, where applicable
We ensure that all data transfers comply with applicable data protection laws.
Your Rights
Depending on your location, you have the following rights:
All users:
• Access: Request information about the data we hold about you
• Rectification: Request correction of inaccurate data
• Deletion: Request deletion of your data, subject to legal retention obligations
• Data portability: Request your data in a commonly used, machine-readable format
• Objection: Object to the processing of your data
• Withdraw consent: Withdraw previously given consent at any time without affecting the lawfulness of prior processing
EU/EEA residents (GDPR):
All of the above, plus the right to lodge a complaint with your local data protection supervisory authority.
Swiss residents (revDSG/nDSG):
All of the above, plus the right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC): https://www.edoeb.admin.ch
California residents (CCPA/CPRA):
• Right to know what personal information is collected and how it is used
• Right to delete personal information
• Right to opt out of the sale or sharing of personal information (we do not sell or share your data)
• Right to non-discrimination for exercising your rights
To submit a request, contact us at contact@pull.page.
Brazil residents (LGPD):
All rights listed above, plus the right to lodge a complaint with the Brazilian National Data Protection Authority (ANPD).
South Africa residents (POPIA):
All rights listed above, plus the right to lodge a complaint with the Information Regulator of South Africa.
To exercise any of your rights, contact us at: contact@pull.page
We will respond to your request within 30 days (or within the time period required by applicable law).
Data Retention and Deletion
• Account data: Stored as long as your account exists
• Export files (ZIP): Automatically deleted after 30 days
• Export metadata: Automatically deleted after 30 days
• Payment data: Retained by Stripe according to their policies and legal requirements (up to 10 years for accounting records)
• Analytics data: Retained by PostHog for up to 12 months
• Support chat data: Retained by Crisp according to their policies
• Newsletter email: Stored until you unsubscribe
• Server logs: Deleted after a maximum of 90 days
When you delete your account, all personal data under our control is removed unless legal retention obligations apply.
. Data Security
We take appropriate technical and organizational measures to protect your data:
• Encrypted transmission (TLS/HTTPS) for all connections
• Authentication via Clerk with current security standards
• No local storage of payment data
• Automatic deletion of export files after 30 days
• Access restrictions at server and application level
• PostHog analytics data hosted in the EU
• Regular review of security measures
. Children's Privacy
PullPage is not intended for use by children under the age of 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, please contact us at contact@pull.page and we will promptly delete it.
. Changes to This Policy
We may update this Privacy Policy at any time. The current version is always available at: https://pull.page/privacy
The "Last updated" date at the top indicates the most recent revision. For material changes, we will notify registered users by email.
. Contact
For questions or requests regarding this Privacy Policy:
Email: contact@pull.page