Last updated: March 12, 2026
Discoveo ("we", "our", or "us") operates a SaaS platform that helps marketing teams and CRO specialists analyze conversion funnels and user behavior. This Privacy Policy explains how we collect, use, and protect information when you use our service.
By using Discoveo, you agree to the collection and use of information in accordance with this policy.
We collect the following categories of data:
Name, email address, and authentication credentials provided when you sign up via our identity provider.
With your explicit authorization via OAuth, we access your GA4 property to retrieve funnel events, page paths, session counts, device/browser/country breakdowns, and conversion data. This data is stored on your behalf to power analytics features.
CSV files you upload containing user survey responses. These may include open-ended comments, ratings, and associated metadata (date, country, device, URL). We generate vector embeddings from text comments to enable semantic search.
Standard server logs including IP addresses, browser type, pages visited, and timestamps. Used for security, debugging, and service improvement.
We do not sell your data to third parties. We do not use your data to train AI models beyond the scope of your own analysis requests.
Discoveo uses Google OAuth 2.0 to connect to your Google Analytics 4 account. When you authorize access, we request read-only scopes limited to analytics data. OAuth tokens are stored securely in our database and are used solely to retrieve your analytics data on your behalf.
You can revoke this access at any time from your Google account settings at myaccount.google.com/permissions, or by using the disconnect option within Discoveo.
Your data is stored in PostgreSQL (for structured and vector data) and DuckDB (for analytical event data), both hosted in a secure cloud environment. Data is encrypted in transit via TLS and at rest.
We implement access controls, authentication via industry-standard OIDC/PKCE flows, and regular security practices to protect your data. No system can guarantee 100% security, and we encourage you to use strong credentials.
We retain your data for as long as your account is active. AI-generated feedback analyses are cached for 24 hours. You may request deletion of your account and all associated data at any time by contacting us.
We use the following third-party services to operate Discoveo:
Used to retrieve your GA4 data on your behalf. Governed by Google's Privacy Policy.
Used to generate AI-powered CRO reports and feedback analyses. Your analytics and survey data is sent to this service to produce insights.
Used for user authentication and identity management. Handles login, session tokens, and user profiles.
Each third-party service is governed by its own privacy policy. We share only the minimum data required for each service to function.
Depending on your location, you may have the following rights regarding your personal data:
To exercise any of these rights, contact us at the address in section 11.
Discoveo uses session cookies strictly necessary for authentication and security. We do not use advertising or third-party tracking cookies.
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Continued use of Discoveo after changes constitutes your acceptance of the updated policy.
If you have questions about this Privacy Policy or your data, please reach out: