growth

Security & your data

Plain answers to the questions you should ask any analytics vendor — especially a small one.

What we collect

The snippet auto-captures pageviews, clicks, form submits and errors from your site, plus events you track explicitly. Events carry an anonymous or your-app-provided user id — we never see your users’ passwords or payment details. Everything is scoped to your project and never shared or sold.

Where it flows

your site → api.growth-loop.dev → ClickHouse (events)
chat question → your metrics summary → OpenRouter LLM → cited answer

Prefer your own LLM key? Paste it in Settings → AI — then chat traffic runs on your OpenRouter account, not our shared key.

Subprocessors

ServiceRoleSees
Fly.io (US)API + analysis workersevent ingest, AI analysis
Vercel (US)web app hostingpages you see; no event data stored
Neon (US)Postgresaccounts, projects, hashed API keys
ClickHouse Cloud (EU-DE)events databaseyour product’s events
Tigris (Fly, US)object storagerendered demo videos
Redis Cloud (US)queues & rate limitsshort-lived tokens, counters
OpenRouter → LLMsAI answersmetric aggregates in chat context — or your own key
Anthropicrepo instrumentation agentcode snippets during a PR run

Your exit, guaranteed

Your data is yours: download every raw event as CSV anytime from Setup — no ticket, no waiting. If growth-loop ever shuts down, you get at least 90 days of export access, and our published SDKs (npm, PyPI) stay open source either way. It is our stated intent that if the service stops shipping, the platform code is released under Apache 2.0 so self-hosting remains possible.

The boring hygiene

API keys are stored hashed (never plaintext), sessions are server-side with sliding expiry, passwords are bcrypt-hashed and checked against common-password lists, the browser SDK has zero runtime dependencies, and every AI action that touches your code ships as a PR you review — nothing merges itself.

Questions

Write to security@growth-loop.dev — you’ll get the founder, not a bot.