GDPR & Data Processing Policy

What we collect

When you request a CRO audit we store the website URL, optional notes you provide, and the baseline metrics captured in the intake form. These fields are required to deliver the audit output and will only be used for that purpose unless otherwise agreed.

How the data is used

• To run automated and analyst-led diagnostics across the requested website.
• To produce the journey report, opportunity backlog, and supporting analytics.
• To contact you with audit updates, follow-up questions, or compliance requests.

Retention & deletion

Audit data is retained for up to 12 months so we can provide historical comparisons and support follow-on engagements. You can request deletion at any time by emailing shaz@onlinebuzz.co.uk; we will confirm removal within 14 business days.

Processors & sub-processors

We host infrastructure on Google Cloud Platform and Vercel. Screenshots and telemetry are stored in encrypted Google Cloud Storage buckets located within the EU. AI analysis is performed via Google Gemini, which receives only the screenshot pixels and page context necessary to make behavioural annotations.

Payments are processed by Stripe. We store the checkout session metadata (unlock tier, job ID, email) to apply entitlements; no card or bank details are ever stored on CustomerJourneys.ai systems.