Logo
Products
Dropdown Arrow Icon
ANALYTICS
Revenue AnalyticsReal-time Analytics
INDEXING
Automated Indexing
Website Monitoring
Website Monitoring
Resources
Dropdown Arrow Icon
How-tos
Complete Guide to Google IndexingWhy your pages aren't getting indexed?Real User Monitoring: Complete Guide to Understanding User Experience in 2025
Learn
BlogHelp CenterChangelogRoadmap
Latest article:

How to Check if Your Website is Indexed by Google

About
Dropdown Arrow Icon
About usContactTerms of ServicesPrivacy Policy
PricingContact SalesSign up / Login
Log in
Start Trial
Close Mobile Menu

Privacy Policy

Your privacy matters to us - learn how we protect your personal data
Last updated: 17 June 2026

This page explains what data we collect, why, what we do with it, and the choices you have.

This policy covers two groups of people:

  • Cromojo customers — people who sign up and use Cromojo.
  • Website visitors — people who visit a website that uses Cromojo. (We handle your data on behalf of that website. More on this below.)

A quick note on our two roles:

  • For our own customers, we are the data controller — that means we decide why and how your data is used.
  • For visitors to our customers' websites, we are a data processor — that means we only handle data on the website owner's instructions. The website you visited is the controller, and they decide why and how your data is used.

Who we are

In short: Cromojo is run by an Australian company, and you can reach us by email anytime.

Cromojo AI is a product of HUNA VC Pty Ltd (ABN 24 658 192 520), trading as Cromojo AI.

  • Registered address: L2/63 Dixon St, Haymarket 2000 NSW Australia
  • General contact: support@cromojo.com

We host our systems in the EU (Germany). But we run the company from Australia and use some US providers. So your data sometimes crosses borders. We explain how we protect it in "Sending data overseas" below.

Our EU representative

In short: If you're in the EU, you have a local contact for privacy matters.

We serve people in the EU, so the law says we must have a contact there. We have appointed the following named representative under Article 27 of the GDPR (the EU's main data protection law):

  • Representative: Raw Data Consulting
  • Email: eu-representative@cromojo.com
  • Address: 44 Avenue Maurice Thorez, 94200 Ivry Sur Seine, FRANCE

What Cromojo does

In short: We help businesses see which search keywords and traffic actually make them money.

Cromojo connects four things — website analytics, search performance, indexing, and uptime monitoring — with payment data. This shows our customers which keywords and traffic sources truly drive revenue, not just clicks.

The data we collect about our customers

In short: When you sign up, we collect your contact and billing details and the website data you choose to connect.

When you use Cromojo as a customer, we collect:

  • Account details: your name, email address, company name, and password.
  • Billing details: what's needed to take payment (handled through Stripe).
  • The data you connect: the URLs, domains, sitemaps, and metrics you link to Cromojo.
  • Usage and support data: access logs, and any messages you send us for support.

We do not collect health data or biometric data (like fingerprints or face scans).

Revenue attribution

In short: We connect your payment data to your traffic so you can see what drives sales.

If you connect Stripe or Shopify, we match payments to traffic sources and sessions. This is how we show you revenue per keyword or per source. We do this on your behalf, under our Data Processing Agreement (DPA — explained at the end).

The data we handle about website visitors

In short: Our visitor tracker is cookieless. It sets nothing on your device and never stores your IP address.

Here's a quick summary of what we do and don't handle when you visit a website that uses Cromojo:

We collect We never store
A daily scrambled ID, rough location (city and country) Cookies, your IP address, your name

Here's exactly how our analytics work:

  • No cookies. No storage. We don't place cookies or use localStorage on your device. We store nothing on your device at all.
  • No stored IP addresses. We use your IP address and browser type for a moment, in memory only — never saved to disk. We use them for two things:
    1. To make a scrambled ID that can't be turned back into your real details.
    2. To work out your rough location (city and country only — also done in memory, then discarded).
    Right after that, we delete the IP and browser type.
  • The ID can't follow you around. The secret "salt" we mix in to scramble the ID is unique per website and changes every day. When it changes, the old one is destroyed. So your daily ID can't be reversed, and it can't be linked from one day to the next. ("Salt" means a secret value we mix with your data before scrambling it, so the result can't be reversed.)
  • We respect your privacy signals. We honour Do Not Track and Global Privacy Control signals from your browser.
  • We hide personal-looking data. If a custom event accidentally contains something that looks like personal data, we automatically mask it.

We do not use Google Analytics.

Remember: for this visitor data, the website you visited is the controller, not us. They decide why this data is collected. We just process it for them.

How we got your data (visitors)

In short: If you're a website visitor, we got your data from the website you visited — not from you directly.

We don't collect visitor data from you directly. We get it from the website you were browsing. That site has Cromojo installed. The site owner is the one who should tell you they use us.

The categories of data involved are the ones listed in "The data we handle about website visitors" above (a daily scrambled ID and your rough location).

You can read more on our visitor notice page.

Why we use your data, and our legal reasons

In short: We only use your data for clear reasons that the law allows.

The law says we must have a valid reason ("lawful basis") for using your data. Here are ours:

  • To run the service and bill you (contract): We need your data to provide Cromojo and handle payments.
  • To keep things secure and improve them (legitimate interests): Our legitimate interests are securing the service and preventing abuse, improving and developing it, and providing cookieless analytics to our business customers. We've checked these interests don't override your rights — our analytics are pseudonymised (scrambled) and cookieless to keep the impact on you minimal. ("Legitimate interests" means a sensible business reason that doesn't override your rights.)
  • To send marketing emails (consent): We only email you marketing if you opt in.
  • To meet legal duties (legal obligation): For example, keeping tax and accounting records.

For visitor analytics: the website owner is the controller, so they choose the legal reason. We process that data as their processor under our DPA.

Do you have to give us this data? Providing your account and billing details is necessary to create an account and use Cromojo — without them we can't provide the service. Providing marketing consent is entirely optional and has no effect on your use of Cromojo.

Automated analysis (profiling)

In short: We score and analyse data automatically, but this never makes important decisions about you.

Some of our features analyse data automatically. This counts as "profiling," so we want to be upfront about it:

  • Cromojo Score — a performance rating.
  • Keyword scoring — ranking how keywords perform.
  • Revenue attribution — matching revenue to traffic.

("Profiling" means automatically analysing data to evaluate things, like performance.)

This analysis never makes a decision that seriously affects you or your legal rights. (That kind of automated decision is covered by Article 22 of the GDPR.)

Cookies on the Cromojo app

In short: We only use the cookies needed to keep you signed in. No tracking cookies, no banner.

On the Cromojo app itself, we use only strictly necessary cookies — the ones that keep you signed in and your session working. We don't use analytics or advertising cookies, so there's no cookie consent banner needed.

Who we share data with

In short: We use a small set of trusted providers to run Cromojo, all listed on our sub-processor page. We never sell your data.

To run Cromojo, we share data with a small set of trusted companies ("sub-processors" — companies that process data on our behalf), covering payments, hosting, analytics infrastructure, email, security/content delivery, and error monitoring. Each one only gets what it needs to do its job.

The full, current list — what each provider does, the data they handle, and where they're located — is on our sub-processor page . If we add or change one, we'll update that page and tell you 30 days ahead, so you can object.

You can also connect third-party services yourself — Google Search Console, Bing Webmaster Tools, Stripe, and Shopify. These only send or receive data if you connect them, under their own terms.

We never sell your personal data.

Sending data overseas

In short: Some data goes outside the EU. We use legally approved contracts to protect it.

Although our servers are in the EU, Cromojo is operated by HUNA VC Pty Ltd in Australia, so your personal data is routinely accessed from Australia. Some of our sub-processors are in the United States (Stripe, Cloudflare, Sentry, Postmark), and your chosen integrations (Google, Microsoft) are also US-based.

When data travels outside the EU, we use Standard Contractual Clauses (SCCs) — official EU-approved contracts that keep your data safe wherever it goes (plus the UK Addendum where relevant). Want a copy? Email support@cromojo.com.

How long we keep your data

In short: We keep data only as long as we need it, then delete it.

  • Account and billing data: We keep it while your account is active. We delete it within 30 days of you closing your account. That includes the scrambled analytics we keep in Tinybird. The one exception: records the law makes us keep longer, like tax and financial records (up to about 7 years).
  • Pseudonymised (scrambled) visitor analytics: We keep it up to about 26 months, then delete it automatically. ("Pseudonymised" means the data uses a scrambled ID instead of your real identity.)
  • Revenue-attribution data: We keep it up to about 24 months.
  • Fully anonymous aggregate stats: these can't identify anyone, so we may keep them longer.

When you ask us to delete your data (a "deletion request"), or when Shopify sends us a "redact" request, we complete it within 30 days — across both our app database and our analytics platform (Tinybird).

Your rights

In short: You're in control of your data. Email us and we'll help.

You have the right to:

  • Access — get a copy of the data we hold about you.
  • Correct — fix data that's wrong.
  • Delete — ask us to erase your data.
  • Restrict — ask us to pause using your data.
  • Object — tell us to stop using your data for certain purposes.
  • Portability — get your data in a format you can take elsewhere.
  • Withdraw consent — change your mind anytime (this won't undo what we already did legally before you withdrew).
  • Complain — you have the right to lodge a complaint with a data protection supervisory authority. You can complain to the authority in your country of residence or work. As our EU representative is in France, you may also contact the French authority, the CNIL (www.cnil.fr). UK residents may complain to the Information Commissioner's Office (ico.org.uk).

To use any of these, email support@cromojo.com. We respond within 30 days.

If you're a website visitor: because the website you visited is the controller, please contact that website first — but we'll help. You can also contact our EU representative at eu-representative@cromojo.com.

Marketing emails

In short: We only email you marketing if you say yes, and you can opt out anytime.

We only send marketing emails to people who opt in. Every marketing email has an unsubscribe link, so you can stop them whenever you like.

Children

In short: Cromojo isn't for anyone under 18.

Cromojo isn't for people under 18. We don't knowingly collect data about children. If we find out we have, we'll delete it.

How we keep data safe

In short: We protect your data with encryption and strict access controls.

No system is ever 100% secure, so we can't promise perfect safety — but we use encryption and strict access controls to protect your data.

For business customers (the DPA)

In short: If you use Cromojo on behalf of your business, our DPA sets the rules.

When you sign up as a business customer, you agree to our Data Processing Agreement (DPA). (A DPA is a contract that sets out how we handle data on your behalf.)

  • It's a click-through agreement and part of our Terms.
  • It includes the Standard Contractual Clauses (SCCs) for overseas transfers.
  • You can download a signed copy anytime in Account Settings → Legal.

Changes to this policy

In short: If we make important changes, we'll let you know.

We may update this policy from time to time. If we make an important change, we'll let you know before it takes effect. The "Last updated" date at the top always shows the latest version.

Questions?

We're happy to help. Email us at support@cromojo.com. If you're in the EU, you can also reach our EU representative at eu-representative@cromojo.com.

Legal references: this policy reflects GDPR Articles 7, 13, 14, 15–22, 27, and 77.

If you have any questions above the above, please get in touch via our Contact page.
Back to top
Grow your conversion

Conversion optimisation made simple

Start free
Buy template
Get a demo
Browse all
Rated 4.7 stars on G2
Get revenue clarity for your business
Subscribe for our newsletter
Your information is never disclosed to third parties.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Products
Revenue AnalyticsReal-time AnalyticsAutomated IndexingWebsite Monitoring
Compare
vs Google Analyticsvs Plausiblevs Fathomvs PostHogvs Simple Analytics
Resources
BlogHelp CenterChangelog
Guide
Guide to Google Indexing
Legal
Terms of ServicesPrivacy PolicyVisitor Notice
Company
PricingAboutSupportContact SalesPublic Roadmap
© Cromojo AI 2026, All Rights Reserved
Designed by RAW