Privacy Policy
Last updated: May 18, 2026
Who We Are
PullPage is operated from Switzerland ("we", "us", "our").
Email: contact@pull.page
Support: support@pull.page
Website: https://pull.page
App: https://app.pull.page
This Privacy Policy explains how we collect, use, disclose, retain, and protect personal data when you use PullPage, including the website, account system, dashboard, export service, billing, support, and Git Sync.
Scope
This policy applies to:
pull.page
accounts.pull.page
app.pull.page
PullPage backend APIs
related support, billing, analytics, and Git Sync workflows
If you export a website that contains personal data, you are responsible for ensuring you have a lawful basis to process that data. For personal data contained in exported websites, PullPage acts only as a technical processor/service provider to provide the export you requested.
Data We Collect
3.1 Account and Authentication Data
We use Clerk for authentication and account management. Clerk may process:
Email address.
Name and profile information, if provided.
Social login profile data, if you sign in with a third-party provider.
User ID, session identifiers, authentication tokens, and security data.
We store account-related metadata in Clerk, including:
Active plan.
Export counters and billing period.
Onboarding status and selected role.
Marketing email preference and consent timestamps.
Stripe customer/subscription identifiers.
Payment status metadata, such as failed payment flags.
Export history metadata while exports are active.
Git Sync settings, if enabled.
3.2 Export and Scan Data
When you scan or export a Framer website, we process:
The submitted Framer URL.
Discovered page URLs.
Page count and asset count.
Export mode and selected SEO options.
Job ID, status, progress, error messages, timestamps, and file size.
Generated ZIP filename and temporary storage key.
Website HTML, CSS, JavaScript, images, fonts, and other assets needed to create the export.
Exports are processed temporarily on our backend infrastructure. Local temporary files are deleted after the job finishes where technically possible. Export ZIP files and export history metadata are currently retained for up to 24 hours.
3.3 Git Sync Data
If you connect GitHub, we process:
GitHub App installation ID.
GitHub account login/type and repository selection metadata.
Selected repository owner/name, default/base branch, managed path, target name, Framer URL, and SEO settings.
Pull request URL, pull request number, branch name, commit SHA, sync status, and error messages.
Exported files committed to your selected repository when you request Git Sync.
GitHub access tokens are generated for sync operations and are not intended to be stored permanently by PullPage.
3.4 Payment Data
Payments are processed by Stripe. We do not store full payment card or bank details.
We may process:
Stripe customer ID.
Stripe subscription ID.
Checkout/session metadata.
Plan purchased.
Payment status events from Stripe.
Billing email and tax/payment information handled by Stripe.
Stripe retains payment and invoice data according to its own legal and compliance obligations.
3.5 Analytics and Product Usage Data
We use PostHog for product analytics, event tracking, and error monitoring.
PostHog may receive:
User ID.
Email address and name when you are signed in.
Plan name.
Events such as site scanned, export started, export completed, export failed, export downloaded, pricing modal opened, checkout initiated, Git Sync connected, and Git Sync export started.
Event properties such as submitted URL, page count, job ID, ZIP size, plan, error messages, and timing information.
Browser, device, referrer, and technical information.
Exception and error information.
PostHog is configured through a first-party /ingest route and EU PostHog endpoints. Depending on your browser and consent settings, PostHog may use cookies or local storage.
3.6 Support Chat Data
We use Crisp to provide support chat in the dashboard. Crisp may process:
Messages you send.
Email address or contact details you provide.
Browser, device, IP address, and technical session information.
Chat history and support metadata.
3.7 Newsletter and Marketing Preferences
If you opt in to product updates, export tips, or offers, we process:
Your email address.
Opt-in/opt-out status.
Consent source and timestamps.
Optional onboarding role, if provided.
You can unsubscribe or change your preference at any time in account settings or by contacting us.
3.8 Cookies, Local Storage, and Similar Technologies
We use cookies and similar technologies for:
Authentication and session management through Clerk.
Remembering logged-in status through a first-party pp_logged_in cookie.
Product analytics and error monitoring through PostHog.
Support chat through Crisp.
Temporary dashboard state, such as cached plan data and active Git Sync job state, in sessionStorage.
For more detail, see our Cookie Policy at https://pull.page/cookies.
3.9 Technical and Security Data
Our hosting providers and backend may process:
IP address.
Request time and URL.
Browser and operating system.
Referrer.
API route, status code, and error logs.
Rate limit data.
Security and abuse-prevention signals.
How We Use Data
We process personal data to:
Provide and operate PullPage.
Authenticate users and secure accounts.
Scan and export Framer websites.
Generate ZIP files and temporary download links.
Enforce plan limits, quotas, rate limits, and file size limits.
Process payments, subscriptions, invoices, cancellations, and refunds.
Provide Git Sync and GitHub pull request workflows.
Provide support chat and respond to requests.
Send product updates and marketing emails where you opt in.
Improve reliability, usability, and conversion through analytics.
Detect abuse, troubleshoot issues, and maintain security.
Comply with legal, accounting, tax, and regulatory obligations.
We do not sell your personal data. We do not share personal data for third-party cross-context behavioral advertising.
Legal Bases
Where the GDPR applies, we process personal data based on:
Contract performance, Article 6(1)(b), for account, export, billing, and Git Sync functionality.
Legitimate interests, Article 6(1)(f), for security, abuse prevention, service diagnostics, product improvement, and limited product analytics.
Consent, Article 6(1)(a), for optional marketing emails and non-essential cookies where consent is required.
Legal obligation, Article 6(1)(c), for tax, accounting, dispute, and compliance obligations.
Where Swiss data protection law applies, we process personal data based on contract performance, consent where required, overriding or legitimate private interests, and legal obligations under the Swiss Federal Act on Data Protection.
Where other privacy laws apply, we rely on equivalent lawful bases permitted by those laws.
Third-Party Service Providers
We use service providers that may process personal data on our behalf:
Clerk - authentication and account management - https://clerk.com/legal/privacy
Stripe - payments and billing - https://stripe.com/privacy
PostHog - product analytics and error monitoring - https://posthog.com/privacy
Crisp - support chat - https://crisp.chat/en/privacy/
Cloudflare R2 or S3-compatible storage - temporary export ZIP storage - https://www.cloudflare.com/privacypolicy/
Vercel - frontend hosting and routing - https://vercel.com/legal/privacy-policy
Railway - backend hosting - https://railway.app/legal/privacy
GitHub - Git Sync and repository integration - https://docs.github.com/en/site-policy/privacy-policies/github-general-privacy-statement
Framer - marketing website infrastructure and source websites submitted by users - https://www.framer.com/legal/privacy-statement/
Fontshare - web font delivery for the app interface - https://www.fontshare.com/privacy
If a newsletter or website form provider is used on pull.page outside the app repository, that provider should be listed here before publication.
International Data Transfers
We are based in Switzerland. Some providers may process data in Switzerland, the EEA, the United States, or other countries.
Where data is transferred internationally, we rely on appropriate safeguards such as:
Adequacy decisions where available.
Standard Contractual Clauses or equivalent safeguards.
The EU-US Data Privacy Framework or Swiss-US Data Privacy Framework where applicable and certified.
Provider contractual and security commitments.
Retention
We keep personal data only as long as necessary for the purposes described above.
Current retention practices include:
Account data: retained while your account exists.
Local temporary export files: deleted after job completion where technically possible.
Export ZIP files: retained for up to 24 hours.
Export history metadata: retained for up to 24 hours.
Active job status data: retained in memory for a short period, typically up to about 1 hour after completion or failure.
Git Sync settings: retained until you delete them, disconnect GitHub, uninstall the GitHub App, or delete your account.
Marketing preferences: retained until changed or account deletion, unless needed to prove consent or opt-out.
Payment records: retained by Stripe and, where applicable, for legal, accounting, and tax periods.
Support chats: retained according to support needs and Crisp settings.
Analytics data: retained according to our PostHog retention settings; we aim to avoid keeping identifiable analytics longer than necessary.
Server logs: retained for a limited period for security and troubleshooting, generally up to 90 days unless longer retention is needed for abuse, security, or legal reasons.
When you delete your account, we delete or anonymize personal data under our control unless retention is required for legal, accounting, security, dispute, or fraud-prevention reasons.
Your Rights
Depending on your location, you may have the right to:
Access your personal data.
Request correction of inaccurate data.
Request deletion.
Restrict or object to processing.
Withdraw consent at any time.
Request data portability.
Object to direct marketing.
Lodge a complaint with a data protection authority.
EU/EEA residents may contact their local supervisory authority.
Swiss residents may contact the Federal Data Protection and Information Commissioner: https://www.edoeb.admin.ch
California residents may have rights to know, delete, correct, opt out of sale/share, limit use of sensitive personal information, and non-discrimination. We do not sell or share personal information as defined by the CCPA/CPRA.
Brazil, South Africa, UK, and other residents may have additional rights under applicable local law.
To exercise rights, contact: contact@pull.page
We may need to verify your identity before responding. We will respond within the time required by applicable law.
Security
We use appropriate technical and organizational measures, including:
HTTPS/TLS encryption in transit.
Authentication through Clerk.
Stripe-hosted payment processing.
Access controls for backend systems.
Temporary export storage and automatic export expiry.
Rate limiting and SSRF protections for submitted URLs.
Webhook signature verification where configured.
Security and abuse monitoring.
No system is perfectly secure. If you believe there is a security issue, contact us promptly.
Children
PullPage is not intended for children under 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided personal data, contact us and we will take appropriate action.
Automated Decision-Making
PullPage uses automated rules to enforce plan limits, quotas, rate limits, queue priority, and export eligibility. These rules are necessary to provide the Service and do not produce legal or similarly significant effects beyond access to Service features.
Changes to This Policy
We may update this Privacy Policy from time to time. The current version is available at https://pull.page/privacy.
For material changes, we will notify registered users where required by law.
Contact
For privacy requests or questions:
Email: contact@pull.page
Support: support@pull.page