Privacy policy clauses for GrowthBook
GrowthBook is an open-source feature flagging and A/B testing platform that allows websites to control feature rollouts and run experiments. It collects user attributes and conversion data to determine which users see different features and measure experiment performance.
Free scan · No signup · Results in 60 seconds
What data GrowthBook collects
Your privacy policy must disclose each of the following data types when you use GrowthBook.
When does GrowthBook trigger privacy obligations?
GrowthBook triggers privacy obligations the moment you install its SDK or server and begin collecting user attributes for experiment targeting. Here's the specific data flow: GrowthBook captures identifying or quasi-identifying user data (user IDs, email addresses, IP addresses, custom attributes) to assign users to experiment variants and track conversion events. If you use GrowthBook's cloud version, this data leaves your infrastructure and is transmitted to GrowthBook's servers; if self-hosted, data remains local but you still process it.
GDPR (EU/EEA users): Obligation triggers under GDPR Article 6 (lawful basis for processing) and Article 13/14 (transparency). You must establish a lawful basis before collecting attributes—consent under Article 7 is most common for indie founders, or legitimate interest under Article 6(1)(f) if you can justify it (e.g., product optimization). Article 5(1)(a) requires transparency: your privacy policy must disclose that you use feature flags and A/B testing, what attributes you collect, and how long you retain experiment assignments.
CCPA (California residents):
