Your privacy, respected.

When we say “Switch,” “we,” “us,” or “our” in this document, we mean Switch — the company that builds and operates the Switch service at switchtheweb.com.

When we say “you” or “your,” we mean you — either a site owner who has a Switch account, or a visitor to a website that uses Switch. We'll be specific about which one we mean in each section.

This is the part most people care about, so let's be specific. When someone visits a website that uses Switch, our SDK collects behavioral and environmental signals to determine whether the visitor is a human, an AI agent, or a bot. Here is exactly what we collect:

• Page path (e.g. /pricing) — query strings are stripped before storage
• Referrer origin and path — query strings stripped
• Fingerprint hash — a one-way hash derived from canvas, WebGL, and audio signals. Not reversible.
• IP hash — SHA-256 of the visitor's IP address. The raw IP is never stored.
• User-agent string — for agent classification
• Behavioral metrics — mouse entropy, scroll patterns, click timing. Statistical aggregates only.
• Environment signals — headless browser flags, automation globals, plugin counts
• Session ID — a random UUID in sessionStorage that expires when the tab closes

And here is what we never collect:

• Cookies — Switch sets zero cookies
• Personal information — no names, emails, phone numbers, or account data
• Form content — we measure form interaction timing, but never read actual input values
• Keystrokes — we measure typing cadence variance, but never capture actual keys pressed
• Raw IP addresses — IPs are SHA-256 hashed on the server before any storage
• Cross-site tracking — no third-party cookies, no tracking pixels, no ad network data sharing

For the full technical breakdown, see our Security page.

If you create a Switch account, we collect the information you provide during signup:

• Email address — for authentication, billing, and occasional product updates
• Payment information — processed and stored by Stripe. We never see or store your full card number.
• Site URL — the website(s) you connect to Switch
• Team member emails — if you invite colleagues to your account

That's it. We don't ask for your name, company name, phone number, or mailing address unless you volunteer it.

Site visitor data is used for one thing: classifying traffic. We analyze behavioral and environmental signals to determine whether a visitor is human, an AI agent, or a bot — and what kind. This powers the detection, classification, and workflow features in the Switch dashboard.

Account holder data is used to:

• Authenticate you and manage your account
• Process billing and subscriptions
• Send you important service updates (outages, security notices, billing changes)
• Occasionally send product updates — you can unsubscribe from these at any time

We do not use your data for advertising, profiling, or selling to third parties. Full stop.

Switch publishes aggregate, anonymous statistics in our public Agent Directory. For example: “GPTBot was detected 4,200 times across the Switch network.”

These are per-agent-type counts only. Here is what is never included in aggregate statistics:

• Your site's name, URL, or domain
• Your site's traffic volume
• Individual session data, paths, or referrers
• Any data that could identify a specific site or visitor

Think of it like a weather report: we say “it rained in 40% of the country,” not “it rained on your house.”

We may feature your company's name or logo on our website to show that you use Switch. But we will always ask for your permission first. This is never assumed or buried in fine print.

You can withdraw this permission at any time by emailing privacy@switchtheweb.com. We'll remove your logo within five business days.

We use a small number of third-party services to run Switch. Here is who they are and what they do:

We do not share your data with advertisers, data brokers, or anyone else not listed above.

Site visitor data (traffic events, behavioral signals, classifications) is retained for as long as your Switch account is active. When you cancel your account:

• All traffic data becomes inaccessible immediately
• Within 30 days, all traffic data is permanently deleted from active systems
• Within 60 days, all data is permanently deleted from backups

Account data (email, billing history) follows the same schedule, except that Stripe retains billing records as required by financial regulations.

If you want your data deleted before canceling, or if you need a data export, email privacy@switchtheweb.com and we'll handle it.

Depending on where you live, you may have specific legal rights regarding your data. We respect these regardless of jurisdiction:

• Access — you can request a copy of all data we hold about you
• Correction — you can ask us to correct inaccurate data
• Deletion — you can ask us to delete your data at any time
• Portability — you can request your data in a standard, machine-readable format
• Objection — you can object to our processing of your data

For site visitors: because Switch collects no personal information and cannot identify individual visitors, there is typically no personal data to access, correct, or delete. But if you have concerns, reach out and we'll do our best.

For all requests, email privacy@switchtheweb.com. We'll respond within 30 days.

GDPR: Switch's architecture is designed with privacy by design and by default. We collect no personal data from site visitors, set no cookies, and store no raw IPs. The behavioral signals we analyze (mouse entropy, scroll patterns) are statistical aggregates that cannot identify an individual. For account holders in the EU, we process your data based on contractual necessity (we need your email to run your account) and legitimate interest (product analytics to improve Switch).

CCPA: We do not sell personal information. We do not share personal information with third parties for cross-context behavioral advertising. Under the CCPA, Switch acts as a “service provider” with respect to data processed on behalf of our customers.

That said, we're not lawyers, and privacy law is complex. If you have specific compliance questions, we recommend consulting your legal team.

Switch is not directed at children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

We may update this privacy policy from time to time. When we make material changes, we will:

• Update the “last updated” date at the top of this page
• Notify account holders via email at least 30 days before changes take effect
• Post a notice on the Switch dashboard

We will never quietly make changes that reduce your rights or expand our data collection without telling you.

Questions, concerns, or just want to say hi? Reach out:

• Privacy questions: privacy@switchtheweb.com
• General support: hello@switchtheweb.com