Privacy Policy

The Onion (“The Onion”, “we”, “us”) is a marketing instrumentation product operated by Cradle House Holdings. We help businesses see and act on their marketing data. If you have questions, contact us at admin@cradle.house.

This policy covers two kinds of people:

• Our customers — businesses who sign up to use The Onion. We collect minimal data: your email, your project metadata, and any credentials you choose to connect.
• End-users of our customers' websites — when our customer embeds the onion.js tracking script on their site, we receive behavioral data about visitors to that site. Our customer is the data controller for that traffic; The Onion is the data processor acting on their instructions. Our customer's privacy policy is the primary policy for their end-users.

• Account data — email address (for sign-in), name (optional), authentication tokens from Google / Microsoft sign-in.
• Project metadata — project names, conversion-goal definitions, funnel stages, KPI targets, Playbook contents.
• Integration credentials — OAuth refresh tokens or service-account keys for the services you choose to connect (Google Ads, Google Analytics 4, Search Console, Meta, Microsoft Clarity, etc.). Stored encrypted at rest. Used solely to pull and write data on your behalf.
• Billing data — handled by our payment processor (Stripe). We don't store card numbers.

When onion.js is installed on a site, we capture:

• Behavioral signals: clicks (element, text, position), scroll depth, dead clicks, rage clicks, active vs idle time on page, form interactions (without capturing the values typed unless our customer explicitly opts in for non-sensitive fields), JS errors, page views, session duration.
• Device + context: user-agent, viewport size, language, time zone, referrer URL, UTM parameters, click IDs (gclid, fbclid, msclkid).
• Pseudonymous identifiers: a randomly-generated visitor ID and session ID stored in browser storage. Not linked to any real-world identity unless our customer explicitly associates a logged-in user ID with the session.
• IP address: received as part of the HTTP request, used to derive coarse geographic data (country/region), hashed before storage. Never stored in plain form.

We do not capture:

• Password fields or any input marked type="password"
• Credit-card fields or any input matching credit-card heuristics
• Personal identifiers our customer has not explicitly chosen to send

• To provide the product — show our customers what's happening on their sites, score quality, surface insights.
• To close the marketing feedback loop — send anonymized quality signals (e.g. AQS conversion buckets) back to ad platforms our customer has connected (Google Ads, Meta) so their bidding can learn from real outcomes. This happens only when our customer has explicitly enabled the integration.
• To improve The Onion itself — aggregate, anonymized analytics on which features get used.

We do not:

• Sell data to third parties.
• Use behavioral data to build cross-site advertising profiles.
• Train AI models on our customers' data without explicit opt-in.

This site itself uses:

• A first-party session cookie for authentication (when you sign in)
• onion.js — yes, we use our own product on our marketing pages

No third-party advertising cookies. No cross-site trackers.

• Supabase — database + authentication (US region)
• Vercel — hosting
• Anthropic Claude — AI features (Focus Coach, content generation). Prompts sent to Claude may include excerpts of project data the customer chose to analyze.
• OpenAI — image generation (when the Content Factory feature is used)
• Google Cloud / OAuth — when customers connect Google services
• Meta — when customers connect Facebook / Instagram
• Stripe — billing

Each is bound by their own data-processing terms. We sign DPAs with the ones that handle customer data.

Primary data store is in the United States (Supabase, US-East). We don't transfer customer data outside the US except via API calls to the third-party services listed above, each of which has its own residency.

• Account data: while your account is active, plus 90 days after deletion request.
• Behavioral session data: 30 days raw, aggregated indefinitely (no PII).
• Backups: 30 days rolling.

You can request, for data we hold about you:

• A copy of it (data portability)
• Correction of inaccurate data
• Deletion (subject to legal-retention exceptions)
• Restriction of processing
• Objection to processing on legitimate-interest grounds

Send requests to admin@cradle.house. We respond within 30 days. If we're acting as a processor for our customer (i.e. data about end-users of their site), we'll forward the request to them.

We encrypt data at rest (AES-256) and in transit (TLS 1.2+). Integration credentials (OAuth tokens, service-account keys) are stored encrypted with per-project keys. Access to production systems is limited to authorized personnel via MFA. We log all access for audit. If we ever experience a breach affecting your data, we'll notify you within 72 hours of discovery.

The Onion is a B2B product not directed to anyone under 18. We don't knowingly collect data from children.

If we make material changes, we'll notify customers by email and update the “Last updated” date above. Continued use after changes constitutes acceptance.

Questions, requests, complaints: admin@cradle.house.