Skip to main content
Pagegazer

Privacy Policy

Last updated: May 2026

1. Who we are

This Privacy Policy describes how Scicovery GmbH (Grunigerstr. 19, 33102 Paderborn, Germany; HRB 13448; VAT DE311378885) processes personal data through its consumer-research service operated under the brand Pagegazer (the “Service”).

Controller: Scicovery GmbH. Contact: [email protected].

Pagegazer engages in research on behalf of business clients. Where Pagegazer designs and runs a study on a client’s instructions and processes participant data on their behalf, Scicovery GmbH acts as a processor for the client and operates under a Data Processing Agreement (DPA). Where Pagegazer collects data through its own website, marketing, and customer-relationship activities, Scicovery GmbH acts as controller.

2. What we process

Marketing site visitors. Server logs (IP, user-agent, timestamp), cookie identifiers strictly necessary for the site to function, and information you submit through forms (name, email, company, message).

Intake form / contact requests. The information you provide about your research need, plus a Cloudflare Turnstile challenge result used to filter automated traffic. Cloudflare may receive your IP address as part of this check.

Portal users (clients of Pagegazer). Account information (name, email, role, organisation), authentication state, project and document metadata, and audit logs of actions taken in the portal.

Study participants. Data collected during a study depends on the study design. It may include: webcam-derived gaze coordinates, behavioural responses (clicks, key presses, navigation paths), survey answers, demographic information voluntarily provided, and — where a study includes them — heart-rate (rPPG) or facial-expression measurements derived in the browser. Raw camera images and raw video do not leave the participant’s device; only the derived signals do.

3. Legal basis

  • Art. 6 (1)(a) GDPR — consent. For study participation, marketing emails (where opt-in), and any non-essential cookies.
  • Art. 6 (1)(b) GDPR — performance of a contract. For operating the client portal and delivering commissioned research.
  • Art. 6 (1)(f) GDPR — legitimate interests. For website security, fraud prevention, and product improvement, balanced against your interests.
  • Art. 9 (2)(a) GDPR — explicit consent. Where biometric measurements (gaze, rPPG, facial expression) are collected, we rely on explicit, informed consent given before the study begins.

4. Retention

Marketing-site logs: typically 30 days. Form submissions: kept for the duration of the engagement plus a reasonable follow-up window, then archived or deleted. Client portal data: kept while the contract is active, then archived or deleted under the terms of the engagement DPA. Participant biometric and behavioural data: retained only as long as required to deliver the agreed analysis to the client, and deleted 3 months after engagement closes unless a longer retention period has been agreed in writing.

5. Recipients and processors

Scicovery GmbH uses the following sub-processors to operate the Service. A current list of sub-processors is available on request.

  • Cloud hosting and database (EU-region).
  • Cloudflare R2 object storage for documents and study assets.
  • Cloudflare Turnstile for bot prevention on public forms.
  • Calendly for discovery-call scheduling.
  • An SMTP provider for transactional email.

Where processors are located outside the EEA, transfers rely on Standard Contractual Clauses or an adequacy decision, as applicable.

6. Your rights

Under the GDPR you have the right to access, rectify, erase, restrict, port, and object to the processing of your personal data, as well as the right to withdraw consent at any time. Requests should be sent to [email protected]

7. Cookies and similar technologies

The marketing site uses only strictly necessary cookies. The client portal uses an authentication cookie (httpOnly) and stores session state in browser localStorage. Embedded Calendly and Cloudflare Turnstile widgets may set cookies of their own when interacted with; these are documented in their respective privacy policies.

8. Changes

We will publish material changes to this policy on this page with an updated effective date. Continued use of the Service after publication constitutes acceptance of the revised policy.