Powered by Convert.com
N/A
N/A
No
No
No
N/A
No
N/A
We have in place a Business Continuity policy
N/A
We are an A/B testing software company so you will use the software to A/B test its websites
A/B testing and optimization vendor
N/A
No
No
N/A
Yes/No
No
No
No
No
No
Yes
Yes
Yes
Yes
Yes
No
No
Yes
Yes
N/A
None
N/A
N/A
We rely on Amazon Web Services who is responsible for protecting the global infrastructure that runs all of the services offered in the AWS cloud. This infrastructure is comprised of the hardware, software, networking, and facilities that run AWS services.
We rely on Amazon Web Services who is responsible for protecting the global infrastructure that runs all of the services offered in the AWS cloud. This infrastructure is comprised of the hardware, software, networking, and facilities that run AWS services.
Live Logs in Convert track how end users are interacting with web pages and experiments on them at a project and experiment level in real time. They capture information like timestamp when a goal triggered, the event type that was triggered, variation displayed to the end user and many more details. Live logs are different from the logs that are kept here: logs.convertexperimetns.com. These are used for debugging purposes and are kept only for 7 days.
We rely on Amazon Web Services who is responsible for protecting the global infrastructure that runs all of the services offered in the AWS cloud. This infrastructure is comprised of the hardware, software, networking, and facilities that run AWS services.
We rely on Amazon Web Services who is responsible for protecting the global infrastructure that runs all of the services offered in the AWS cloud. This infrastructure is comprised of the hardware, software, networking, and facilities that run AWS services.
Business Continuity is managed as part of the Emergency Management Plan to ensure seamless follow up of an emergency and continuity of services.
This Plan takes into account several incidents that may be minor/localised (levels 1 or 2a) incidents or (levels 2b or 3) emergencies.
These have been identified as the main incidents after a Pre-Mortem Analysis.
Our Incident Management Program (network, computers and data) consists of
Convert’s Data Management Policy defines three roles for accessing data:
Using VPN and AWS console
No
https://www.convert.com/features/ab-testing/api/, https://api.convert.com/doc/v2/
No
We do not integrate with IDEs yet
https://support.convert.com/hc/en-us/articles/204871655-Add-and-Track-Social-Sharing-Buttons
We can integrate with many third party tools by using this: https://support.convert.com/hc/en-us/articles/360042473452
Depends on the platform and what options they have for custom js tracking
None to little as we usually integrate by a click of a button via the UI
No
Not yet but we can check if you are interested into this
Javascript and custom events, data layers
We do not integrate with those yet
No
JavaScript
By using the Visual and Code Editors
Convert is an A/B testing platform so does not interact with the backend
N/A
Yes
No
No
Yes
Yes
N/A
N/A
No
N/A
N/A
We rely on AWS
We rely on Akamai
Yes we rely AWS cloud services
None
Business Continuity is managed as part of the Emergency Management Plan to ensure seamless follow up of an emergency and continuity of services. This Plan takes into account several incidents that may be minor/localised (levels 1 or 2a) incidents or (levels 2b or 3) emergencies.
These have been identified as the main incidents after a Pre-Mortem Analysis
No extra costs, uptime is here: http://status.convert.com/
N/A
With the Visual Editor
Via the Collaborators and granural permission levels
N/A
There is no specific timeline, as we receive an integration request we work on this the soonest possible
Information We Collect When You Register and Create An Account
Visitors to our website (convert.com) (the ""Site"") may read information about us and our products and services without revealing any personally identifiable information. However, in order to become a customer, you must create an account and set up a profile. When you do this, we ask for your name, your organization's name, its street address and your e-mail address. We also require you to select a password. Once you are a registered user you can update your profile and you may elect to provide additional information (e.g. a nickname and certain user preferences).
Information We Collect When You Register for a Webinar
Visitors or Customers can register for a webinar. Here we store the email address to share the webinar details.
Information We Collect When You Request the Newsletter
Visitors or Customers can sign up to receive our Newsletter. Here we store the email address to share the Newsletter on a monthly basis.
Information We Collect From Your Websites
The Services we provide consist of tracking visits to your website and collecting information about the behavior of those visitors. The data we collect helps you optimize your website and to use it strategically. This data may include the web addresses (URLs) of pages visited, the URLs of web pages that referred your visitors to your website, details about the web browsers that visitors to your website use to browse your website, the operating systems used by those visitors, the number of screen colors and the screen resolution used by the visitors to view your websites, and external geodata elements connected to your visitors' ip address (including country, city, region, etc.). Our Services are organized so that our customers can specify the categories of data they wish to receive. The aforementioned categories of information do not necessarily enable us or others to identify you or the visitors to your website. However, if the URLs we collect contain information that in themselves identify personally identifiable information, such as a name or phone number, or if they link to pages that contain personally identifiable information, then we may collect that information as well.
Notes for transparency:
On by default
Off by default
Other Information We Collect
Our Services allow our customers to transmit and store additional information on our servers. This additional information can be anything, including personally identifiable information, except that we don't permit URLs or internet addresses to be stored. We have no control over what information is transmitted by our customers to our servers. Our customers may also request that we receive personally identifiable information that has been rightfully obtained by those customers, such as the email addresses of those who visit their websites and the information that visitors to their websites choose to post.
Cookies
A "cookie" is a small data file that can be placed on your hard drive when you visit certain websites. We use cookies to identify visitors who browse our customers' websites. These cookies contain an identifier that identifies each such visitor anonymously in order to analyze his or her past behavior in relation to your website. None of our cookies contain or collect personally identifiable information. Info below:
_conv_s
convert.com
This cookie contains an ID string on the current session. This contains non-personal information on what subpages the visitor enters – this information is used to optimize the visitor's experience.
1 day
HTTP Cookie, 1st party cookie, Strictly Necessary
_conv_v
convert.com
This cookie is used to identify the frequency of visits and how long the visitor is on the website. The cookie is also used to determine how many and which subpages the visitor visits on a website – this information can be used by the website to optimize the domain and its subpages.
6 months (or 7 days if ITP 2.1 applies)
HTTP Cookie, 1st party cookie, Strictly Necessary
We are using European carbon neutral servers on AWS Cloud based in Frankfurt so it is Europe based.
We do not have such an official compliance certificate but we are planning to obtain one in the next 2 years. At the moment we rely on AWS ISO certificates since our servers are on their cloud infrastructure.
For any transfer of personal data outside the European Economic Area to a country which is deemed by the EU to not have an “adequate” level of data protection, we have put in place with our affiliates, with our third party service providers, and with our customers, the necessary safeguards and mechanisms to ensure that such transfers comply with applicable data protection laws.
These safeguards include the EU Standard Contractual Clauses (SCC) and the EU-US Data Privacy Framework (EU-US DPF) and the UK Extension to the EU-US DPF. In addition, we may institute in the future, in our discretion, other lawfully approved mechanisms such as Binding Corporate Rules and Codes of Conduct. For transfers to third party service providers, we ensure that such entity maintains appropriate safeguards and shall have in place required data protection terms to ensure protection of personal data to the same degree as required of Convert.
We make it easy for our customers to formalize and share with their stakeholders, including employees, customers and potential auditors, that they use Convert Experiences in a way that meets GDPR data processing obligations.
The Data Processing Agreement (DPA) is an easy-to-execute document that only requires an electronic signature from the customer. For reference, please visit this https://www.convert.com/gdpr/dpa/.
Yes, access to systems is based on specific roles and duties of each role and is reviewed frequently.
Yes
Our cloud infrastructure (AWS) takes care of it.
Our cloud infrastructure (AWS) takes care of it.
Our cloud infrastructure (AWS) takes care of it.
No
Yes - Dionysia Kontotasiou, Head of Privacy & Security, dionysia@convert.com
Yes - Yes, penetration tests are being conducted every 12 months by an independent external third party.
Yes
Yes
If a member of Convert Insights considers that a security breach has occurred, this must be reported immediately. Part 1 of the Security Breach Report Form should be completed without delay. Part 1 of the Report Form will assist in conducting an initial assessment of the incident by establishing:
if a security breach has taken place; if so:
what data and systems are involved in the breach;
the cause of the breach;
the extent of the breach (how many individuals are affected);
the harms to affected individuals that could potentially be caused by the breach;
how the breach can be contained.
Following this initial assessment of the incident, an appropriate Lead Investigator is appointed to investigate the incident and will decide if it is also necessary to appoint a group of relevant stakeholders to assist with the investigation. The Lead Investigator will determine the severity of the incident and by completing part 2 of the Security Breach Report Form (i.e. s/he will decide if the incident can be managed and controlled locally or if it is necessary to escalate the incident to the Emergency Management Team. The severity of the incident will be categorised as level 1, 2a, 2b or 3
Yes
Yes we have a Data Management Policy in place
Yes
Yes - We have a Data Retention schedule written as a policy.
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes - For international data transfers we rely on the EU-US Data Privacy Framework (EU-US DPF), the UK Extension to the EU-US DPF and EU Standard Contractual Clauses (SCCs)
No
Yes
Yes
Yes - Convert Insights operates a strict “notice and takedown” procedure. Users are encouraged to be vigilant and to report any suspected violations of the Data protection Policies immediately to support@convert.com. On receipt of notice (or where Convert Insights otherwise becomes aware) of any suspected breach of these Policies, Convert Insights reserves the following rights: to remove, or require the removal of, any content which is deemed to be in breach or potentially in breach of these Policies; and/or to disable any User and access to Convert Insights IT Resources. If any breach of these Policies is observed, then (in addition to the above) disciplinary action up to and including dismissal in the case of Staff or contract termination in the case of third parties may be taken.
Yes
Dionysia Kontotasiou
Yes, our Information Security Program (data in any format) consists of:
Understanding the Data: to properly approach information security, Convert Insights first needs to understand the types of information it collects and stores.
Performing a Risk Assessment: A risk assessment is a key tool for determining where systems may be vulnerable to a security incident.
Determining Legal Requirements: our Information Security Program is developed by reference to our legal compliance obligations.
Developing Policies and Internal Controls: We created and maintain the policies and internal controls that ensure Convert Insights is complying with key laws and regulations on an ongoing basis. Key policies and internal controls are described in point 3.
Addressing Ongoing Compliance: Key components of ensuring ongoing compliance include: (i) Providing security training and awareness programs (ii) Monitoring and auditing compliance efforts and benchmarking against the security compliance plan (iii) Evaluating and revising program controls, policies and protocols.
Convert Insights reserves the right to amend these Policies at any time in any manner in which sees fit at the absolute discretion of the Company. Any such revisions are noted in the revision history of each policy. Policies are reviewed at least annually, to determine whether it requires revision in light of new threats or technologies.
May 2018
Staff Information Security Training Policy sets out the training that Convert Insights staff will be provided with to ensure that all handling of information is compliant with the General Data Protection Regulation (GDPR).
In general training for all data users cover these areas:
We use these processes to ensure that information security policies are in place:
There is someone with specific responsibility for Information Security in Convert Insights.
All staff receive annual awareness of the Information Security Regulations.
Everyone managing and handling information understands that they are directly and personally responsible for following good information security practice.
Only staff who need access to information as part of their duties are authorised to do so.
Everyone managing and handling information is appropriately supervised.
Methods of handling information are clearly described.
An audit of information is conducted on an annual basis. This includes an assessment and evaluation to ensure that all information held is accurate and up to date and that adequate controls are in place to ensure information is managed and stored appropriately.
A copy of Information Security Policies are given to all new members of staff.
Procedures for selecting appropriate third-party service providers and obtaining written agreements from them to ensure that information receives adequate security and protection.
Reasonably up-to-date network firewall protection.
Reasonably up-to-date virus and malware protection.
Routine monitoring of computer systems for unauthorized access.
Convert Insights operates a strict “notice and takedown” procedure. Users are encouraged to be vigilant and to report any suspected violations of the Information Security Policies immediately to support@convert.com. On receipt of notice (or where Convert Insights otherwise becomes aware) of any suspected violation of these Policies, Convert Insights reserves the following rights: to remove, or require the removal of, any content which is deemed to be in breach or potentially in breach of these Policies; and/or to disable any User and access to Convert Insights IT Resources. If any breach of these Policies is observed, then (in addition to the above) disciplinary action up to and including dismissal in the case of Staff or contract termination in the case of third parties may be taken.
Convert Insights endeavours, at all times, to ensure consistent, high quality implementations and management of its IT resources, processes and practices. A comprehensive framework of well-defined policies, procedures and standards are required to facilitate and ensure this. In developing the IT policies, procedures and standards for Convert Insights, due regard and consideration has been given to the ISO 27000 series of standards which have been specifically reserved by ISO (International Standards Organisation) for information security matters. It is not intended that Convert Insights seeks to be compliant with all aspects of the relevant ISO information security standards as this would not be appropriate in all instances. However, it is intended that Convert Insights would aspire to implement policies, standards and procedures which are consistent with key aspects of the standards.
We rely on Amazon Web Services who is responsible for protecting the global infrastructure that runs all of the services offered in the AWS cloud. This infrastructure is comprised of the hardware, software, networking, and facilities that run AWS services.
Regarding the physical security measures, AWS data centers are housed in nondescript facilities. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication a minimum of two times to access data center floors. All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff.
AWS only provides data center access and information to employees and contractors who have a legitimate business need for such privileges. When an employee no longer has a business need for these privileges, his or her access is immediately revoked, even if they continue to be an employee of Amazon or Amazon Web Services. All physical access to data centers by AWS employees is logged and audited routinely.
Details from AWS are presented here: https://d0.awsstatic.com/whitepapers/aws-security-whitepaper.pdf
No, access is only restricted to Convert Insights members as defined in our IT Security Policy.
Yes, Convert Insights is a remote distributed team. Several policies are in place to secure remote connectivity:
Yes, antivirus is compulsory pre-requisite for any computer joining the Convert Insights network as described in our IT Security Policy.
We rely on AWS tools for this. Amazon Inspector automatically assesses vulnerabilities and deviations from best practices. AWS Systems Manager and specifically Patch Manager automatically apply patches in a timely manner.
We have requested a Vulnerability and Penetration testing from AWS.
All Convert Insights laptops must have their internal hard drive encrypted.
All Convert Insights mobile devices that host Convert Insights data (email) must be protected by encryption and layered authentication where appropriate.
Where sensitive information is transmitted through a public network to an external third party the information must be encrypted first and sent via secure channels (SFTP, SSH, HTTPS, VPN etc.)
Yes, access to systems is based on specific roles and duties of each role and is reviewed frequently.
Yes, all individuals have a unique user ID (end users, DBA’s, network admin, programmers) for their personal and sole use so that activities can be traced to the responsible person as indicated in our IT Security Policy.
N/A
To protect data from falling into the wrong hands, it’s important that Data Controllers and Data Owners (as defined in Data Management Policy) understand which users have access and why these users need access to systems and data. The decision process for users to gain access to systems and data is based on the need-to-know principle, which is that access to data must be necessary for the conduct of the users’ job functions.
Yes, Convert Insights Inc. is PCI-DSS compliant. Convert Insights Inc. isn’t itself SOC compliant, but our datacenter providers are (AWS/Hetzner). Customers interested in SOC reports concerning the cloud infrastructure providers utilized by our services can obtain the reports directly from the respective providers.
Yes, our Cyber Security Program (network, computers and data) consists of:
Yes, we have listed the key cyber security risks, just to name a few here:
May 2018
This is planned for Q4 2018.
If a member of Convert Insights considers that a security breach has occurred, this must be reported immediately. Part 1 of the Security Breach Report Form should be completed without delay. Part 1 of the Report Form will assist in conducting an initial assessment of the incident by establishing: if a security breach has taken place; if so:
Following this initial assessment of the incident, an appropriate Lead Investigator is appointed to investigate the incident and will decide if it is also necessary to appoint a group of relevant stakeholders to assist with the investigation. The Lead Investigator will determine the severity of the incident and by completing part 2 of the Security Breach Report Form (i.e. s/he will decide if the incident can be managed and controlled locally or if it is necessary to escalate the incident to the Emergency Management Team. The severity of the incident will be categorised as level 1, 2a, 2b or 3.
Yes. security events are closely tied to the applications that are affected.
Our Incident Response Plan involves the Emergency Management Team [EMT].
The Emergency Management Team [EMT] has full responsibility for the response to and management of a major emergency. In the event of the EMP being activated, all staff will work under the direction of the EMT. Members of the EMT and staff with specific responsibilities will receive appropriate formal training in Emergency Management and related responsibilities. It is the responsibility of senior managers to ensure that staff members are aware of their responsibilities.
The Chair of EMT is responsible for the overall management of emergency coordination and response for Convert Insights.
Core members of EMT have specific duties as outlined in our Emergency Management Plan.
On the basis of the evaluation of risks and consequences, the Lead Investigator, and others involved in the incident as appropriate, will determine whether it is necessary to notify the incident to others outside Convert Insights. For example: individuals (data subjects) affected by the incident; other bodies such as regulatory bodies, the press/media; external legal advisers.
As well as deciding Who to notify, the Lead Investigator must consider: What is the message that needs to be put across? In each case, the notification should include as a minimum:
How to communicate the message? What is the most appropriate method of notification (e.g. are there large numbers of people involved? Does the incident involve sensitive data? Is it necessary to write to each individual affected? Is it necessary to seek legal advice on the wording of the communication?).
Why are we notifying? Notification should have a clear purpose, e.g. to enable individuals who may have been affected to take steps to protect themselves (e.g. by cancelling a credit card or changing a password), to allow regulatory bodies to perform their functions, provide advice and deal with complaints, etc.
Yes, we have an internal procedure on how to report the incidents and keep them in a central place for Policies’ improvement.
Yes, in the event of an Emergency incident, Senior Management is notified.
Yes, this lies under notification section and who to notify once the incident takes place.
Yes, responsibility for managing all aspects of external communication and contact with the media following an Emergency rests with the Content Crafter Role within Convert Insights. The Content Crafter will handle all information flow to print and broadcast media following early consultation with the Emergency Management Team (EMT). An early and clear response from Convert Insights is essential to set the tone for subsequent updates. Social media will be used as one of the key communication channels. Security around the incident will be crucial to the control of information flow and message management; therefore media access must be strictly curtailed unless agreed specifically by the EMT.
No
Subsequent to a cyber security breach, a review of the incident by the Lead Investigator will take place to ensure that the steps taken during the incident were appropriate and to identify areas that may need to be improved. The Lead Investigator will send a copy of all cyber security breach reports to the whole team and will use these to compile a central record of incidents. Convert Insights will report on incidents at least on a quarterly basis in order to identify lessons to be learned, patterns of incidents and evidence of weakness and exposures that need to be addressed.
For each serious incident, the Lead Investigator will conduct a review to consider and report on the following:
Since we did not face any cyber security attacks, there was no need to update the Policies by lessons learnt so far, however we have a standard annual review and the Policies and Procedures are adapted to the new trends whenever needed.
Staff Information Security and Data Protection Training Policies set out the training that Convert Insights staff will be provided with to ensure that all handling of data and IT resources is compliant with the General Data Protection Regulation (GDPR). In general training for all users cover these areas:
Additional training is provided for the Development and HR teams.Finally, a checklist is included in the Policies with quick references to what staff need to know regarding Data and Protection and IT resources security.
Yes, our Cyber Security Program (network, computers and data) consists of:
Yes, Dionysia Kontotasiou, dionysia@convert.com
Yes
Yes
Yes
Yes - Business Continuity is managed as part of the Emergency Management Plan to ensure seamless follow up of an emergency and continuity of services. This Plan takes into account several incidents that may be minor/localised (levels 1 or 2a) incidents or (levels 2b or 3) emergencies.
Yes
Yes
No
No
Yes
Yes
Yes
Business Continuity is managed as part of the Emergency Management Plan to ensure seamless follow up of an emergency and continuity of services. This Plan takes into account several incidents that may be minor/localised (levels 1 or 2a) incidents or (levels 2b or 3) emergencies.
These have been identified as the main incidents after a Pre-Mortem Analysis.
Yes, Emergency Management Plan and Business Continuity are reviewed and tested at least annually. Last update was in May 2018.
Yes, our cloud infrastructure (AWS) takes care of it.
Yes, our DPO: dionysia@convert.com
Business Continuity is managed as part of the Emergency Management Plan to ensure seamless follow up of an emergency and continuity of services. This Plan takes into account several incidents that may be minor/localised (levels 1 or 2a) incidents or (levels 2b or 3) emergencies.
These have been identified as the main incidents after a Pre-Mortem Analysis.
Yes
Yes, managed through AWS
Yes, managed through AWS
Emergency Management Plan and Business Continuity are reviewed and tested at least annually. Last update was in March 2020.
Yes
No
Yes, via Stripe payment processor
Yes
Google Optimize
|
Google Optimize
360
|
Pro
|
Specialist
|
|
---|---|---|---|---|
Number of Tested Users per month
|
Unlimited | Unlimited | 700K | 400K |
Price per month (monthly plan) | Free | Unknown |
$1,699
Try Monthly Plan |
$999
Try Monthly Plan |
Price per month (annual plan) | Free | Unknown |
$1,019/mo
- 40%
|
$599/mo
- 40%
|
Annual Price | Free | Unknown | $12,233
Try Annual Plan | $7,193
Try Annual Plan |
Forced Plan Upgrades
|
N/A | Unknown | No | No |
Discounts: 2 years | N/A | Unknown | ||
Discounts: 3 years | N/A | Unknown | ||
Auto-Upgrade | N/A | Unknown | No (overcharge per 100K $299) | No (overcharge per 100K $299) |
Support | ||||
Email Support (priority) | ||||
Chat Support | ||||
Phone Support | ||||
Dedicated customer success and/or technical solutions engineer | ||||
Premium Onboarding | ||||
Features | ||||
Active Domains for A/B testing | Unlimited | Unlimited | Unlimited | Unlimited |
Unlimited sub-domains | ||||
Unlimited Collaborators | ||||
A/B Testing | ||||
Split Url Testing | ||||
Multivariate Testing | Up to 16 combinations | Up to 36 combinations | ||
Multipage Testing | ||||
Unlimited Tests | Up to 5 concurrently | 100 or more concurrently | ||
Unlimited Variations | Unknown | Unknown | ||
Active Goals
|
Up to 3 preconfigured | Up to 10 preconfigured | 70 | 60 |
No. of Active Experiences | 5 | 100 | Unlimited | Unlimited |
Traffic Source Targeting | ||||
Time of Day Targeting | ||||
Easy One Tag Integrations | ||||
Number of 3rd party integrations | 5 | 5 | 90+ | 90+ |
Visual Editor | ||||
Advanced CSS/HTML/JS editor | ||||
Unique JS/CSS per Variation | ||||
Unique JS/CSS per Experiment | ||||
Unique JS/CSS per Project | Unknown | Unknown | ||
Deploys
|
Unknown | Unknown | 100 | 50 |
Full Stack & Feature Flags
|
||||
Real Time Results | ||||
Automatic Bounce Measurement | ||||
Dynamic Revenue Tracking | ||||
Cross-domain Testing and Tracking | ||||
Post - segmentation | ||||
PDF Export | ||||
Unlimited Projects | Unknown | Unknown | 50 | 30 |
Excel Export | ||||
Campaign Data Retention | Unknown | Unknown | No limit | No limit |
Javascript Event Pushing | ||||
Third-Party Site Goal Tracking
|
Unknown | Unknown | ||
Real-Time Reports | ||||
Language Targeting | ||||
IP Targeting | ||||
Anti-flicker protection
|
||||
Google Analytics Goal Import | ||||
GA Automatic Revenue Tracking | ||||
Cookie Targeting | ||||
Geo / Demographic Targeting | ||||
Cross-browser Q&A | Unknown | Unknown | ||
Role Based Users | ||||
Frequentist & Bayesian Stats Engine
|
Bayesian only | Bayesian only | ||
Sequential Testing
|
||||
Test Collision Protection | ||||
Advanced / Custom Targeting | ||||
Custom Triggers | ||||
Custom Tag Targeting
|
||||
JS Targeting | ||||
Mobile Site Testing | ||||
Mobile App Testing | ||||
API | ||||
SRM Checks | ||||
Personalize experiences for segments | ||||
Personalize experiences with behavior-based targeting | ||||
Change History | ||||
Live Log
|
||||
SECURITY & PRIVACY | ||||
Single Sign On (SSO)
|
||||
EU based servers | Frankfurt | Frankfurt | ||
Non-PII Cookie lifetime | 90 days | 90 days | 6 months | 6 months |
Third Party cookies | ||||
Do Not Track Browser | Unknown | Unknown | ||
Support Opt Out Feature | ||||
DPA (for partners who want to sign it) | ||||
PCI-DSS compliance
|
||||
SOC 2 compliance |
Google Optimize
|
Google Optimize
360
|
Convert
Pro
|
Convert
Specialist
|
|
---|---|---|---|---|
Number of Tested Users per month
|
Unlimited | Unlimited | 700K | 400K |
Price per month (monthly plan) | Free | Unknown |
$1,699
Try Monthly Plan |
$999
Try Monthly Plan |
Price per month (annual plan) | Free | Unknown |
$1,019/mo
- 40%
|
$599/mo
- 40%
|
Annual Price | Free | Unknown | $12,233
Try Annual Plan | $7,193
Try Annual Plan |
Forced Plan Upgrades
|
N/A | Unknown | No | No |
Discounts: 2 years | N/A | Unknown | ||
Discounts: 3 years | N/A | Unknown | ||
Auto-Upgrade | N/A | Unknown | No (overcharge per 100K $299) | No (overcharge per 100K $299) |
Support | ||||
Email Support (priority) | ||||
Chat Support | ||||
Phone Support | ||||
Dedicated customer success and/or technical solutions engineer | ||||
Premium Onboarding | ||||
Features | ||||
Active Domains for A/B testing | Unlimited | Unlimited | Unlimited | Unlimited |
Unlimited sub-domains | ||||
Unlimited Collaborators | ||||
A/B Testing | ||||
Split Url Testing | ||||
Multivariate Testing | Up to 16 combinations | Up to 36 combinations | ||
Multipage Testing | ||||
Unlimited Tests | Up to 5 concurrently | 100 or more concurrently | ||
Unlimited Variations | Unknown | Unknown | ||
Active Goals
|
Up to 3 preconfigured | Up to 10 preconfigured | 70 | 60 |
No. of Active Experiences | 5 | 100 | Unlimited | Unlimited |
Traffic Source Targeting | ||||
Time of Day Targeting | ||||
Easy One Tag Integrations | ||||
Number of 3rd party integrations | 5 | 5 | 90+ | 90+ |
Visual Editor | ||||
Advanced CSS/HTML/JS editor | ||||
Unique JS/CSS per Variation | ||||
Unique JS/CSS per Experiment | ||||
Unique JS/CSS per Project | Unknown | Unknown | ||
Deploys
|
Unknown | Unknown | 100 | 50 |
Full Stack & Feature Flags
|
||||
Real Time Results | ||||
Automatic Bounce Measurement | ||||
Dynamic Revenue Tracking | ||||
Cross-domain Testing and Tracking | ||||
Post - segmentation | ||||
PDF Export | ||||
Unlimited Projects | Unknown | Unknown | 50 | 30 |
Excel Export | ||||
Campaign Data Retention | Unknown | Unknown | No limit | No limit |
Javascript Event Pushing | ||||
Third-Party Site Goal Tracking
|
Unknown | Unknown | ||
Real-Time Reports | ||||
Language Targeting | ||||
IP Targeting | ||||
Anti-flicker protection
|
||||
Google Analytics Goal Import | ||||
GA Automatic Revenue Tracking | ||||
Cookie Targeting | ||||
Geo / Demographic Targeting | ||||
Cross-browser Q&A | Unknown | Unknown | ||
Role Based Users | ||||
Frequentist & Bayesian Stats Engine
|
Bayesian only | Bayesian only | ||
Sequential Testing
|
||||
Test Collision Protection | ||||
Advanced / Custom Targeting | ||||
Custom Triggers | ||||
Custom Tag Targeting
|
||||
JS Targeting | ||||
Mobile Site Testing | ||||
Mobile App Testing | ||||
API | ||||
SRM Checks | ||||
Personalize experiences for segments | ||||
Personalize experiences with behavior-based targeting | ||||
Change History | ||||
Live Log
|
||||
SECURITY & PRIVACY | ||||
Single Sign On (SSO)
|
||||
EU based servers | Frankfurt | Frankfurt | ||
Non-PII Cookie lifetime | 90 days | 90 days | 6 months | 6 months |
Third Party cookies | ||||
Do Not Track Browser | Unknown | Unknown | ||
Support Opt Out Feature | ||||
DPA (for partners who want to sign it) | ||||
PCI-DSS compliance
|
||||
SOC 2 compliance |