ThorStackThorStack

Growth

One snippet.
every conversion lever.

Paste one `<script async>` tag on your site. ThorStack Growth activates lead-capture popups, an AI chat concierge that knows your product, behaviour analytics, session replay, heatmaps, A/B testing, and CRM sync, all from the same embed. No plumbing per feature, no separate vendors, no widget-fest.

Book a demoSee pricing
acme.thorstack.com / growth

Growth

acme.com ▾
Visited
4,820
Engaged
3,085
Lead
1,109
Booked
386
A/B · hero CTA
B +18% p<0.05
AI chat · SIGNAL
8 / 10 intent

From paste to pipeline

Six steps that turn anonymous traffic into a CRM contact.

  1. 01
    Install

    Paste one `<script async src="…/embed.js?k=PUB_…"></script>` on every page. Done in 30 seconds; respects DNT, GDPR/NDPR, and Sec-GPC out of the box.

  2. 02
    Capture

    Choose your trigger (scroll, time, exit, idle) and your form mode (popup, inline, progressive). Pick a Lead Form, design the popup, ship.

  3. 03
    Qualify

    The AI chat concierge answers questions using your own knowledge base (scraped from your website or uploaded as PDF / Markdown / text), then weaves qualifying questions into the conversation before escalating to email capture.

  4. 04
    Analyse

    Sessions, events, heatmaps with auto-captured screenshots, funnel drop-off, attribution by source/device/country, landing-page performance, every metric a marketer needs in one Insights surface.

  5. 05
    Experiment

    Two-proportion z-test A/B testing for popup variants. Deterministic visitor bucketing, winner declaration when significant.

  6. 06
    Act

    Ranked AI recommendations on what to change next, comparing your numbers against industry benchmarks. Hot leads sync to CRM automatically; webhooks fire for everything.

Nine integrated capabilities

The growth stack PostHog + Hotjar + Drift, on one embed.

Capability 01

Multiple sites, one workspace

Run the Growth snippet on as many websites as you operate. Each Site is fully isolated, with its own embed key, popups, leads, sessions, events, experiments, funnels, segments, and chat knowledge. A global site switcher re-scopes every screen, and attribution tells you which site each lead came from.

What's included
  • One embed key per site, fully isolated data
  • Global site switcher across every Growth screen
  • Add, rename, set domain, switch, and delete sites
  • Per-site AI insights, CRM sync, and chat knowledge
  • Lead source attribution stamped by site

Capability 02

Lead-capture popups (3 modes)

Modal, inline, or progressive (one field at a time) popups triggered by scroll depth, time on page, exit intent, or idle. Render inside a closed Shadow DOM so customer-site CSS can't leak in.

What's included
  • Four trigger types: scroll % / time / exit intent / idle
  • Three render modes: popup / inline / progressive
  • Path regex filters with ReDoS-guard validation
  • Pulls form schema from your existing Lead Forms
  • Trust-signal slots: testimonial + social proof + security badge
  • Honeypot + visitor-binding + per-IP rate limit

Capability 03

AI chat concierge with RAG knowledge

Customer-facing chat that actually knows your product. Index your marketing site by URL or drop a pricing.pdf / faq.md. The bot retrieves the top-5 most relevant chunks via pgvector cosine similarity (relevance ceiling 0.65) and grounds every answer in your own content with cite-back links.

What's included
  • URL scrape with sitemap-aware crawl + depth-2 BFS fallback
  • File upload: PDF, Markdown, plain text
  • OpenAI text-embedding-3-small (1536-dim), chunks at 500 tokens with 50-token overlap
  • Per-org chunk cap, per-source cap 1-5000 URLs (operator-tunable)
  • Prompt-injection mitigation: <knowledge> XML tag wrapping
  • Cite-back chips beneath every reply with the source URL
  • Qualifies visitors (problem / context / timeline) before escalating

Capability 04

Sessions + behavioural events

Every visitor session with full event timelines, pageviews, scrolls, clicks (with viewport coords for heatmaps), form focus/submit, popup events, chat opens. Server-side PII strip on URLs, DNT/Sec-GPC respected.

What's included
  • Per-session event cap 10,000 with truncation signal
  • SPA navigation tracked via history pushState/replaceState
  • Session-squatting defence: visitor-binding enforced
  • Session detail page with full event timeline
  • GDPR/NDPR per-session erasure endpoint
  • Phase-4 rrweb session replay (opt-in)

Capability 05

Heatmaps with auto-capture

Click density per page rendered over the actual page screenshot. Screenshots are captured automatically the first time you view a heatmap: Playwright in the orchestrator image headlessly renders the URL and stores the result. No manual upload required.

What's included
  • Auto-capture via Playwright (SSRF-guarded, allowed-origin-only)
  • Coords normalized to document size, works at any viewport
  • Per-path picker with click counts in left rail
  • Manual upload fallback (PNG/JPEG/WebP, 1 MB cap)
  • Polling status banner, "Capturing…" / "Ready" / "Configure origins first"

Capability 06

Funnels with z-test math

Define a sequence of events; visualise drop-off step-by-step over your chosen window. Server-side aggregation truncated at 25k events for sub-second response. Each step shows count, conversion rate, and drop-off delta vs the prior step.

What's included
  • Multi-step sequences with event-type filters
  • Drop-off visualisation with red delta bars
  • Configurable lookback (7 / 14 / 30 / 90 days)
  • Truncation signal when event volume hits the cap

Capability 07

AI Recommendations

Periodic LLM analysis of your funnel + attribution + popup performance, comparing against industry benchmarks. Ranked recommendations with severity (critical/high/medium/info), action chips that route to the relevant surface, and Acted/Dismiss state per insight.

What's included
  • Periodic generation (cadence configurable)
  • Prompt-injection guard on snapshot fields
  • Heuristic fallback when LLM unavailable
  • Jittered exponential backoff on LLM failure
  • Distributed-lease leader election (multi-process safe)
  • Per-org regenerate rate limit (5/hour)

Capability 08

A/B testing with significance

Popup-variant experiments with deterministic visitor bucketing (SHA-256 over visitor_id + experiment_id, no cookies needed). Two-proportion z-test winner declaration when sample size + p-value threshold reached. Variants test design AND form layout.

What's included
  • Form-layout A/B (variants can override form_id)
  • Atomic SQL increments for impression + conversion counters
  • Variant counter preservation on PATCH (name fallback)
  • Wilson 95% CI implied by the z-test infrastructure
  • Embed renders selected variant via deterministic bucketing

Capability 09

Behaviour-based segments

Named visitor cohorts built from event behaviour. Filter by page visited (regex with ReDoS-guard), device, country, event count, conversion, UTM source. Live preview shows matching session count as you build.

What's included
  • Up to 12 conditions per segment with all-of / any-of join
  • Operators: equals, matches, in, not_in, >=, <=
  • Per-call regex compile cache, 5k sessions evaluated in ms
  • Test-preview before saving
Privacy + correctness

Capture intent without inheriting risk. Every public endpoint is audit-fixed, DNT/Sec-GPC respected server-side, not just by the embed.

  • Server-side CORS allowlist + fail-closed on empty config
  • DNS-rebinding guard on every outbound URL (webhooks + screenshot)
  • HMAC-hashed IPs, raw IPs never persisted
  • Per-source SSRF + robots.txt + bytes cap on URL crawling

Ready for a stack
built around you?

Every ThorStack deployment starts with a 30-minute call. Tell us how you operate, and we'll show you what your stack would look like.

Book a demoChat with us