How to reference a site visit without being creepy.
The line between contextual and creepy in visitor-data outreach, with rewrite pairs you can copy, an honest script for when they ask how you knew, and the legal picture in plain English.
On this page
You can act on a website visit without sounding like you have been watching someone through the window. The whole category tiptoes around this: across one major competitor's 208 pages, the word "creepy" appears zero times, even though "will my prospects be weirded out?" is the first thing every rep asks before they use visitor data. So here is the honest version, both for the buyer wondering why they got an email and the rep trying to write one that doesn't backfire.
The line is simple: reference the topic they cared about, never the surveillance detail. "I saw you on our pricing page Tuesday at 3pm" is creepy because it leads with the fact that you were watching. "You were comparing our plans, want me to walk through which tier fits?" is helpful because it leads with their interest. Same underlying data, opposite reaction.
Why it doesn't have to be creepy
Three facts take most of the discomfort out of this.
They came to your site. This isn't surveillance you ran out in the world, it's a reaction to someone showing up at your front door and looking around. Reacting to interest someone demonstrated on your own property is what every shop, trade-show booth, and storefront has always done.
You're reacting to interest, not manufacturing it. A visit to a pricing page or a comparison page is a buying signal the person sent on purpose. Following up on it is responsive, not intrusive, as long as you respond to the signal and not to the act of watching.
Opt-out exists. Reputable identification honors opt-out and Global Privacy Control, and the data is business identity, not personal browsing history. You're learning that someone from a company is evaluating you, the same thing a filled-out form would tell you, minus the form.
The discomfort almost always comes from how the visit gets mentioned, not from the fact that you know. Which is fixable.
The creepy ↔ contextual line: rewrite pairs
The fix is mechanical. Take the surveillance detail out of the sentence and put the topic in. Four pairs you can copy:
| ❌ Creepy (leads with surveillance) | ✅ Contextual (leads with the topic) |
|---|---|
| "I saw you were on our pricing page Tuesday at 3pm." | "Figured you might be weighing which plan makes sense, happy to help you pick." |
| "Noticed you spent 4 minutes on our integrations docs." | "If you're checking whether we connect to your CRM, short answer is yes, here's how." |
| "You looked at our comparison vs [competitor] twice this week." | "Most people choosing between us and the alternatives get stuck on one thing, want me to save you the research?" |
| "Our system flagged you visiting from [Company]." | "Reaching out because it looks like [Company] might have a fit here, is that on your radar?" |
The pattern across all four: delete the timestamp, the page name, the visit count, the "I saw / our system flagged." Keep the subject they were clearly researching. The visit told you what to talk about. It should never become the thing you talk about.
Turn anonymous traffic into named leads.
One pixel. <10s alerts. CSV export. Card required at signup, no free trial.
What if they ask how I knew?
Sometimes a sharp prospect asks directly. Don't dodge, dodging is what actually breaks trust. Say it plainly:
"We use a tool that flags when someone from a company like yours is researching us, so I can reach out directly instead of making you fill out a form and wait."
That framing does the work: you're reacting to their interest, you saved them a step, and there's nothing hidden. Most buyers are completely fine with it once it's framed as responsiveness rather than spying. The honesty is the part that builds trust, not the part that costs you.
Is this legal?
On US traffic, yes. Identifying business visitors and sending B2B outreach is lawful under US rules, as long as you honor opt-out requests and keep the email itself compliant (real sender, working unsubscribe). Person-level identification runs on US visitors only, partly for this reason, it doesn't operate on EU traffic where consent rules differ. That's the plain answer, not an attorney's hedge: the US B2B case is settled and routine. (General information, not legal advice.)
Where session replay fits
This is the part that turns "knowing they visited" into "knowing what they cared about," which is the whole ethical difference. A session replay of the visit shows you the topic they spent time on, the question they were clearly trying to answer, the thing that made them hesitate. You reference that, the substance, not the surveillance. Replay is what lets you open with their problem instead of their click log, which is exactly the line between contextual and creepy.
If you want the upstream picture, who's actually visiting and how identification works covers person-level vs company-level, and the worth-it objections on our pricing page work through whether outreach like this pays off for your traffic. For the cold-outreach mechanics around it, see our take on outreach that starts from intent.
Frequently asked questions
Is it creepy to mention that someone visited your website?
It is creepy when you reference the surveillance detail, the exact page, the timestamp, the fact that you watched. It is not creepy when you reference the topic they cared about. "Saw you were on our pricing page at 3pm Tuesday" feels like being followed. "You were comparing plans, happy to walk through which tier fits" is a helpful reply to an interest they showed on your own site. Same data, opposite reaction. The rule: lead with the subject, never the surveillance.
Why am I getting emails after visiting a website?
A B2B site you visited is likely running visitor identification: software that matches anonymous traffic to a named person or company so the company can follow up. You came to their site, showed interest in something, and a salesperson is reacting to that interest. It is legal on US traffic, and reputable tools honor opt-out and Global Privacy Control. If the outreach references the topic you were researching it is normal sales follow-up; if it recites your exact clicks and times, that is a rep using the data badly, not the technology being sinister.
What do I say if a prospect asks how I knew they visited?
Tell the truth, plainly. "We use a tool that flags when someone from a company like yours is researching us, so I can reach out instead of leaving you to fill out a form." Do not dodge or pretend it was a coincidence, that is what actually erodes trust. Most buyers are fine with it once it is framed as you reacting to their interest rather than spying on them. The honesty is the trust-builder.
Is it legal to identify website visitors and email them?
On US traffic, yes. Identifying business visitors and sending B2B outreach is lawful under US rules, provided you honor opt-out requests and the CAN-SPAM requirements on the email itself (real sender, working unsubscribe). Person-level identification is US-only for this reason; it does not run on EU visitors, where consent rules differ. This is general information, not legal advice, but the plain answer is that the US B2B case is settled and routine.
What is the right first line when you know someone visited?
Open with the problem or topic they were clearly researching, not the visit itself. If they read your pricing page, the first line is about helping them choose a plan. If they read a comparison, it is about the decision they are weighing. The visit tells you what to talk about; it should never be the thing you talk about. The visitor never needs to hear the words "I saw you on our site" for the outreach to land.