Security & Privacy
How Databuddy protects your data and respects user privacy
Security & Privacy
Databuddy is built with privacy-first principles and enterprise-grade security. This guide covers what we do to protect your data and how to configure privacy settings for your users.
🔒 Privacy-First Design
What We Don't Collect
- No Personal Information - Names, emails, phone numbers, addresses
- No Cookies for Tracking - Only local storage for anonymous IDs
- No Cross-Site Tracking - Each site is isolated
- No Fingerprinting - Respects browser privacy settings
- No Raw IP Addresses - Only used for location (country/region) then discarded
What We Do Collect
- Anonymous Usage Data - Page views, clicks, performance metrics
- Session Information - Anonymous session IDs with 30-minute timeouts
- Technical Data - Browser type, screen size, performance metrics
- Location Data - Country and region only (from IP, then IP discarded)
🛡️ Data Protection
Anonymous by Default
// All users get anonymous IDs - no personal data
{
anonymousId: "anon_abc123...", // Random UUID
sessionId: "sess_xyz789...", // Session identifier
event: "page_view", // What happened
path: "/dashboard", // Where it happened
// No names, emails, or personal data
}Local Data Storage
- Anonymous ID - Stored in localStorage, never sent to servers
- Session Data - Temporary sessionStorage, clears on browser close
- No Cookies - We don't use tracking cookies
- User Control - Easy to clear all data
🌍 Privacy Compliance
GDPR Compliance by Design
Lawful Basis: Legitimate interest for website analytics
Databuddy is compliant by default - no consent banners or cookie notices required because:
- No Personal Data Collected - Only anonymous usage statistics
- No Cookies Used - Uses localStorage for anonymous IDs only
- No User Identification - Cannot identify individual users
- Automatic Data Anonymization - All data is anonymous from collection
No Consent Required
import { Databuddy } from '@databuddy/sdk';
function App() {
return (
<>
{/* No consent needed - privacy-first by design */}
<Databuddy
clientId="your-client-id"
trackScreenViews={true}
trackPerformance={true}
trackSessions={true}
/>
{/* No cookie banner needed! */}
</>
);
}Why No Consent Needed:
- Anonymous data only
- No cross-site tracking
- No personal information
- No behavioral profiling
- Legitimate interest applies
⚙️ Privacy Controls
Minimal Tracking Setup
// Essential analytics only
<Databuddy
clientId="your-client-id"
// Basic page tracking
trackScreenViews={true}
// Disable everything else
trackPerformance={false}
trackWebVitals={false}
trackSessions={false}
trackOutgoingLinks={false}
trackScrollDepth={false}
trackEngagement={false}
trackErrors={false}
/>Development vs Production
const isProd = process.env.NODE_ENV === 'production';
<Databuddy
clientId="your-client-id"
disabled={!isProd} // No tracking in development
// Production-only features
trackPerformance={isProd}
trackWebVitals={isProd}
/>🔐 Security Features
Domain Protection
- Domain Verification Required - Only verified domains can send data
- Origin Validation - Requests validated against registered domains
- HTTPS Required - All communications encrypted in transit
Data Validation
- Input Sanitization - All user data cleaned and validated
- Size Limits - Prevents large payloads and spam
- Rate Limiting - Protects against abuse
Infrastructure Security
- Enterprise-Grade Hosting - SOC 2 compliant infrastructure
- DDoS Protection - Automatic attack mitigation
- Regular Security Audits - Professional penetration testing
- Encrypted Storage - All data encrypted at rest
🛠️ User Privacy Controls (Optional)
Anonymous Data Only
Since Databuddy only collects anonymous data, users don't need to request data deletion - there's no personal data to delete! However, you can still provide opt-out controls if desired.
Optional Opt-Out Implementation
function PrivacyControls() {
const [trackingEnabled, setTrackingEnabled] = useState(true);
const handleOptOut = () => {
// Clear local anonymous ID
localStorage.removeItem('databuddy_anon_id');
// Disable tracking
setTrackingEnabled(false);
// Store preference
localStorage.setItem('databuddy_opt_out', 'true');
};
return (
<div>
<p>Analytics helps us improve our website. No personal data is collected.</p>
<label>
<input
type="checkbox"
checked={trackingEnabled}
onChange={(e) => setTrackingEnabled(e.target.checked)}
/>
Enable anonymous analytics
</label>
<button onClick={handleOptOut}>
Disable analytics
</button>
</div>
);
}Why Data Deletion Isn't Needed
- No Personal Data - Nothing to identify individual users
- Anonymous by Design - All data is aggregated and anonymous
- No User Profiles - Cannot build profiles of individual users
- Automatic Expiry - Data expires automatically over time
🌐 Global Privacy Settings
Respect Browser Preferences
// Check Do Not Track setting
const respectDNT = navigator.doNotTrack === '1';
<Databuddy
clientId="your-client-id"
disabled={respectDNT} // Respect browser privacy setting
/>📋 Privacy Best Practices
1. Be Transparent
// Clear privacy notice
function PrivacyNotice() {
return (
<div className="privacy-notice">
<h3>We respect your privacy</h3>
<p>
We collect anonymous usage data to improve our website.
No personal information is collected. You can opt out anytime.
</p>
<a href="/privacy-policy">Read our privacy policy</a>
</div>
);
}2. Provide Controls (Optional)
// Optional privacy dashboard (not required since data is anonymous)
function PrivacyDashboard() {
return (
<div>
<h2>Analytics Preferences</h2>
<div>
<h3>Anonymous Data Collection</h3>
<p>Help us improve our website with anonymous usage statistics.</p>
<Toggle label="Page views" />
<Toggle label="Performance metrics" />
<Toggle label="Error tracking" />
</div>
<div>
<h3>Your Privacy</h3>
<p>✅ No personal data is collected</p>
<p>✅ No cookies are used for tracking</p>
<p>✅ Cannot identify individual users</p>
<button onClick={clearLocalData}>Clear local preferences</button>
</div>
</div>
);
}3. Honor Preferences
// Respect user choices
const privacySettings = getUserPrivacySettings();
<Databuddy
clientId="your-client-id"
trackScreenViews={privacySettings.allowPageViews}
trackPerformance={privacySettings.allowPerformance}
trackErrors={privacySettings.allowErrors}
/>⚖️ Legal Compliance
Recommended Disclosures
Privacy Policy Should Include:
- Anonymous analytics are collected via Databuddy
- No personal information or cookies are used
- Data is used only for website improvement
- Optional: How users can opt-out
Cookie Notice:
- Not required for Databuddy (no cookies used)
- Only needed if you use other tracking tools
Sample Privacy Policy Text
Analytics: We use Databuddy to collect anonymous website usage statistics
to help us improve our site. No personal information, cookies, or tracking
is used. All data is completely anonymous and cannot identify individual
visitors. Data is processed securely by Databuddy and used only for
understanding website performance and usage patterns.Minimal Privacy Notice
We collect anonymous usage statistics to improve our website.
No personal data or cookies are used.🛡️ Implementation Security
Content Security Policy
<!-- Add Databuddy to your CSP -->
<meta http-equiv="Content-Security-Policy"
content="script-src 'self' https://app.databuddy.cc;
connect-src 'self' https://basket.databuddy.cc;">Secure Configuration
// Environment-specific settings
const config = {
development: {
clientId: process.env.NEXT_PUBLIC_DATABUDDY_DEV_ID,
disabled: true, // No tracking in development
},
production: {
clientId: process.env.NEXT_PUBLIC_DATABUDDY_PROD_ID,
disabled: false,
}
}[process.env.NODE_ENV];
<Databuddy {...config} />🆘 Support & Questions
Privacy Questions
If you have questions about privacy or data handling:
Data Requests
No data requests needed - Databuddy doesn't collect personal data that can identify users. If you have questions about our data handling:
What's Next?
- SDK Reference - Configure tracking options
- Getting Started - Set up Databuddy on your site
- Dashboard Guide - Analyze your anonymous data