Data Processing Agreement

What We Do with Your Data

We process visitor data from your websites to provide you with analytics insights. When someone visits your site, our script collects basic information and we turn that into the reports and metrics you see in your dashboard.

This agreement stays active as long as you're using our service. When you decide to leave, we'll delete all your data unless you specifically ask us to return it to you first.

Why We Process Your Data

We process visitor data for one reason only. To give you useful analytics about your website. That means turning raw visitor interactions into charts, reports, and insights you can actually use.

We don't use your data for our own business purposes, we don't sell it to advertisers, and we don't share it with anyone unless legally required to do so. Your data is yours.

What Data We Handle

We process IP addresses (which we immediately discard after getting location info), anonymous visitor signatures, general location data like city and country, and basic browser information. All data is anonymous by default - we never identify individual visitors.

The people whose data we process are your website visitors. Since we don't collect personal information or identify users, all data processing involves anonymous visitor data only.

Our Commitments to You

We only process your visitor data according to your instructions and the service settings you choose. We won't use your data for anything else without getting your explicit permission first.

Everyone on our team who has access to data is trained on privacy requirements and bound by strict confidentiality agreements. We take data protection seriously at every level.

We maintain strong security measures to protect your data from unauthorized access, changes, or disclosure. This includes encryption, access controls, and regular security assessments.

Your Responsibilities

As the data controller, you need to make sure you have a legal basis for collecting visitor data through our service. This might mean getting consent from visitors when required, or relying on legitimate interest for basic analytics.

You should provide clear privacy notices to your website visitors that explain how their data is processed. This includes mentioning that we process data on your behalf.

When visitors contact you about their data, you're responsible for handling their requests. We'll help you fulfill these requests when they involve data we process for you.

How We Keep Your Data Secure

We use industry-standard security practices including encrypting data when it's transmitted and when it's stored, strict access controls, regular security reviews, and secure data centers in the EU.

All personal data processing occurs exclusively within EU infrastructure provided by European companies for analytics event processing and storage. Some account, billing, and email delivery data is processed by our service providers and may involve international transfers depending on where those providers operate.

Our Partners

We work with a small number of trusted partners to deliver our service. This includes Hetzner for hosting our databases in Germany, Railway for our API infrastructure, Vercel for our dashboard, and Bunny.net for our CDN. We also use Resend for emails and Stripe for payments.

All our partners are required to follow the same data protection standards we do. If we ever change partners, we'll let you know. For more details, see our Data Policy.

If Something Goes Wrong

If there's ever a data breach that affects personal data we process for you, we'll notify you within 72 hours. We'll give you all the details you need to understand what happened and what we're doing about it.

We'll also help you meet any legal requirements to notify authorities or affected individuals if needed.

When You Leave

When you stop using our service or ask us to delete your data, we'll delete or return all the personal data we've processed for you, unless we're legally required to keep some of it.

We retain data as long as your account or project exists. When you delete your account or project, we delete all associated data, including both anonymous analytics data and any personal information.

We'll confirm the deletion is complete in writing. Some data might stay in our backups for a short time, but it won't be accessible for any processing.

Checking Up on Us

You have the right to audit how well we're following this agreement. We'll cooperate and provide the information you need to verify we're meeting our data protection commitments.

We keep detailed records of how we process data and our security measures, which you can review during audits. Just give us reasonable notice so we can arrange it without disrupting our service.

Who's Responsible for What

Our liability under this agreement follows the same limits as our Terms of Service. If we mess up and it causes problems for you, we'll take responsibility for claims that result from our mistakes.

Similarly, if you don't follow data protection laws or fail to get required consent from your visitors, you'll be responsible for any claims that result from those issues.

Governing Law

This DPA is governed by the laws applicable to our Terms of Service and forms part of our agreement with you. You do not need to sign this DPA separately. By using our service, you automatically agree to this DPA.

Questions?

For questions about this Data Processing Agreement, please contact us: