Privacy Policy

Who This Policy Applies To

This privacy policy covers two groups of people:

• Customers: Individuals or organizations who sign up for and use Databuddy's analytics services for their websites.
• End Users: Visitors to websites that use Databuddy analytics. If you're visiting a website that uses our analytics, this policy explains what data we collect about you and how we protect your privacy.

Our Privacy-First Principles

Databuddy is built on privacy-first principles that guide everything we do:

• No User Identification: We never identify individual users or track them across websites or sessions.
• No Personal Data Collection: We don't collect names, email addresses, or any personally identifiable information from website visitors.
• No Cross-Site Tracking: We don't use cookies, fingerprinting, or other techniques to track users across different websites.
• IP Address Anonymization: We immediately anonymize IP addresses and never store them in their original form.
• Aggregated Data Only: All analytics data is aggregated and anonymized, making it impossible to identify individual users.
• No Data Sales: We never sell or share user data with third parties for advertising or marketing purposes.
• Minimal Data Collection: We only collect what's necessary to provide meaningful analytics insights.

Information We Collect

From Our Customers (Website Owners)

When you sign up for Databuddy, we collect:

• Account information: Email address, name (optional), and password
• Billing information: Payment details, billing address, and contact information for subscriptions
• Website information: Domain names and website URLs you want to track
• Usage data: How you use our dashboard and analytics features
• Communications: Support requests, feedback, and survey responses

From End Users (Website Visitors)

When someone visits a website using Databuddy analytics, we collect minimal, anonymized data:

• Page views: Which pages were visited (URL path only, no query parameters containing personal data)
• Referrer information: Which website or search engine led to the visit (domain only)
• Technical information: Browser type, operating system, device type, and screen resolution
• Geographic location: Country and region only (derived from anonymized IP address)
• Session data: Time spent on site, bounce rate, and navigation patterns (anonymized)
• User preferences: Dark/light mode, language settings (if available)
• Performance metrics: Page load times, Core Web Vitals (FCP, LCP, CLS), and connection performance data
• User interaction data: Scroll depth, interaction counts, and exit intent detection (anonymized)
• Error information: JavaScript errors and technical issues to help website owners improve their sites

No Cookies, No Tracking

Unlike traditional analytics services, Databuddy is designed to respect user privacy:

• No Cookies: We don't use cookies or any cross-site tracking to track users
• No Fingerprinting: We don't create browser fingerprints or use device characteristics to identify users
• No Cross-Site Tracking: We can't and don't track users as they move between different websites
• No User Profiles: We don't build profiles of individual users or their browsing habits

This means end users visiting websites with Databuddy analytics enjoy complete privacy while still allowing website owners to understand their site's performance.

How We Use Information

Customer Data Usage

We use customer information to:

• Provide and maintain our analytics service
• Process payments and manage subscriptions
• Send important service updates and security notifications
• Provide customer support and respond to inquiries
• Improve our service based on usage patterns
• Ensure compliance with legal obligations

End User Data Usage

We use anonymized end user data solely to:

• Generate aggregated analytics reports for website owners
• Provide insights about website performance and user experience
• Help website owners understand their audience demographics (country/region level only)
• Monitor our service performance and detect technical issues
• Help website owners identify and fix technical problems through error tracking
• Provide performance optimization insights through Core Web Vitals and loading metrics

GDPR and Privacy Rights

Legal Basis for Processing

Under GDPR, our legal basis for processing data is:

• Customer Data: Contractual necessity (to provide our service) and legitimate interests (service improvement)
• End User Data: Legitimate interests of website owners to understand their site performance, balanced against user privacy rights

Your Rights (Customers)

As a customer, you have the right to:

• Access: Request copies of your personal data
• Rectification: Correct inaccurate information
• Erasure: Request deletion of your account and data
• Portability: Export your data in a machine-readable format
• Restriction: Limit how we process your data
• Objection: Object to processing based on legitimate interests

End User Rights

As an end user (website visitor), you have the right to:

• Information: Know what data is collected (detailed in this policy)
• Objection: Object to analytics tracking (use browser Do Not Track or ad blockers)
• Erasure: Since we don't identify individuals, we can't delete specific user data, but all data is automatically deleted according to our retention policies

Data Security

We implement comprehensive security measures:

• Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
• Access Controls: Strict employee access controls with multi-factor authentication
• Infrastructure: Hosted on secure, SOC 2 certified cloud infrastructure
• Monitoring: 24/7 security monitoring and automated threat detection
• Data Minimization: We collect and store only what's necessary
• Anonymization: IP addresses are immediately anonymized using cryptographic hashes

Contact Us

If you have any questions about this Privacy Policy, want to exercise your privacy rights, or have concerns about how your data is handled, please contact us: