Privacy policy

Last updated: 30 January 2026

Introduction

Our web analytics service is built from the ground up as a privacy-first, cookie-free solution. By default, we collect only anonymized metrics about page views and basic click events on your site. No personal data or identifiers are tracked by default, and we do not use cookies or persistent storage. IP addresses and User-Agent strings are used only momentarily (to infer approximate location or a unique-session hash) and are immediately discarded. This means we cannot identify or profile individual visitors over time.

In practice, we process data like (but not limited to) page URLs, referrers, browser/OS, device type and geographic region. Our smart signals and dashboards provide you with actionable insights while respecting visitor privacy. We fully comply with GDPR, CCPA, and related laws by design – your visitors’ privacy is protected, and the data we process belongs to you, not us.

Controller vs. Processor

We are the Data Controller for any account and billing information you provide directly to us (e.g. your email, name, payment details) and the Data Processor for the analytics data collected on your behalf about your site’s visitors. In the latter case, you (the site owner) are the Data Controller for the visitor data, and we handle it only under your instructions and our agreement.

Data We Collect

Analytics Data (Default – Anonymized)

Our tracking script (placed in the <head> of your pages) collects only minimal, non-identifying data for each pageview. Specifically, we record: Page URL, Referrer URL, Browser & OS, Device Type, Location (approximate city/region/country, inferred from IP – we do not store the IP address), Timestamp, and Click Events (anonymous logs of page interactions).

All of this data is immediately anonymized and aggregated. We do not collect names, emails, login status, or any other personal identifiers by default. Nor do we use cookies, local storage, or browser fingerprinting. Each pageview is treated independently.


Customer-Provided User Properties (Optional)

Our script allows website owners to optionally pass additional user properties to enhance their analytics. We do not collect this data automatically – it is only processed if you (the website owner) explicitly choose to send it to us.

These optional properties may include any data you choose to share, potentially including personal information such as user IDs, email addresses, names, or other identifiers. When you choose to pass such data:

• We process this data solely to provide analytics services to you

• You (as Data Controller) are responsible for having a lawful basis to collect and share this data

• You are responsible for providing appropriate privacy notices to your users

• We do not use this data for any purpose other than providing your analytics service

• This data is retained according to the same policies as other analytics data


In-App Support

We provide a support widget within the Poterna dashboard for logged-in customers. When you use this widget to contact our support team, we transfer your account email address to our support platform provider to identify you and manage your support request. This data is used solely to respond to and manage support requests, processed by our subprocessor under appropriate data protection agreements, retained only as long as necessary, and not used for marketing or analytics purposes..


Customer Account Data

If you register for an account, we collect only the information necessary to provide our service. This typically includes your name (optional), email address, organization, and any additional contact info you provide. For paid plans, billing and payment details (handled through a secure third-party processor) are also processed to complete transactions. We do not store full credit card numbers on our servers – payments are handled by the PCI-compliant payment provider, and we retain only the data required for invoices (e.g. company name, address) as allowed by law. All account and payment data is used strictly for account management: creating your login, authenticating access, processing payments, and sending you essential communications (invoices, service notices). We never use your personal account data for marketing without your consent. You are free to delete your account at any time; upon account deletion we remove all of your account data and any associated analytics data from our systems. (We may keep anonymized or aggregated logs for troubleshooting or legal compliance, but nothing identifiable.)

If you contact us through a form on our website (e.g., to ask a question or request information), we collect the personal details you choose to provide — your name, phone number and email address. We use this information solely to respond to your inquiry and maintain a record of our correspondence.

How We Use the Data

We process your analytics data solely to produce aggregate traffic reports, smart signals, and dashboards for you. This includes calculating metrics (page views, top pages, etc.) and powering the visualizations you see. We do not provide session replay or user-recording features. By default, all charts and reports show only anonymized, aggregate data. We do not share or sell your analytics data, and we do not use it for any other purpose.

If you choose to pass identifying user properties, these will be available in your analytics for the purposes you define. We still do not share or sell this data.

Cookies and Tracking Technologies

We do not use cookies, local storage, or any form of persistent device identifiers for analytics. Our script does not rely on any browser storage – every pageview is treated as a new event. Because of this cookie-free design, your site will not require a cookie consent banner for our analytics. (Our own website may use essential cookies for login purposes, but those are strictly for account access and are separate from customer data.)

Data Sharing and Third-Party Services

We do not sell, rent, or share your personal or visitor data with advertisers or other third parties. Your data is used only to provide our analytics service. We do use trusted third-party service providers under strict contractual agreements (Data Processing Agreements). For example:

  • We host our service (including the storage of your analytics data) on a secure cloud platform (DigitalOcean). That provider acts as our processor and only stores data on our behalf. We ensure any such provider is GDPR-compliant.

  • For paid plans, we use a reputable payment gateway (Paddle). When you pay, your payment info is sent directly to them. We never see full card numbers. They handle the transaction and may store your payment details with your permission (e.g. for subscription billing).

  • We use an email service to send transactional emails (password resets, account notices). We share only the email content and addresses needed to send the message. These providers do not use your information for any other purpose.

All subprocessors we engage are vetted for strong privacy practices. We remain fully responsible for your data and have agreements ensuring they protect it at the same level we do. If we are legally compelled (by court order or law enforcement) to provide data, we will only disclose the minimum required and, if permitted, notify you.

Data Security and Transfers

We employ industry-standard security measures to protect your data. All data is encrypted in transit (HTTPS) and at rest. Access to production systems is limited to authorized personnel with strong authentication. We routinely update and monitor our systems for vulnerabilities. In the unlikely event of a data breach, we will notify affected customers and authorities as required by law. Our servers are primarily located in the United States. However, we provide equivalent protections for all data (including using Standard Contractual Clauses for EU/UK transfers). In the future, we may offer hosting in other regions (such as the EU) to meet specific compliance needs. Regardless of location, the strict privacy standards described here apply worldwide.

Data Retention

We retain analytics data only for as long as needed to provide the service under your subscription plan. The specific retention period may vary by plan (and is documented in your account). If you cancel your account or request deletion, we will promptly delete all associated analytics data from our systems. Billing and transaction records are kept only as long as required by law (e.g. 5–7 years), after which they are securely destroyed. For European customers, we also honor requests to export or erase data under GDPR. If you, as a visitor, want your data deleted, please contact the website owner; we will delete any related logs upon their instruction.

Your Rights and Choices

Under laws like GDPR and CCPA, you have rights regarding your personal data. If you are our customer, you may request access to, correction of, or deletion of your personal account data. If you are a visitor on a site using our default analytics, we do not have your personal data – only anonymous visit counts. If you are a visitor on a site that has chosen to pass identifying data about you, please contact that website owner with any privacy concerns.

Contact Information

If you have questions about this policy or our data practices, please contact us at: Poterna Ltd
Email: alisher@poterna.com
Address: 124 City Road, London, EC1V 2NX


We take your privacy seriously and are happy to address any concerns.