Privacy Policy

When a website you visit uses VeritaMetrics analytics, we collect the following information on behalf of our Customer (the website owner):

• Page Context: The specific URL visited and the Page Title.
• Traffic Source (Referrer): The URL of the page the user was on immediately before clicking a link to your site. We use this for attribution, but we do not have access to history prior to that link.
• Device Context: Browser type, Operating System, and Device type (e.g., Mobile vs Desktop).
• Approximate Location: Country, Region, and City derived from the IP address (which is then immediately discarded).
• Ephemeral Visit ID: A temporary, salted hash that automatically expires every 24 hours. This isolates the visit in time and prevents long-term profiling.

Our Pseudonymization Process

To protect End-User privacy while still providing valuable analytics, we employ sophisticated pseudonymization techniques:

• IP Address Truncation: Before processing, we truncate IP addresses (removing the last octet for IPv4, last 80 bits for IPv6) to reduce identifiability.
• Ephemeral IP Usage: Even the truncated IP is used only momentarily in memory for geo-location and `visitId` generation, then immediately discarded. No IP address (full or truncated) is ever stored in our database or logs.
• Daily Identifier Reset: The `visitId` includes the current date and uses a daily rotating salt, ensuring it automatically resets every 24 hours. This prevents tracking users across different days.
• One-Way Hashing: We use secure, one-way cryptographic hashing (SHA-256) to create the `visitId`, making it impossible to reverse the process to identify individuals.

Crucially, our architecture enforces privacy:

• Zero-Cookie Transmission: Our tracking script is sandboxed (`credentials: omit`). It is technically incapable of reading, transmitting, or storing cookies on the End-User's device.
• Ephemeral RAM Only: IP addresses are processed in memory for geolocation and hashing, then immediately discarded. They are never written to a database or log file.
• No Cross-Site Tracking: Because we do not use persistent IDs, we cannot track users across different websites or devices.

To provide our Services, we collect the following from our registered Customers:

• Account Information: Name, email address, company name (optional). Used for login, communication, and service administration.
• Website Information: Domain(s) of the website(s) where you install the VeritaMetrics tracking script.
• Billing Information: We use a third-party payment processor. We do not store full credit card details.
• Usage Data: Information about how you use the VeritaMetrics dashboard to improve our service.
• Configuration Preferences: Including privacy settings, data retention periods, and legal basis choices.

• To Provide & Improve Services: Operate the analytics platform, generate reports for Customers, administer accounts, improve features.
• To Communicate: Respond to inquiries, send service updates, billing information, and (with consent) marketing materials.
• For Billing & Account Management: Process payments and manage customer accounts.
• For Security & Compliance: Protect against fraud, abuse, and ensure adherence to legal obligations.

• End-User Analytics Data: Customers can configure custom data retention periods. After this period, data is automatically deleted.
• Customer Account Data: Retained as long as the account is active and for a reasonable period afterward for legal and operational requirements.
• Site Visitor Data (Forms): Retained as long as necessary to address the inquiry.

We respect End-User choices through architectural constraints:

• The 24-Hour Firewall: By design, our daily salt rotation ensures that tracking strictly expires every 24 hours. An End-User cannot be tracked across days, regardless of settings.
• Do Not Track (DNT): We respect the browser's Global Privacy Control and DNT signals.
• Opt-Out Support: Customers can implement a simple opt-out mechanism that suppresses the tracking script entirely for specific users.

Depending on your location, you may have rights regarding your personal data (Access, Rectification, Erasure, etc.).

End-Users: As we do not store identifiable personal data about End-Users, requests should be directed to the respective website owner (our Customer).

Customers & Site Visitors: To exercise your rights, please contact us at privacy@veritametrics.com.

If a Customer uses the VeritaMetrics self-hosting option, the Customer is solely responsible for the collection, processing, storage, security, and compliance of all data within their own environment.