Skip to content
European Data Processing

Privacy Policy

Effective Date: April 26, 2025

1. Introduction

Welcome to VeritaMetrics. This Privacy Policy explains how Chelsea AI Ventures Ltd. ("we," "us," or "our") collects, uses, stores, and protects information in relation to our privacy-first analytics service, VeritaMetrics, our website (veritametrics.com), and related services (collectively, the "Services").

Our core philosophy is privacy-first. We aim to provide valuable website analytics while minimizing the collection of personal data, especially concerning visitors to websites that use VeritaMetrics ("End-Users").

This policy covers:

  • Information collected from End-Users via the VeritaMetrics tracking script.
  • Information collected from visitors to our own website ("Site Visitors").
  • Information collected from our registered customers ("Customers").

2. Information from End-Users

When a website you visit uses VeritaMetrics analytics, we collect the following information on behalf of our Customer (the website owner):

  • Page URLs visited:
  • Referrer domains:
  • Browser type and version:
  • Device type (desktop, mobile, tablet):
  • Operating system:
  • Country, region, and city (derived from IP, which is immediately discarded):
  • UTM parameters (for campaign tracking):
  • Pseudonymous daily `visitId`:

Our Pseudonymization Process

To protect End-User privacy while still providing valuable analytics, we employ sophisticated pseudonymization techniques:

  • IP Address Truncation: Before processing, we truncate IP addresses (removing the last octet for IPv4, last 80 bits for IPv6) to reduce identifiability.
  • Ephemeral IP Usage: Even the truncated IP is used only momentarily in memory for geo-location and `visitId` generation, then immediately discarded. No IP address (full or truncated) is ever stored in our database or logs.
  • Daily Identifier Reset: The `visitId` includes the current date and uses a daily rotating salt, ensuring it automatically resets every 24 hours. This prevents tracking users across different days.
  • One-Way Hashing: We use secure, one-way cryptographic hashing (SHA-256) to create the `visitId`, making it impossible to reverse the process to identify individuals.

Crucially, we DO NOT:

  • Use cookies for tracking End-Users.
  • Store End-User IP addresses.
  • Collect any personally identifiable information (PII) directly.
  • Perform cross-site or cross-device tracking.

3. Information from Site Visitors

When you visit our website (veritametrics.com):

  • Analytics: We use our own VeritaMetrics service to collect the same type of aggregated, anonymized data described in Section 2 to understand our website traffic.
  • Functional Cookies: We may use essential cookies required for website functionality, such as session management if you log in. These are not used for tracking purposes across sites.
  • Contact Forms/Support: If you contact us via forms or email, we collect the information you provide (e.g., name, email, message content) to respond to your inquiry.

4. Information from Customers

To provide our Services, we collect the following from our registered Customers:

  • Account Information: Name, email address, company name (optional). Used for login, communication, and service administration.
  • Website Information: Domain(s) of the website(s) where you install the VeritaMetrics tracking script.
  • Billing Information: We use a third-party payment processor. We do not store full credit card details.
  • Usage Data: Information about how you use the VeritaMetrics dashboard to improve our service.
  • Configuration Preferences: Including privacy settings, data retention periods, and legal basis choices.

6. How We Use Information

  • To Provide & Improve Services: Operate the analytics platform, generate reports for Customers, administer accounts, improve features.
  • To Communicate: Respond to inquiries, send service updates, billing information, and (with consent) marketing materials.
  • For Billing & Account Management: Process payments and manage customer accounts.
  • For Security & Compliance: Protect against fraud, abuse, and ensure adherence to legal obligations.

7. Data Sharing and Third Parties

We do not sell personal data. We may share information with trusted third-party service providers necessary to operate our Services, under strict confidentiality agreements:

  • Infrastructure Providers: Cloud hosting and database providers located in the EU for core analytics processing.
  • Payment Processors: For handling customer payments.
  • Geo-IP Lookup Service: To derive location from momentarily used IPs.

We only share the minimum information necessary for them to perform their function. We may also disclose information if required by law or to protect our rights.

8. Data Retention

  • End-User Analytics Data: Customers can configure custom data retention periods. After this period, data is automatically deleted.
  • Customer Account Data: Retained as long as the account is active and for a reasonable period afterward for legal and operational requirements.
  • Site Visitor Data (Forms): Retained as long as necessary to address the inquiry.

9. Privacy Dashboard

VeritaMetrics provides a public-facing Privacy Dashboard for each website using our analytics service. This feature enhances transparency by allowing End-Users to see:

  • What data is being collected
  • How long data is retained
  • The privacy practices specific to that website
  • Options for controlling data collection

10. User Controls and Opt-Out

We respect End-User choices about tracking and data collection:

  • Do Not Track (DNT) Signals: VeritaMetrics can be configured to respect browser DNT signals.
  • Opt-Out Mechanisms: Customers can implement easy opt-out controls for End-Users.
  • Consent Management: When using the opt-in approach, End-Users have granular consent options.
  • Automatic Daily Reset: By design, the daily `visitId` reset ensures End-Users cannot be tracked beyond a 24-hour period.

11. Data Security

We implement appropriate technical and organizational measures to protect information against unauthorized access, loss, or alteration. These include:

  • Encryption of data in transit (HTTPS) and at rest
  • Role-based access controls for dashboard users
  • Regular security audits and vulnerability testing
  • Secure infrastructure with industry best practices

12. Your Rights (GDPR/CCPA)

Depending on your location, you may have rights regarding your personal data (Access, Rectification, Erasure, etc.).

End-Users: As we do not store identifiable personal data about End-Users, requests should be directed to the respective website owner (our Customer).

Customers & Site Visitors: To exercise your rights, please contact us at privacy@veritametrics.com.

13. International Data Transfers

Analytics data collected from End-Users via our hosted VeritaMetrics service is processed and stored within the European Union (EU). If you are a Customer outside the EU, your account information may be processed by us or our third-party providers in the EU. We rely on appropriate safeguards like Standard Contractual Clauses (SCCs) where necessary.

14. Self-Hosting

If a Customer uses the VeritaMetrics self-hosting option, the Customer is solely responsible for the collection, processing, storage, security, and compliance of all data within their own environment.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify Customers of significant changes via email or within the Service. The "Effective Date" at the top indicates the latest revision.

16. Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us at:

privacy@veritametrics.com

Data Protection Officer
Chelsea AI Ventures Ltd.