Privacy
Note: This page is about visitor privacy. If you're looking for our official privacy policy, it is linked at the bottom of this page.
We value the privacy of visitors to web sites monitored by our service. By default, we do not log any personal data, other than a tracking cookie containing a randomly generated Unique ID ("UID"); IP addresses are anonymized, "Do Not Track" headers and global opt out cookies are honored, and custom data tracking is disabled (which can be used to attach extra data to a visitor, potentially including personal info such as name or email).
The General Data Protection Regulation ("GDPR"), a law in the European Economic Area ("EEA"), considers a UID to be "personal data", even though it does not identify who a visitor is or reveal anything else about them. However, per Article 6 of the GDPR, this cookie does not require a visitor's direct consent as it is well within the "legitimate interests" of a web site using the service to know how many unique visitors they have, which is best accomplished with a UID. The ePrivacy Regulation (ePR) is not yet law as of May 2018, but we don't anticipate any further impact beyond the GDPR.
Customers can modify who their privacy settings affect (which can be overridden on a per visitor basis). The options, which can be set on the user preferences page, are:
- All visitors (default)
- European Economic Area visitors
- No visitors
No matter where you live, you cannot log the personal data of EEA visitors unless you have their consent or a legitimate interest to do so. But if you (as our customer) live in EEA, then this visitor privacy applies to all visitors regardless of their location. So to be safe, "All visitors" is the default.
If you do NOT live in EEA, you can choose the "EEA visitors" option. We make all reasonable efforts to determine the approximate location of visitors to comply with EEA law, using Maxmind's "GeoIP2" geolocation software, which is 99.8% accurate at the country level.
What about "No visitors"? One legitimate interest not yet talked about is preventing fraud and abuse, and maintaining information security. Full IP addresses and potentially other data points are a must for these usages, so if they are of legitimate interest to you or your web site, then you should be able to choose this option.
Regardless of the option you choose, you absolutely must state in your site's privacy policy which analytics services you use and what kind of personal data you log to those services. Your visitors have the right to know.
We are not lawyers and this is not legal advice. Consult your attorney.