Privacy Policy

1. Introduction

Web-Tracking.eu ("we", "us", "our") is a web analytics service operated from Denmark. This Privacy Policy explains how we collect, use, and protect information when you use our website and analytics service. We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR).

Our service is designed from the ground up to be privacy-friendly. We do not use cookies for analytics tracking, we do not store IP addresses, and we do not engage in cross-site tracking of any kind.

2. Data Controller

The data controller for this service is:

3. Data We Collect

3.1 Analytics Data (collected on behalf of our customers)

When a visitor browses a website that uses our analytics script, we collect the following data points. This data is collected on behalf of our customers (the website operators) who act as data controllers for their visitors.

• Page URL and referrer URL
• Browser type and version (derived from User-Agent)
• Operating system
• Device type (desktop, mobile, tablet)
• Screen resolution
• Country of origin (derived at request time, not stored as IP)
• Language preference
• UTM campaign parameters
• Custom events (as configured by the website operator)

3.2 What We Do Not Collect

• IP addresses are never stored or logged
• No cookies are set for analytics purposes
• No personal identifiers or fingerprinting techniques are used
• No cross-site or cross-device tracking is performed

3.3 Account Data

When you create an account to use our service as a customer, we collect:

• Email address
• Name (optional)
• Billing information (processed by our payment provider)
• Website domains registered for tracking

4. How We Use Your Data

We use the collected data for the following purposes:

• Providing aggregated web analytics to our customers
• Operating and maintaining the service
• Processing payments and managing subscriptions
• Communicating service updates and important notices
• Improving the service based on usage patterns

We do not sell, rent, or share personal data with third parties for marketing purposes.

5. Legal Basis for Processing

We process data under the following legal bases as defined by the GDPR:

• Legitimate interest (Article 6(1)(f)): For analytics data collection, as our service is designed to operate without personal data and serves the legitimate interest of website operators understanding their traffic.
• Contract performance (Article 6(1)(b)): For account and billing data necessary to provide the service.
• Legal obligation (Article 6(1)(c)): For data required by tax and accounting regulations.

6. Data Storage and Security

All data is stored on servers located in Germany, operated by Hetzner Online GmbH. Data never leaves the European Union. We implement appropriate technical and organizational measures to protect data, including:

• Encryption in transit (TLS 1.3)
• Encryption at rest for all databases
• Regular security updates and patching
• Access controls with least-privilege principles
• Regular backups with encrypted storage

7. Data Retention

Analytics data is retained for a maximum of 24 months from the date of collection. Customers may configure shorter retention periods in their dashboard settings. When a customer deletes their account, all associated analytics data is permanently deleted within 30 days.

Account and billing data is retained for the duration of the customer relationship and for an additional period as required by applicable tax and accounting laws.

8. Your Rights Under GDPR

If you are located in the European Economic Area, you have the following rights:

• Right of access: Request a copy of the data we hold about you.
• Right to rectification: Request correction of inaccurate data.
• Right to erasure: Request deletion of your data.
• Right to restriction: Request limitation of processing.
• Right to data portability: Request your data in a machine-readable format.
• Right to object: Object to processing based on legitimate interest.
• Right to withdraw consent: Where processing is based on consent.

To exercise any of these rights, contact us at privacy@web-tracking.eu. We will respond within 30 days of receiving your request.

9. Cookies

Our analytics service does not use cookies to track website visitors. Our own website (web-tracking.eu) uses only essential cookies required for authentication and session management when you log into your account. No third-party tracking cookies are used.

10. Sub-processors

We use the following sub-processors to operate our service:

11. Payment Processing (LemonSqueezy)

We use LemonSqueezy as our Merchant of Record for payment processing. When you subscribe to a paid plan, LemonSqueezy handles payment processing, VAT collection, invoicing, and refunds. See LemonSqueezy's privacy policy at lemonsqueezy.com/privacy.

12. Authentication (Google OAuth)

If you choose to sign in with Google, Google receives your IP address and email during authentication. We only use Google to verify your identity -- no analytics or tracking data is shared with Google. See Google's privacy policy at policies.google.com/privacy.

13. International Transfers

All infrastructure is located in Germany. However, some of our sub-processors may transfer data outside the European Economic Area (EEA). LemonSqueezy may process payment data outside the EU under their data protection agreements. Google may process authentication data outside the EU under their data protection terms. All sub-processors have adequate data protection mechanisms in place.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated to registered customers via email. The "Last updated" date at the top of this page indicates when the policy was last revised.

15. Supervisory Authority

If you believe we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with a supervisory authority. Our lead supervisory authority is the Danish Data Protection Agency (Datatilsynet).

16. Contact

For any questions regarding this Privacy Policy or our data practices, contact us at: