Legal

Privacy Policy

The short version: we don't use cookies, we don't collect personal data through our tracker, and we never sell your data. Here's the detail.

Last updated: 26 June 2026

TL;DR — Airalytics is cookieless and does not track individuals across sites. Our tracking script collects anonymous, aggregated usage metrics only. We are the data processor for the analytics you collect; you remain the data controller.

1. Who we are

Airalytics ("we", "us") provides privacy-first, cookieless web analytics. For questions about this policy or your data, contact support@airalytics.net or madalyn.koch@airalytics.net.

2. Data we collect from visitors of sites using Airalytics

When you add the Airalytics script to your website, we collect a minimal set of anonymous metrics on your behalf. We do not use cookies, localStorage, or device fingerprinting, and we do not collect personally identifiable information. Collected data may include:

Visitor sessions are counted using a rotating, one-way hash of IP + user agent + a daily salt. The salt is discarded daily, which makes visitors un-identifiable across days and un-linkable across websites. Raw IP addresses are never written to disk.

3. Data we collect from account holders

If you create an Airalytics account, we store the email address and a securely hashed password you provide, plus basic account and website settings. We use this only to operate your account and to send transactional email (for example, password resets).

4. How we use data

We do not use your data for advertising, and we never sell or rent it to third parties.

5. Legal bases (GDPR)

Because our tracker collects no personal data and no cookies, most deployments do not require a consent banner under GDPR/ePrivacy. Where we process account data, our legal basis is performance of a contract and our legitimate interest in operating the service.

6. Sub-processors

7. Data retention

Aggregated analytics are retained for as long as your account is active. You can reset or delete a website's statistics at any time from its settings. Deleting your account removes your account data and associated website statistics.

8. Your rights

Depending on your jurisdiction (GDPR, CCPA, PECR), you may have rights to access, correct, export, or delete your data. Account holders can export or delete data from the dashboard, or email support@airalytics.net and we will respond within 30 days.

9. Security

Passwords are hashed with bcrypt, traffic is encrypted in transit with TLS, and reset tokens are signed, time-limited, and single-use.

10. Changes to this policy

We'll update the "last updated" date above when this policy changes and, for material changes, notify account holders by email.


Questions? Email support@airalytics.net. See also our Terms of Service.