Legal
Privacy Policy
The short version: we don't use cookies, we don't collect personal data through our tracker, and we never sell your data. Here's the detail.
TL;DR — Airalytics is cookieless and does not track individuals across sites. Our tracking script collects anonymous, aggregated usage metrics only. We are the data processor for the analytics you collect; you remain the data controller.
1. Who we are
Airalytics ("we", "us") provides privacy-first, cookieless web analytics. For questions about this policy or your data, contact support@airalytics.net or madalyn.koch@airalytics.net.
2. Data we collect from visitors of sites using Airalytics
When you add the Airalytics script to your website, we collect a minimal set of anonymous metrics on your behalf. We do not use cookies, localStorage, or device fingerprinting, and we do not collect personally identifiable information. Collected data may include:
- Page URL, referrer, and page title
- Approximate country and region (derived from IP, which is never stored)
- Browser, operating system, and device type
- Screen size and preferred language
- Custom events and goals you choose to define
Visitor sessions are counted using a rotating, one-way hash of IP + user agent + a daily salt. The salt is discarded daily, which makes visitors un-identifiable across days and un-linkable across websites. Raw IP addresses are never written to disk.
3. Data we collect from account holders
If you create an Airalytics account, we store the email address and a securely hashed password you provide, plus basic account and website settings. We use this only to operate your account and to send transactional email (for example, password resets).
4. How we use data
- To provide analytics dashboards to the account that owns each website.
- To operate, secure, and improve the service.
- To send essential transactional emails via our email provider (Mailgun).
We do not use your data for advertising, and we never sell or rent it to third parties.
5. Legal bases (GDPR)
Because our tracker collects no personal data and no cookies, most deployments do not require a consent banner under GDPR/ePrivacy. Where we process account data, our legal basis is performance of a contract and our legitimate interest in operating the service.
6. Sub-processors
- Scalingo — application hosting and database (EU region).
- Mailgun — transactional email delivery.
7. Data retention
Aggregated analytics are retained for as long as your account is active. You can reset or delete a website's statistics at any time from its settings. Deleting your account removes your account data and associated website statistics.
8. Your rights
Depending on your jurisdiction (GDPR, CCPA, PECR), you may have rights to access, correct, export, or delete your data. Account holders can export or delete data from the dashboard, or email support@airalytics.net and we will respond within 30 days.
9. Security
Passwords are hashed with bcrypt, traffic is encrypted in transit with TLS, and reset tokens are signed, time-limited, and single-use.
10. Changes to this policy
We'll update the "last updated" date above when this policy changes and, for material changes, notify account holders by email.
Questions? Email support@airalytics.net. See also our Terms of Service.