Privacy Policy

Last updated: March 19, 2026

What We Collect

YaliTrack collects analytics data on behalf of our customers (website owners). This includes:

  • Page views (URL, referrer, page title)
  • Click events (element selector, coordinates, text content)
  • Scroll depth (percentage thresholds)
  • Device information (browser, OS, screen size — parsed from User-Agent)
  • Geographic location (country, city — derived from IP address, then IP is hashed)
  • Session and anonymous identifiers (generated UUIDs, not personal data)

What We Do NOT Collect

  • We do not set cookies
  • We do not store raw IP addresses (they are hashed with a daily-rotating salt before storage)
  • We do not track users across websites
  • We do not sell or share data with third parties
  • We do not use data for advertising
  • We do not fingerprint browsers

Data Storage

All data is stored on servers located in the European Union (Hetzner, Finland). Data is encrypted in transit (TLS 1.2+) and at rest.

Data Retention

Event data is retained based on the customer's plan: 7 days (Free), 90 days (Starter), 1 year (Pro), 2 years (Business). Data is automatically deleted after the retention period via ClickHouse TTL policies.

GDPR Compliance

YaliTrack is designed to be GDPR compliant. We act as a Data Processor on behalf of our customers (Data Controllers). We provide:

  • Data Processing Agreement (DPA) available on request
  • Right to access: customers can export all their data via API
  • Right to erasure: customers can delete all data for a specific user
  • Data portability: all data exportable in JSON format

Cookie-Free Analytics

YaliTrack does not use cookies. Session identification uses browser sessionStorage (which is not a cookie and is not accessible across origins). Anonymous identification uses localStorage (origin-scoped, not shared across websites). Because no cookies are set, no cookie consent banner is required for YaliTrack analytics under GDPR.

Your Account Data

When you create a YaliTrack account, we store your email address and authentication credentials (managed by Supabase). We use this solely for account access and transactional emails (password reset, billing). We do not send marketing emails without your consent.

Contact

For privacy questions, data deletion requests, or to request a DPA:

privacy@yalitrack.com