Data Collected

Exactly what data Zero Trust Analytics collects (and doesn't)

What We Collect

Page View Data

Data PointExamplePurpose
Page path/blog/my-articleKnow which pages are popular
Referrer domaingoogle.comUnderstand traffic sources
UTM parameterssource=twitterTrack marketing campaigns
Timestamp2024-12-10T14:30:00ZTime-based analysis

Session Data

Data PointExamplePurpose
Session IDsess_abc123Group pageviews into sessions
Duration185 secondsMeasure engagement
Bouncetrue/falseIdentify single-page visits
Pages per session3.2Measure depth of engagement

Device Data

Data PointExamplePurpose
Device typemobileMobile vs desktop breakdown
BrowserChrome 120Browser compatibility insights
Operating systemmacOS 14OS distribution
Screen size1920x1080Responsive design decisions

Geographic Data

Data PointExamplePurpose
CountryUSGeographic distribution
RegionCaliforniaRegional insights

Custom Events

Data PointExamplePurpose
Event namesignup_clickTrack specific actions
CategoryconversionGroup related events
Labelhero_buttonIdentify specific elements
Value29Numeric data (e.g., price)

What We DON’T Collect

Personal Identifiers

  • IP addresses - Hashed immediately, never stored
  • Email addresses - Never collected
  • Names - Never collected
  • Phone numbers - Never collected
  • Any PII - Never collected

Tracking Mechanisms

  • Cookies - We don’t use any
  • Local storage - We don’t persist anything
  • Fingerprints - No canvas, WebGL, font, or audio fingerprinting
  • Device IDs - Not collected

Sensitive Data

  • Form inputs - We don’t capture what users type
  • Passwords - Obviously never
  • Credit card numbers - Never
  • Health information - Never
  • Financial data - Never

Cross-Site Data

  • Third-party data - We don’t buy or use external data
  • Cross-site tracking - We only see your site
  • Advertising IDs - Not collected
  • Social profiles - Not linked

Data Storage

All data is stored in our secure infrastructure:

  • Location: US-based servers
  • Encryption: AES-256 at rest, TLS in transit
  • Retention: Configurable, default 2 years
  • Access: Only you can access your site’s data

Data Flow

Visitor Browser
     │
     ▼
 [Page Load]
     │
     ▼
analytics.js (3KB)
     │
     ├── Collects: path, referrer, device info
     │   Does NOT collect: IP, cookies, fingerprint
     │
     ▼
POST /api/track
     │
     ├── Server receives request
     ├── IP hashed with daily salt
     ├── Raw IP discarded
     │
     ▼
Anonymous record stored
     │
     ▼
Dashboard shows aggregated data

Verify It Yourself

Open your browser’s Developer Tools and watch the network requests. You’ll see:

  1. Our script loads (analytics.js - ~3KB)
  2. It sends a POST to /api/track
  3. The payload contains only: site ID, page path, referrer, device info
  4. No cookies are set (check Application > Cookies)

We have nothing to hide because we collect nothing worth hiding.

GDPR & CCPA Compliance Privacy Model