Privacy Policy
Last updated: December 17, 2025
Introduction
Supalytics ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our web analytics service.
Our core principle: We collect only what's necessary to provide useful analytics, and we never collect personal data from your website visitors.
For Website Owners (Our Customers)
Account Data We Collect
When you create an account, we collect:
- Email address
- Name (from Google sign-in)
- Payment information (processed by Stripe, we don't store card details)
How We Use Your Account Data
- To provide and maintain your analytics dashboard
- To authenticate you and manage your account
- To send important service updates
- To respond to your support requests
- To process payments for paid plans
For Website Visitors (Your Users)
What We Collect
When someone visits a website using Supalytics, we collect:
| Data Point | Purpose |
|---|---|
| Page URL | To show which pages are visited |
| Referrer URL | To show where visitors come from |
| Country, region, city | Geographic breakdown (from Cloudflare headers) |
| Device type | Desktop, tablet, or mobile breakdown |
| Browser & OS | Technical breakdown |
| Screen size | Responsive design insights |
| Timestamp | When the visit occurred |
| Session duration | Engagement metrics |
What We Do NOT Collect
- No cookies - We don't set any cookies
- No localStorage tracking - We don't store identifiers in the browser
- No IP addresses - IPs are used only for hashing, never stored
- No fingerprinting - We don't combine data points to identify users
- No cross-site tracking - We can't track users across different websites
- No personal data - No names, emails, or identifying information from visitors
How Visitor Identification Works
We use a privacy-preserving method to count unique visitors:
- When a visitor loads a page, we generate a hash from:
IP + User Agent + Domain + Daily Salt - This hash changes every 24 hours (daily rotation)
- The original IP is never stored - only the hash
- The hash cannot be reversed to identify the visitor
- We cannot track the same visitor across different days
This approach is GDPR-compliant and does not require cookie consent banners.
Data Storage & Security
All data is stored on servers located in the European Union:
| Service | Location | Purpose |
|---|---|---|
| Vercel | Frankfurt, Germany | Frontend hosting |
| Railway | Amsterdam, Netherlands | Backend & database |
| Tinybird | Frankfurt, Germany | Analytics data |
We use industry-standard security measures:
- Encryption in transit (TLS/HTTPS)
- Encryption at rest
- Regular security updates
- Access controls and monitoring
Your Rights (GDPR)
Under the General Data Protection Regulation (GDPR), you have the following rights:
- Right to Access - Request a copy of your personal data
- Right to Rectification - Request correction of inaccurate data
- Right to Erasure - Request deletion of your data
- Right to Data Portability - Request your data in a portable format
- Right to Object - Object to processing of your data
- Right to Restrict Processing - Request limitation of processing
To exercise these rights, you can:
- Delete your account from Settings
- Export your data from the dashboard
- Contact us at support@supalytics.co
Data Retention
- Account data: Retained until you delete your account
- Analytics data: Retained for as long as your account is active
- After deletion: All data is permanently deleted within 30 days
Third-Party Services
We use the following services to operate Supalytics:
| Service | Purpose | Data Shared |
|---|---|---|
| Vercel | Hosting | None (static files only) |
| Railway | Backend | Account data, hashed analytics |
| Tinybird | Analytics DB | Anonymized analytics only |
| Stripe | Payments | Payment info (PCI compliant) |
| Google OAuth | Authentication | Email (if you choose Google sign-in) |
| Cloudflare | CDN & geolocation | Request headers (not stored) |
Children's Privacy
Supalytics is not intended for use by children under 16. We do not knowingly collect data from children.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by:
- Posting the new policy on this page
- Updating the "Last updated" date
- Sending an email for material changes
Contact Us
If you have any questions about this Privacy Policy:
- Email: support@supalytics.co
- Website: https://supalytics.co