Skip to content
European Data Processing

Privacy Policy

Last updated: April 26, 2025

Introduction

TrueMetric is a privacy-first web analytics platform designed from the ground up to respect user privacy while providing valuable insights to website owners. Unlike traditional analytics tools that rely on invasive tracking methods, TrueMetric takes a fundamentally different approach.

Our mission is to demonstrate that comprehensive web analytics and user privacy are not mutually exclusive. This privacy policy explains our approach to data collection, processing, and storage, as well as the rights and controls available to both website owners and their visitors.

TrueMetric: Analytics That Respects Privacy

  • ✓ No cookies or local storage
  • ✓ No persistent identifiers
  • ✓ No IP address storage
  • ✓ No cross-site or cross-device tracking
  • ✓ No personal data collection
  • ✓ European data processing

Our Approach

TrueMetric is built on the principle that valuable analytics insights can be gathered without compromising user privacy. Our privacy-first approach is not merely a feature – it's the foundation of our entire system.

What makes TrueMetric different:

  • Server-side processing: Our core tracking mechanism uses a lightweight 1x1 pixel and server-side processing, ensuring minimal impact on website performance.
  • Cookieless tracking: We do not use cookies, localStorage, or any other client-side storage mechanisms for tracking purposes.
  • No personal data: We deliberately design our system to avoid collecting personal data, focusing instead on aggregate patterns and trends.
  • Daily pseudonymous identifiers: Instead of persistent tracking, we use daily rotating pseudonymous identifiers that reset every 24 hours.
  • Minimal geolocation data: We only collect country, region, and city information – never precise coordinates or IP addresses.
  • Transparent practices: Our public Privacy Dashboard allows end users to see exactly what data is being collected.

Data Collection

What we DO collect:

  • Page URLs visited (path only, no query parameters with personal data)
  • Referrer domains (where visitors came from)
  • Browser type and version
  • Device type (desktop, mobile, tablet)
  • Operating system
  • Country, region, and city (derived from IP, which is immediately discarded)
  • UTM parameters (for campaign tracking)
  • Visit duration and page views within a single day
  • Custom events defined by the website owner (if implemented)

What we DO NOT collect:

  • IP addresses (used temporarily for geolocation, then immediately discarded)
  • Exact user location (no GPS or precise coordinates)
  • Personal identifiers (names, email addresses, account IDs)
  • User account information
  • Cross-site browsing activity
  • Browsing history beyond the current website
  • Keystroke tracking or form input data
  • Biometric or device fingerprinting data
  • Data that could directly identify an individual user

Important: If you enable optional features like the JavaScript SDK or custom event tracking, additional data may be collected. Website owners are responsible for using these features in a privacy-compliant manner and updating their privacy policies accordingly.

Pseudonymization

Rather than using traditional session tracking with cookies, TrueMetric implements a privacy-preserving alternative we call "Daily Activity Tracking." This approach uses sophisticated pseudonymization techniques to provide useful analytics while protecting user privacy.

How Daily Activity Tracking works:

  1. 1. Daily visitId generation: When a user visits a website, we generate a pseudonymous "visitId" hash derived from:
    • Truncated IP address (last octet removed for IPv4, last 80 bits for IPv6)
    • User agent information
    • Current date (YYYY-MM-DD format)
    • A daily rotating salt (secret server-side value that changes every day)
  2. 2. Immediate IP address discard: The IP address is used only during the request to derive geolocation data and the visitId hash, then immediately discarded. The raw IP is never stored.
  3. 3. Daily reset: Because the date is part of the visitId generation, this identifier automatically resets every day, preventing cross-day tracking of users.
  4. 4. No cross-site correlation: Each website uses different identifiers, making it impossible to track users across different websites.

Key privacy benefits: This approach prevents long-term tracking of individuals while still providing valuable metrics like bounce rates and page views per visit. It's a carefully designed balance between analytical utility and strict privacy protection.

Unlike traditional analytics that can track users for months or years, our pseudonymous identifiers have a maximum lifespan of 24 hours. This fundamental design choice puts privacy first while still delivering valuable insights.

Data Processing

TrueMetric is committed to secure, transparent, and privacy-respecting data processing practices. Here's how we handle the analytics data we collect:

European Data Processing

All data is processed and stored exclusively on EU-owned and operated servers. Data never leaves the EU, providing strong data sovereignty and compliance with EU data protection standards.

Data Retention

Website owners can configure custom data retention periods. After this period, analytics data is automatically deleted. By default, we recommend a 12-month retention period, but this can be adjusted based on specific needs and compliance requirements.

Data Security

We implement comprehensive security measures to protect analytics data, including:

  • Encryption of data in transit (HTTPS) and at rest
  • Role-based access controls for TrueMetric dashboard users
  • Regular security audits and vulnerability testing
  • Secure infrastructure with industry best practices
  • Database security with connection string protection

Data Access

Access to analytics data is strictly limited to:

  • Authorized users with appropriate permissions (configured by the website owner)
  • Essential TrueMetric personnel for support and maintenance purposes

We never sell, rent, or share analytics data with third parties for marketing or advertising purposes.

Self-Hosting Option

For organizations with specific data sovereignty requirements, TrueMetric offers a self-hosting option, allowing complete control over where and how analytics data is stored and processed.

User Controls

TrueMetric is committed to respecting end-user choices about tracking and data collection. Here are the controls available to website visitors:

Opting Out of Tracking

Depending on how a website has implemented TrueMetric, you can opt out of tracking in several ways:

  • Via the website's privacy controls: Many websites using TrueMetric provide their own opt-out mechanism through a privacy preferences center or similar interface.
  • Do Not Track (DNT) signals: TrueMetric respects browser DNT signals when configured by the website owner.
  • Consent banners: If the website uses an opt-in approach, you can decline analytics cookies/tracking through their consent banner.

Privacy Dashboard

TrueMetric provides a public Privacy Dashboard for each website, accessible to all visitors. This dashboard shows:

  • What data is being collected
  • How long data is retained
  • Privacy practices specific to that website
  • Options for controlling your data

Ask the website owner for a link to their TrueMetric Privacy Dashboard.

Data Subject Rights

Under various privacy regulations like GDPR and CCPA, you have certain rights regarding your data. However, since TrueMetric doesn't collect personal data that can identify specific individuals, many of these rights (such as access, deletion, and portability) may not apply in a traditional sense.

If you have questions about your data rights in relation to a specific website using TrueMetric, contact the website owner directly as they are the data controller.

Note: The specific opt-out methods and privacy controls will vary based on how each website has chosen to implement TrueMetric. Always check the website's own privacy policy for details specific to that site.

For Website Owners

As a TrueMetric customer, you are responsible for using our analytics platform in compliance with applicable privacy laws. Here's guidance on implementing TrueMetric in a privacy-respecting manner:

Implementation Recommendations

  • Update your privacy policy: Clearly disclose your use of TrueMetric, what data is collected, and the legal basis for processing. We provide template language in our documentation.
  • Choose the appropriate legal approach: Determine whether Legitimate Interest or Opt-In Consent is most appropriate for your jurisdiction and use case.
  • Implement opt-out mechanism: Even when using the Legitimate Interest approach, you should provide a clear way for users to opt out of analytics.
  • Configure data retention: Set appropriate data retention periods based on your analytical needs and compliance requirements.
  • Enable the Privacy Dashboard: Make your TrueMetric Privacy Dashboard accessible to users for maximum transparency.

Legal Documentation Support

TrueMetric provides several resources to help you maintain compliance:

  • LIA (Legitimate Interest Assessment) templates: Documentation to help justify the use of Legitimate Interest as a lawful basis for processing.
  • Privacy policy snippets: Pre-written text explaining TrueMetric's data practices for inclusion in your privacy policy.
  • Compliance checklists: Step-by-step guides for GDPR, CCPA, and other privacy regulations.
  • Data Processing Agreement (DPA): Available to customers to formalize the data processor relationship.

Additional Privacy Features

  • Customizable geographical precision: Limit geolocation data to country-level only if needed.
  • URL path cleaning: Configure TrueMetric to automatically remove potentially sensitive information from URLs (like query parameters containing personal data).
  • Role-based access: Restrict dashboard access to only those team members who need it.
  • Self-hosting: Available for organizations with strict data sovereignty requirements.

Remember: As the website owner, you are the data controller, and TrueMetric acts as your data processor. While we've designed our system to facilitate privacy compliance, the ultimate responsibility for compliance rests with you.

Contact Information

If you have questions about TrueMetric's privacy practices or need assistance with privacy-related matters, please contact us:

For General Privacy Inquiries

Email: privacy@truemetric.info

Response time: Within 2 business days

For Data Protection Officer

Email: dpo@truemetric.info

For formal inquiries related to GDPR and other data protection regulations

Address

TrueMetric Analytics
Chelsea AI Ventures
London
Germany

For website visitors: If you have questions about how a specific website is using TrueMetric, please contact that website's owner directly. As an analytics provider, TrueMetric doesn't have direct relationships with end users of our customers' websites.

This privacy policy was last updated on April 26, 2025. We may update this policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons.