Powered by

# Privacy, Compliance and GDPR

This page provides answers to the most frequent questions on data privacy and compliance when using CountUp on your website.

# Does CountUp Analytics comply with the GDPR?

Our goal is to track overall trends in your website and not to track individual visitors. We don't use cookies and we don't generate any persistent identifiers.

We intend to track only the most essential data points and nothing beyond. Furthermore, all of the data that we track is aggregated data only and it has no personal information.

Here is a complete list of data points we collect and store about your website visitors:

Data Sample Value Note
Page URL https://www.countup.io/signup?utm_campaign=docs We record the URL for every page viewed on your site to display the number of times each page has been viewed. Only the hostname, pathname, and specific query parameters like ref, source, utm_source, utm_medium, utm_campaign, utm_term, and utm_content are stored. We never retain the complete URL.
HTTP Referer https://www.countup.io We save the URI of the website that directed visitors to your tracked site. This helps display the number of users coming from external links.
Browser Firefox We keep details about the visitor's browser, but not its version. This data originates from the User-Agent HTTP header. Only the relevant information is stored, and the entire User-Agent is omitted.
Operating System Windows 10 This gives insights into the OS your visitors employ. The data is sourced from the User-Agent HTTP header. Again, we only keep the necessary details, omitting the complete User-Agent.
Device Type Desktop By assessing the User-Agent and the screen's width, we categorize the visitor's device as Desktop, Tablet, or Mobile. Details like the full User-Agent and actual screen width aren't stored.
Browser Locale de-DE This gives insights about the languages visitors set their browser to and therefore probably understand. We source this from the navigator object of the browser.
Location Germany, Hessen, Frankfurt We utilize the visitor's IP to determine their location (country, region, city). Once used, the IP address is immediately removed, ensuring it's not saved in any database or logs.
UTM Parameters utm_source, utm_medium, utm_campaign, utm_term, utm_content If present, we copy and store the contents of utm and campaign parameters from the URL. This helps to gather insights about what marketing channels and campaigns work best.

# Does CountUp Analytics require user consent or a cookie banner?

So there's no need for a cookie banner, privacy notice, or pop-up. We neither generate nor store any device-persistent identifier, and we refrain from using cookies, browser cache, or local storage for processing information on the visitor's device.

The biggest benefit of this is that you might get up to 70% more analytics data, as research shows that 7 out of 10 visitors limit usage of cookies by rejecting banners or by applying other mechanisms.

# Do I need to mention CountUp Analytics in my privacy policy?

So while it may not be legally required to include CountUp Analytics in your privacy policy, we advise doing so in the interest of transparency.

CountUp Analytics is designed with privacy in mind and does not capture or store personal identifable data. But in order to support transparency and build trust with your users, we recommend mentioning CountUp in your privacy policy.

To make things quick and easy for you, we prepared a template to get you started:

Privacy Policy Template
../static/countup-privacy-template.html

# Does CountUp transfer data outside of the EU?

This includes no data transfer to the United States of America, so you don't have to worry about Schrems II or the EU-US privacy shield. All data that we collect is kept only on servers in Frankfurt (Germany).

Furthermore, all our hosting providers fully support the GDPR and comply with its provisions.

# Do I fully own my Data?

Here's what we mean by that:

  • Your data is yours. We simply store it on our cloud servers when you use our hosted service.
  • We claim no rights over your website data and never sell or share it with third parties.
  • Your data isn't shared with advertisers or any other companies. It's not mined for trends, nor monetized.
  • You have the freedom to delete your account or specific site stats whenever you choose. Once deleted, the data is gone forever, and we cannot retrieve it.

# How does CountUp count unique and returning visitors without cookies?

CountUp Analytics values privacy. While many analytics tools store persistent identifiers in browsers to identify unique and returning visitors, these are considered personal data under GDPR. To solve this conflict, we implemented tracking in way that respects user privacy but still provides some insights into unique and returning visitor patterns. Here is how it works:

When a visitor interacts with your site, their IP address and User-Agent are naturally included in the standard HTTP request that is send to our server. We use this information and run it trough a hashing function to produce a non-personal identifier using a hashing process that includes a daily rotating salt.

This ensures the data is thoroughly anonymized, creating an untraceable string that prevents any personal identification. Most importantly, we never store the original IP addresses or User-Agents in any logs, databases or elsewhere. Each day, to further secure privacy, we delete the salts, making it impossible to reverse-engineer or link visitor data across days.

In terms of counting, if the same visitor browses your site multiple times within a day, we record it as one unique visitor. However, visits across different days or devices will always count separately.

© Copyright 2024. All rights reserved.