# Compliance FAQ

This page provides answers to the most frequent questions on data privacy and compliance when using CountUp on your website.

# How does CountUp comply with the GDPR?

CountUp is GDPR compliant by design, because we do not collect any personal data or personally identifiable information.

The goal of CountUp is to track overall trends in your website and not to track individual visitors. We don't use cookies and we don't generate any persistent identifiers. All of the data we track is aggregated data only and it has no personal information. You can get a full list of the data we track here.

# Does CountUp require user consent or a cookie banner?

No, you don't need user consent as we don't use cookies or process any information stored on the visitor's computer.

There's no need for a cookie banner, privacy notice, or pop-up. We neither generate nor store any device-persistent identifier, and we refrain from using cookies, browser cache, or local storage for processing information on the visitor's device.

# Do I need to mention CountUp in my privacy policy?

While it may not be legally required to include CountUp in your privacy policy, we advise doing so in the interest of transparency. CountUp is designed with privacy in mind and does not capture or store personal identifable data. However, to support transparency and build trust with your users, we recommend mentioning CountUp in your privacy policy.

To make things quick and easy for you, we prepared a template to get you started:

Privacy Policy Template
../policy-template/

# Does CountUp transfer data outside of the EU?

No, we don't transfer your data outside of the EU. This includes no data transfer to the United States of America. You don't have to worry about Schrems II and that it invalidates the EU-US privacy shield. All data that we collect is kept only on servers in Frankfurt (Germany).

Furthermore, all our hosting providers fully support the GDPR and comply with its provisions.

# Do I fully own my Data?

Yes, with CountUp, you always retain 100% ownership of your tracking data. Here's what we mean by that:

  • Your data is yours. We simply store it on our cloud servers when you use our hosted service.
  • We claim no rights over your website data and never sell or share it with third parties.
  • Your data isn't shared with advertisers or any other companies. It's not mined for trends, nor monetized.
  • You have the freedom to delete your account or specific site stats whenever you choose. Once deleted, the data is gone forever, and we cannot retrieve it.

# How does CountUp count unique users without cookies?

CountUp values privacy. While many analytics tools store persistent identifiers in browsers to identify unique and returning visitors, these are considered personal data under GDPR. To solve this conflict, we implemented tracking in way that respects user privacy but still provides some insights into unique visitor patterns. Here is how it works:

When a visitor interacts with your site, their IP address and User-Agent are naturally included in the standard HTTP request that is send to the server. We use this information and run it trough a hashing function to produce a daily, non-personal identifier through a hashing process that includes a daily rotating salt.

This ensures the data is thoroughly anonymized, creating an untraceable string that prevents any personal identification. Most importantly, we never store the original IP addresses or User-Agents in any logs, databases, or elsewhere. Each day, to further secure privacy, we delete the salts, making it impossible to reverse-engineer or link visitor data across days.

In terms of counting, if the same visitor browses your site multiple times within a day, we record it as one unique visitor. However, visits across different days or devices will always count separately.