Legal

Privacy Policy

A lightweight, privacy-focused analytics tool designed to respect user data. No cross-site tracking, no data selling, no persistent cookies.

Effective Date: February 26, 2026

01

Introduction

Introduction

Welcome to Witnes ("we," "us," or "our"). We provide a lightweight, privacy-focused session recording and analytics tool designed to respect user data. We operate with a strict "Privacy by Design" philosophy: we do not track visitors across the web, we do not sell data, and we do not use persistent cookies.

This Privacy Policy explains how we collect, use, and protect data when you visit our website or use our analytics software on your own website.

02

GDPR Role

Our Role under GDPR

We operate under two distinct capacities depending on how you interact with our services:

  • For Visitors of Customer Websites: We act as a Data Processor. We process data on behalf of our customers (the website owners) to provide them with analytics.
  • For Our Customers (Account Holders): We act as a Data Controller. We collect your account and billing information to provide the service to you.
03

Visitor Data

Data We Process (Visitors)

When the Witnes tracker runs on a website, we collect minimal data to provide performance metrics and session flows.

a) The "No-Cookie" Approach

We do not use cookies, LocalStorage, or persistent identifiers to track visitors. Instead, we use a privacy-preserving hashing mechanism.

  • Unique Visitor Identification: We generate a daily unique ID by creating a cryptographic hash of the visitor's IP Address + User Agent + Website Domain + Daily Salt. Because the website domain is part of the hash, the same visitor on different websites will always produce different IDs, making cross-site correlation impossible.
  • The Daily Salt: This salt is a random string that rotates automatically every 24 hours. This means a visitor's ID is reset daily, making it impossible to track individual users across multiple days.
  • No IP Storage: We do not store raw IP addresses in our database. IP addresses are processed in volatile memory solely to generate the hash and are immediately discarded.

b) Technical Metrics

We collect the following non-identifiable technical data:

  • Performance Vitals: LCP (Largest Contentful Paint), CLS (Cumulative Layout Shift), TTFB (Time to First Byte).
  • Device Context: User Agent, Screen Dimensions, Viewport Size, Connection Type (e.g., 4G/WiFi).
  • Session Flow: URLs visited, Referrer (where they came from), and Waterfall latency data.
04

Customer Data

Data We Collect (Customers)

When you sign up for a Witnes account, we collect:

  • Account Information: Email address, Password (hashed), and Company Name.
  • Billing Information: VAT/Tax ID and Billing Address.
  • Payment Data: All payments are processed securely by Stripe. We do not store or have access to your full credit card number.
05

Retention

Data Retention & Deletion

We believe in "Data Minimalism." We do not hoard data.

  • Visitor Analytics: All raw event data (metrics, waterfalls, session logs) is strictly retained according to your subscription plan (7, 14, or 30 days). After this period, data is automatically and permanently purged from our systems.
  • Account Data: If you choose to close your account, we will delete all your personal data (name, email, settings) within 30 days, except where retention is required by law (e.g., for tax and accounting purposes).
06

Storage

Where We Store Your Data

We are committed to keeping data within the European Union.

  • Primary Infrastructure: Hetzner Online GmbH (Germany). All processing and storage of event data occur here.
  • CDN & Security: Cloudflare, Inc. (Global Edge Network). Used for fast delivery of our script and DDoS protection.
  • Transactional Email: Mailtrap (Railsware Products, Inc.). Used for sending password resets and system alerts.
07

Your Rights

Your Rights

Under the GDPR and similar privacy laws, you have the right to:

Access — Request a copy of the personal data we hold about you
Rectification — Correct any inaccurate data
Erasure — Request that we delete your data ("Right to be Forgotten")
Portability — Request your data in a structured, machine-readable format

To exercise these rights, please contact us at support@witnes.io.

08

Changes

Changes to This Policy

We may update this policy to reflect changes in our technology or legal requirements. We will notify active customers of any significant changes via email.

Back to Home