GDPR Compliance
Overview
Peasy is dedicated to ensuring the privacy and security of our users' data. As an analytics tool provider, we recognize the importance of responsible data handling and compliance with the General Data Protection Regulation (GDPR). This document outlines our data protection and privacy practices.
What is GDPR?
The General Data Protection Regulation (GDPR), effective from May 25, 2018, mandates organizations to protect personal data and uphold privacy rights for individuals within the European Union (EU).
Does GDPR apply to you?
If your business operates within the EU or handles personal data of individuals in the EU, you must comply with GDPR.
Is Peasy GDPR compliant?
Yes, Peasy adheres to the GDPR framework.
Peasy as a Data Controller
Peasy acts as a Data Controller in managing personal information provided by customers for using our service (e.g., registration information like email). We do not sell personal data to third parties or use it for marketing purposes.
We use a minimal number of sub-processors. Here is the full list:
| Service | Use | GDPR compliance |
|---|---|---|
| Stripe | Payment processor | Learn more |
| Mailgun | Transactional emails | Learn more |
Peasy as a Data Processor
By default, Peasy does not store any private information about our clients' website visitors.
Data we store for each visitor:
| Name | Description |
|---|---|
| Unique hash | Calculated using a hash function: hash(domain, ipAddress, userAgent, dailySalt). Daily salts are unique to each domain and renewed daily, allowing us to calculate daily unique visits without storing cookies. |
| Country & City | Derived from Cloudflare CF-IPCountry and CF-IPCity headers respectively. We do not store visitor IP addresses. |
| User agent | We parse visitor's browser, OS, and device type information without storing the full string. |
| HTTP Referrer | We store the referrer website, if available. |
| UTM sources | We store all UTM tracking data, if available. |
| Page views & events | We track all visitors' page views and their respective events. |
Peasy's clients can also add custom data to their visitors' profiles, such as name, email, address, IP address, and other sensitive information. In this case, Peasy acts as a Data Processor, and our clients are responsible for the personal data they share with us. Peasy processes and stores this data securely and does not share it with any third parties.
Clients have full control over the data they send us. They can view and delete everything using Peasy's interface or by requesting our assistance. Deleted data is also removed from our backups after 30 days.
We do not sell or share visitors' data with any third parties.
Cookie Policy
We do not set cookies on our clients' visitors' browsers, eliminating the need for third-party cookie consents.
Questions?
Contact us at:
- Email: team@peasy.so
- Phone: +1 651-381-1978