Privacy policy

This policy covers the Anonview dashboard, the ghost script (Wasm), and the privacy relay. We clearly distinguish:

• Data-plane: anonymized analytics events, no PII.
• Control-plane: minimal data for accounts, organizations, and billing.

Data-plane (analytics): event type, timestamp, cleaned page/URL, truncated text, cleaned referrer, ephemeral session hash. These data are used for audience measurement and live dashboard views.

Control-plane (accounts): business email, organization name, access roles, technical session traces, and billing information handled by payment providers.

• IP address, raw user-agent, third-party cookies.
• Input values, sensitive content, visitor emails.
• Advertising or cross-site identifiers.

• Provide privacy-first usage statistics (legitimate interest).
• Perform the contract and manage dashboard access (contract performance).
• Billing and associated legal obligations (legal obligation).

Events are scrubbed of trackers (UTM, marketing IDs), truncated to reduce granularity, and tied to a session hash that rotates daily. No long-term tracking mechanism is in place. Aggregates shown in the dashboard may be noised to strengthen confidentiality.

Retention is configured by the operator (ClickHouse TTL). We do not force hardcoded limits and apply automatic deletion per the declared policy. Application logs do not contain user payload.

Technical subprocessors are described on the Subprocessorspage. International transfers are limited and governed when necessary.

Data subjects may exercise their rights of access, rectification, objection, restriction, or deletion where applicable. For anonymized events, direct identification of a person is not possible.

For any GDPR question or request, contact us at: contact@anonview.io.