Privacy Policy

Scope

This policy applies to the Aizen Analytics product, including the tracking script, dashboard, shared dashboards, read-only stats API, billing flows, notification emails, and optional integrations such as Google Search Console. It does not control the privacy practices of the websites or apps that our customers choose to measure.

Controller and Processor Roles

For analytics data collected from a customer's website or app, the customer is generally the controller and Aizen Analytics acts as a processor. The customer decides whether to deploy the tracker, which properties to measure, what events to send, and whether to enable sharing or integrations.

For account, billing, authentication, abuse-prevention, and product operations data, Aizen Analytics acts as a controller. For more detail on processor obligations, see our Data Processing Agreement.

Privacy by Design

Aizen is built to minimize persistent tracking. The analytics tracker does not set analytics cookies or use local storage, does not create cross-site identifiers, and does not store raw IP addresses or full user-agent strings in the analytics database.

That said, some analytics metadata may still be considered personal data or pseudonymous data under privacy law. We therefore treat analytics data as protected information and describe it conservatively in this policy.

Analytics Data We Process

When the Aizen tracker or API receives an event, we may process and store:

• Page URL and normalized path, with non-UTM query parameters stripped
• UTM parameters that pass our server-side validation
• Referrer origin and referring domain, with referrer path and query stripped
• Browser name and version
• Operating system name and version
• Device type and screen width
• Approximate geolocation derived from IP lookup, including country, region, city, latitude, longitude, and accuracy radius
• A day-scoped pseudonymous session hash
• Timestamp
• Custom event names and properties sent by the customer
• Normalized destination URLs for built-in outbound click tracking and optional link click metadata when the built-in tracker records exit_link or link_click events
• For mobile events, optional screen names and app versions if the customer sends them

The live map feature uses the stored approximate coordinates above and makes them available only inside the dashboard to authorized users of the measured site.

Data We Do Not Intentionally Store in the Analytics Database

• Raw IP addresses. The application uses them transiently in memory for rate limiting, approximate geolocation lookup, and day-scoped session hashing.
• Full raw user-agent strings. The application parses them into higher-level browser, OS, and device fields and discards the raw string.
• Analytics cookies or local storage identifiers created by the tracker
• Cross-site or cross-day visitor identifiers
• Referrer paths or referrer query strings

Infrastructure, network, security, or payment providers may process their own request metadata under their own systems and retention rules when providing the service.

Custom Events, URLs, and Sensitive Data

We automatically filter some obvious personal data patterns from custom event properties, such as email addresses, phone numbers, UUIDs, long hex strings, and IP addresses. This filter is heuristic only. It is designed to reduce accidental collection, not to guarantee complete removal of personal data.

Customers must not send sensitive or high-risk data through Aizen, including secrets, session tokens, payment data, government identifiers, health data, or other personal data embedded in custom event properties or URLs. This matters especially for built-in click tracking, because exit_link and link_click events can store normalized destination URLs and explicit CTA identifiers supplied by the customer.

Account, Billing, and Integration Data

When you create or use an Aizen account, we may process:

• First name, email address, and password hash
• Authentication sessions and essential session cookies
• Linked account metadata if you sign in with Google
• Tracked site domains, timezones, exclusions, and notification settings
• Team invitations, invited email addresses, roles, and invitation tokens
• Shared dashboard settings and public share-link identifiers
• Read-only stats API key metadata such as name, prefix, scope, expiry, and last use
• Subscription status, event limits, billing period dates, and Stripe customer metadata
• Transactional emails such as welcome messages, password resets, billing notices, weekly reports, spike alerts, invitation emails, and account deletion notices
• Optional Google Search Console data, including selected property information, encrypted access and refresh tokens, sync timestamps, and imported query/page performance data

Stripe processes payment card details. Aizen does not store full card numbers.

Cookies and Similar Technologies

The analytics tracker does not use cookies or local storage for analytics collection. The authenticated product uses essential cookies for session management and security. Some product flows may also use short-lived browser storage, such as sessionStorage, to preserve state during invitation flows.

Hosted billing, identity, or other third-party components may set their own cookies under their own policies. For more detail, see our Cookies Policy.

Legal Bases for Processing

For account, billing, authentication, service delivery, notifications, and optional integrations, we generally process data as necessary to perform our contract with you. We also process certain data based on legitimate interests, including security, abuse-prevention, service reliability, and fraud detection.

For analytics data that we process on behalf of a customer's website or app, the customer is responsible for identifying the appropriate legal basis, notices, and consent posture for its own implementation.

Sharing, Public Links, and API Access

Shared dashboards and site API keys are opt-in features controlled by the site owner. If a customer enables a public share link, aggregated analytics for that site may be visible to anyone with the link. If a customer creates a site API key, anyone holding that key may retrieve read-only retained analytics for the permitted site until the key is revoked or expires.

Do Not Track and Global Privacy Control

The tracker does not currently react to the Do Not Track browser signal. We minimize data collection regardless of that signal.

We do not sell personal data or share personal data for cross-context behavioral advertising. Because of that, Global Privacy Control does not disable Aizen analytics by itself.

Retention

• Raw event records are retained for 90 days
• Daily aggregate rollups are retained for 3 years on Starter and 5 years on Growth
• Daily salts used for session hashing are deleted after about 48 hours
• Search Console data is retained for up to 16 months
• Auth sessions can last up to 30 days unless ended sooner
• Password reset tokens expire after 1 hour
• Team invitation tokens expire after 7 days
• Temporary Search Console OAuth tokens expire after 10 minutes
• Account deletion requests are held for a 7-day grace period before the account and owned-site data are deleted

Customers can delete individual sites directly. Account deletion is delayed by the 7-day grace period so the customer can cancel accidental deletions. Third-party payment providers may keep their own legally required records outside Aizen's application database.

International Processing and Service Providers

Aizen operates the managed service with a small number of service providers for hosting, storage, content delivery, security, email delivery, payments, identity, and optional integrations. Depending on where you are located and which features you use, your data may be processed in the United States and other countries where those providers operate.

Categories of providers used by Aizen include:

• Cloud hosting, storage, and infrastructure providers
• CDN and security providers
• Email delivery providers
• Payment processor (Stripe)
• Optional identity and integration providers, including Google services
• GeoIP data provider (MaxMind GeoLite2)

A current named vendor list is available on request.

Third-Party Data Notice

This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.

Your Rights

If you are an Aizen account holder: you can update your profile, change your password, manage connected accounts, manage billing, delete sites, and schedule account deletion from the product. You may also contact us to exercise applicable rights such as access, correction, deletion, or objection.

If you are a visitor to a customer's website or app: Aizen does not store raw IP addresses or direct account-style identifiers in the analytics database. Because of that design, we often cannot reliably locate or isolate a single individual's analytics record after collection. Requests about a measured site should usually be directed to that site owner first.

Changes to This Policy

We may update this policy as the product changes or as legal requirements evolve. The date at the top of this page reflects the latest revision.

Contact

If you have questions about this policy or Aizen's data handling practices, contact [email protected].