Privacy Policy
Last updated: November 26, 2025
1. Introduction
Telemetry Kit ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our analytics service.
We are a privacy-first analytics platform that respects Do Not Track (DNT) signals and does not use cookies for tracking. Our service is designed to give you meaningful insights while respecting user privacy.
2. Data We Collect
2.1 Account Information
When you create an account via GitHub OAuth, we collect:
- GitHub username and user ID
- Email address (from GitHub)
- Profile avatar URL
2.2 Analytics Data (Collected by Our SDK)
When your users visit sites using our SDK, we collect:
- Page URL (path only, no query parameters with PII)
- Referrer URL (domain only)
- Browser type and version
- Operating system
- Screen resolution
- Country (derived from IP, IP not stored)
- Session duration
- Custom events you configure
2.3 What We Do NOT Collect
- IP addresses (hashed temporarily, never stored)
- Cookies for tracking
- Device fingerprints
- Cross-site tracking data
- Personal identifiable information (PII)
2.4 Do Not Track (DNT)
We fully respect DNT browser signals. When a user has DNT enabled:
- No analytics data is collected from that user
- We count DNT requests separately for transparency
- You can see aggregate DNT statistics in your dashboard
3. How We Use Your Data
3.1 Account Data
- To provide and maintain the service
- To authenticate you
- To communicate with you about the service
- To process payments
3.2 Analytics Data
- To provide analytics dashboards and reports
- To generate aggregate statistics
- To improve our service
- As described in Section 4 based on your tier
4. Data Ownership by Tier
Free Tier
We own your data. By using the free tier, you grant us a perpetual, irrevocable, worldwide, royalty-free license to use, modify, distribute, and create derivative works from all analytics data you send to us. We may:
- Use your data for any purpose
- Aggregate your data with other users' data
- Sell aggregated insights derived from your data
- Use your data to train machine learning models
- Share anonymized data with third parties
Paid Tiers (Starter, Pro, Business)
You own your data. We act only as a data processor on your behalf. We will:
- Only process data as instructed by you
- Never sell or share your individual data
- Delete your data upon request or account termination
- Provide data export at any time
- Sign a Data Processing Agreement (DPA) upon request
5. Data Sharing
5.1 Service Providers
We share data with service providers who assist in operating our service:
- DigitalOcean: Cloud infrastructure (US-based)
- GitHub: Authentication
- Stripe: Payment processing (paid tiers only)
5.2 Legal Requirements
We may disclose data if required by law or to protect our rights.
5.3 Business Transfers
In case of merger, acquisition, or asset sale, your data may be transferred.
6. Data Retention
| Data Type | Free Tier | Paid Tiers |
|---|---|---|
| Account data | Until deletion + 30 days | Until deletion + 30 days |
| Analytics data | Indefinitely (we own it) | Per your retention settings |
| Payment data | N/A | 7 years (legal requirement) |
7. Your Rights
7.1 All Users
- Access: Request a copy of your account data
- Correction: Update inaccurate information
- Deletion: Delete your account
- Portability: Export your account data
7.2 Paid Tier Additional Rights
- Analytics Data Export: Export all analytics data
- Analytics Data Deletion: Delete all analytics data
- DPA: Request a Data Processing Agreement
- Audit: Request security audit information
7.3 GDPR Rights (EU Users)
If you are in the EU, you have additional rights under GDPR including the right to lodge a complaint with your supervisory authority.
7.4 CCPA Rights (California Users)
California residents have additional rights under CCPA, including the right to know what data we collect and the right to opt-out of data sales (note: we do not sell individual personal data from paid tiers).
8. Security
We implement industry-standard security measures:
- TLS 1.3 encryption in transit
- AES-256 encryption at rest
- Regular security audits
- Access controls and logging
- Incident response procedures
9. International Data Transfers
Our servers are located in the United States. If you are accessing from outside the US, your data will be transferred to the US. We rely on:
- Standard Contractual Clauses (SCCs) for EU transfers
- Your consent to the transfer
10. Children's Privacy
Our service is not intended for children under 16. We do not knowingly collect data from children. If you believe we have collected data from a child, please contact us.
11. Changes to This Policy
We may update this policy from time to time. We will notify you of material changes via email or dashboard notification. Continued use after changes constitutes acceptance.
12. Contact Us
For privacy-related inquiries:
- Email: [email protected]
- GitHub: ibrahimcesar/telemetry-kit