Skip to content
European Data Processing

TrueMetric and GDPR Compliance

At TrueMetric, privacy isn't just a feature; it's the foundation upon which our service is built. We are committed to helping our customers comply with the General Data Protection Regulation (GDPR) and other global privacy laws.

Controller vs. Processor

When you use TrueMetric to analyze traffic on your website, **you (our Customer) are the Data Controller** for the analytics data collected from your End-Users. **Chelsea AI Ventures Ltd. acts as the Data Processor** on your behalf, processing this data according to your instructions (as outlined in our Terms and Data Processing Addendum).

How TrueMetric Facilitates Your GDPR Compliance

TrueMetric is designed with GDPR principles like 'privacy by design' and 'data minimization' in mind. Here’s how our features help you meet your obligations as a Data Controller:

  • Cookieless Tracking: Our core service uses no cookies or local storage for tracking End-Users. This significantly simplifies consent requirements under GDPR and ePrivacy regulations for analytics purposes. See our Cookie Policy.
  • No Stored IP Addresses: We do not store End-User IP addresses. They are used momentarily for geo-location and pseudonymization, then discarded, removing a key personal identifier from stored data.
  • Data Minimization: We only collect essential data points needed for aggregate web analytics (page, referrer, device type, geo-location, etc.). We avoid collecting granular behavioral data.
  • Pseudonymization: Our daily `visitId` allows for unique visitor counts within 24 hours without creating a persistent profile of individuals across days or sites.
  • EU Data Hosting: For our cloud-hosted service, all End-User analytics data is processed and stored on servers located within the European Union, helping meet data residency and transfer requirements.
  • Data Ownership & Export: You retain full ownership of your analytics data and can export it at any time.
  • Security Measures: We implement robust technical and organizational security measures to protect the data we process. Details are in our Privacy Policy.
  • Self-Hosting Option: For maximum control, our self-hosting option allows you to keep all analytics data within your own infrastructure.

TrueMetric's Compliance as a Data Controller

When we collect data directly from our Customers (for account management, billing) or our own Site Visitors (https://www.truemetric.info), Chelsea AI Ventures Ltd. acts as the Data Controller. We are fully committed to GDPR compliance for this data:

  • We process data based on legitimate legal grounds (contract, legitimate interest, consent).
  • We uphold data subject rights (access, rectification, erasure, etc.).
  • We ensure appropriate security measures are in place.
  • We are transparent about our practices in our Privacy Policy.

Data Processing Addendum (DPA)

For customers requiring a formal DPA under Article 28 of the GDPR, we provide one as part of, or as an addendum to, our Terms of Service. Please contact us if you have specific requirements.

Your Responsibilities

While TrueMetric provides tools to aid compliance, you, as the Data Controller for your End-User data, remain responsible for:

  • Ensuring you have a lawful basis for collecting and processing data via your website.
  • Maintaining an accurate privacy policy for your visitors.
  • Implementing appropriate security measures on your end.
  • Responding to data subject requests from your End-Users related to the data you control.

Contact Us About GDPR

If you have questions regarding GDPR and TrueMetric, please review our Privacy Policy or contact our privacy team:

Contact Privacy Team

Disclaimer

The information on this page is for informational purposes only and does not constitute legal advice. You should consult with qualified legal counsel regarding your specific GDPR compliance obligations.