Skip to content
European Data Processing

TrueMetric Privacy Policy

Effective Date: April 15, 2025

Important Notice

This Privacy Policy is for informational purposes only. It does not constitute legal advice. Please consult with a qualified legal professional to ensure your compliance with applicable privacy laws and regulations.

1. Introduction

Welcome to TrueMetric. This Privacy Policy explains how Chelsea AI Ventures Ltd. ("we," "us," or "our") collects, uses, stores, and protects information in relation to our analytics service, TrueMetric, our website (truemetric.info - replace if different), and related services (collectively, the "Services").

Our core philosophy is privacy-first. We aim to provide valuable website analytics while minimizing the collection of personal data, especially concerning visitors to websites that use TrueMetric ("End-Users").

This policy covers:

  • Information collected from End-Users via the TrueMetric tracking script.
  • Information collected from visitors to our own website ("Site Visitors").
  • Information collected from our registered customers ("Customers").

2. Information Collected from End-Users (Via TrueMetric Tracking)

When a website you visit uses TrueMetric analytics, we collect the following information on behalf of our Customer (the website owner):

  • Page URL: The specific page visited.
  • Referrer URL: The address of the link clicked to reach the page.
  • Browser/OS Information: Derived from the User Agent string (e.g., Chrome on Windows).
  • Device Type: Derived from the User Agent string (e.g., Desktop, Mobile).
  • Screen Resolution: The size of the End-User's screen.
  • Derived Geographic Location: Country, region, and city derived momentarily from the IP address (see below).
  • UTM Parameters: Campaign tracking codes if present in the URL.
  • Pseudonymous Daily Visit Identifier (`visitId`): A temporary hash generated from the IP address (discarded), User Agent, website ID, and a daily changing salt. This allows counting unique visits within a 24-hour period only.

Crucially, we DO NOT:

  • Use cookies for tracking End-Users.
  • Store End-User IP addresses. IPs are used only ephemerally in memory for geo-location and `visitId` generation, then immediately discarded.
  • Collect any personally identifiable information (PII) directly from End-Users via our standard tracking script.
  • Perform cross-site or cross-device tracking of End-Users. Data is siloed per Customer website.

The purpose of collecting this aggregated, anonymized data is solely to provide analytics insights to our Customers about their website traffic.

3. Information Collected from Our Site Visitors (TrueMetric.com)

When you visit our website (truemetric.info):

  • Analytics: We use our own TrueMetric service to collect the same type of aggregated, anonymized data described in Section 2 to understand our website traffic.
  • Functional Cookies: We may use essential cookies required for website functionality, such as session management if you log in. These are not used for tracking purposes across sites. (A separate Cookie Policy may be advisable).
  • Contact Forms/Support: If you contact us via forms or email, we collect the information you provide (e.g., name, email, message content) to respond to your inquiry.

4. Information Collected from Our Customers

To provide our Services, we collect the following from our registered Customers:

  • Account Information: Name, email address, company name (optional). Used for login, communication, and service administration.
  • Website Information: Domain(s) of the website(s) where you install the TrueMetric tracking script. Used to configure the service.
  • Billing Information: We use a third-party payment processor (e.g., Stripe - specify the actual provider) to handle payments. We do not store full credit card details ourselves. We may store billing address and transaction history.
  • Usage Data: Information about how you use the TrueMetric dashboard and features, to improve our service.

5. Legal Basis for Processing

We process information based on the following legal grounds under GDPR:

  • End-User Data (via Tracking Script): Primarily Legitimate Interest of our Customer (the website owner) to understand their website performance. Given the minimal, anonymized nature of the data and lack of stored PII/IPs/Cookies, this typically does not require End-User consent for the core analytics function itself. Customers are responsible for ensuring their overall website compliance.
  • Customer Data: Performance of a Contract (to provide the Services), Legitimate Interest (communication, service improvement), Consent (for optional marketing communications).
  • Site Visitor Data: Legitimate Interest (website analytics, security), Consent (for non-essential cookies if any, marketing), Performance of Contract (if initiating service signup).

6. How We Use Information

  • To Provide & Improve Services: Operate the analytics platform, generate reports for Customers, administer accounts, improve features.
  • To Communicate: Respond to inquiries, send service updates, billing information, and (with consent) marketing materials.
  • For Billing & Account Management: Process payments and manage customer accounts.
  • For Security & Compliance: Protect against fraud, abuse, and ensure adherence to legal obligations.

7. Data Sharing and Third Parties

We do not sell personal data. We may share information with trusted third-party service providers necessary to operate our Services, under strict confidentiality agreements:

  • Infrastructure Providers: Cloud hosting (e.g., Vercel), Database providers (e.g., Neon) located in the EU for core analytics processing.
  • Payment Processors: (e.g., Stripe) for handling customer payments.
  • Geo-IP Lookup Service: To derive location from momentarily used IPs.
  • Other providers for email delivery, customer support platforms, etc.

We only share the minimum information necessary for them to perform their function. We ensure these providers have adequate security and privacy safeguards.

We may also disclose information if required by law, subpoena, or other legal processes, or to protect our rights, property, or safety, or that of others.

8. Data Retention

  • End-User Analytics Data: Aggregated data collected via tracking is retained based on the Customer's plan. Raw, non-aggregated data associated with the momentary processing (like logs containing the `visitId`) is kept for a limited period (e.g., 7-30 days - specify actual) for debugging and security before being deleted.
  • Customer Account Data: Retained as long as the account is active and for a reasonable period afterward for legal and operational requirements (e.g., financial records).
  • Site Visitor Data (Forms): Retained as long as necessary to address the inquiry.

9. Data Security

We implement appropriate technical and organizational measures to protect information against unauthorized access, loss, destruction, or alteration. These include encryption, access controls, secure infrastructure, and regular security reviews. However, no method of transmission or storage is 100% secure.

10. Your Rights (GDPR/CCPA)

Depending on your location and relationship with us (End-User, Site Visitor, Customer), you may have rights regarding your personal data:

  • Access: Request access to the personal data we hold about you.
  • Rectification: Request correction of inaccurate data.
  • Erasure ('Right to be Forgotten'): Request deletion of your data under certain conditions.
  • Restriction of Processing: Request limitation on how we use your data.
  • Data Portability: Request your data in a machine-readable format.
  • Objection: Object to processing based on legitimate interests.
  • Withdraw Consent: Withdraw consent where processing is based on consent.

End-Users: As we do not store identifiable personal data about End-Users long-term, requests related to analytics data collected on behalf of our Customers should generally be directed to the respective website owner (our Customer).

Customers & Site Visitors: To exercise your rights regarding data we hold directly about you, please contact us at privacy@truemetric.info. We will respond within the timeframes required by law.

11. International Data Transfers

Analytics data collected from End-Users via our hosted TrueMetric service is processed and stored within the European Union (EU). If you are a Customer outside the EU, your account information or data submitted via our website may be processed by us or our third-party providers in the EU or potentially other locations (e.g., US for Stripe). We rely on appropriate safeguards like Standard Contractual Clauses (SCCs) where necessary for such transfers.

12. Self-Hosting

If a Customer uses the TrueMetric self-hosting option, the Customer is solely responsible for the collection, processing, storage, security, and compliance of all data within their own environment according to this policy's principles and applicable laws.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify Customers of significant changes via email or within the Service. The "Effective Date" at the top indicates the latest revision. We encourage you to review this policy periodically.

14. Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us at:

privacy@truemetric.info

Chelsea AI Ventures Ltd.