Privacy Policy

Last Updated: January 22, 2025

Introduction

This Privacy Policy explains how IndieData ("we," "us," or "our") collects, uses, and protects personal information. This policy is divided into two sections:

• Privacy policy for visitors of websites using IndieData analytics
• Privacy policy for IndieData clients (website owners and developers)

Part 1: Privacy Policy for Website Visitors

1.1. Data Collection

When you visit a website that uses IndieData analytics, we collect:

• Page views and interactions
• Browser (e.g., Chrome)
• Operating system (e.g., Windows, macOS...)
• Referring website
• Country, Region and City (e.g., Portugal, Lisbon, Lisbon)
• Device type (e.g., desktop, mobile, tablet)
• Visitor Id: An anonymous identifier generated by creating a unique combination of the user’s anonymized IP address, the website domain, device type, operating system, browser, and other user agent data. To further enhance security and privacy, we add a daily salt to the hashing process, meaning the identifier is renewed every day. This approach strictly adheres to GDPR guidelines and other privacy standards.
• Session Id: A unique hash that identifies individual sessions based on activity within the last 30 minutes.

1.2. Cookie Usage

IndieData does not use cookies for tracking. Our analytics system is designed to be privacy-friendly and compliant with GDPR and similar regulations.

1.3. Data Storage

Your data is stored directly in the website owner's Supabase database. IndieData acts only as a processor of this information.

1.4. Your Rights

As a website visitor, you have the right to:

• Know what data is being collected about you
• Request access to your data
• Request deletion of your data

To exercise these rights, please contact the owner of the website you visited directly.

Part 2: Privacy Policy for IndieData Clients

2.1. Account Information

When you register for IndieData, we collect:

• Your name, email address, and password.

When you add a new website, we collect:

• Supabase project credentials (project url and anon key)

2.2. Data Storage and Security

We handle your data in the following ways:

• Supabase credentials are securely stored
• Payment information is processed through Stripe and not stored on our servers
• Analytics data is stored primarily in your Supabase database
• If data replication is enabled, we temporarily store analytics data for 30 days

2.3. Optional Data Replication

If you enable the "Replicate Data" feature:

• Analytics data is stored on IndieData servers for 30 days
• This data is used only for performance optimization and avoid egress traffic from your Supabase database
• Data is automatically deleted after 30 days

2.4. Data Usage

We use your data to:

• Provide analytics services
• Send important updates about our service

2.5. Your Rights as a Client

As an IndieData client, you have the right to:

• Access and export your account information
• Modify your Supabase credentials
• Delete your account and associated data

General Provisions

Data Protection

We implement appropriate security measures to protect against unauthorized access, alteration, disclosure, or destruction of data.

Changes to This Policy

We may update this Privacy Policy periodically. Changes will be reflected in the "Last Updated" date at the top of this document.

Contact Information

For questions about this Privacy Policy, please contact:

Email: luiz@indiedata.io