Back
For customers

Data Processing Agreement

This is a plain-language summary / template of our DPA. For a signed agreement, email privacy@lyticdata.com. It is not legal advice.

1. Roles

You (the customer) are the data controller / fiduciaryfor your end-users' data. LyticData is the processor, processing data only to operate the analytics service you configured.

2. What is processed

Anonymous visitor identifiers, optional opaque customer-supplied references, page URLs/paths, referrer/UTM, device/browser/OS, coarse location (country/city), on-page behavior, and error messages/stack traces. No names, no emails, no raw IP addresses.

3. Privacy by design

  • End-users identified only by a random anonymous ID.
  • IP used transiently to derive country, then discarded.
  • Country/city granularity only.
  • Per-project logical isolation.
  • Raw event data retained 90 days, then aggregated and deleted.

4. Sub-processors

  • Vercel — application hosting.
  • MongoDB Atlas — database (encrypted at rest).
  • Anthropic — phrases the natural-language wording of insights.
  • Clerk — authentication for your LyticData account.
  • Resend — transactional email to you.
  • Payments processor — for your subscription billing.

5. Security

Encryption in transit (TLS) and at rest, least-privilege database access, no public database network exposure, and rotated credentials.

6. Data-subject rights tooling

  • Erasure of a single end-user's data within a project.
  • Export of all of a project's data.
  • Deletion on disconnect — removing a project erases all its data.

7. Breach notification

We will notify you without undue delay and within 72 hours of becoming aware of a personal-data breach affecting your data.

8. Deletion on termination

On termination or project disconnect, we delete all of the project's data.

See also our Privacy Policy.