Back
Privacy by design

Privacy Policy

Last updated: June 1, 2026

LyticData is a product-analytics and error-tracking tool for founders. The safest data is the data we never hold, so we collect the minimum needed to give you a useful insight — and nothing more. This page explains exactly what that means.

The one rule that shapes everything

We store behavior, not identity. LyticData does not collect or store your end-users' names or email addresses, and does not store raw IP addresses. Every end-user is identified only by a random, anonymous identifier.

What we collect (about your visitors)

  • A random anonymous visitor ID (a UUID stored in their browser). Never a name.
  • Page URLs and paths, referrer, and UTM campaign parameters.
  • Device, browser, operating system, and screen size.
  • Coarse location only — country and city. We never store precise GPS / lat-long.
  • On-page behavior: time on page, scroll depth, and which elements were clicked (we never read text you typed into form fields).
  • Error messages and stack traces from your site, to help you fix bugs.

What we deliberately do NOT collect

  • End-user names, email addresses, or profile photos.
  • Raw IP addresses — an IP is used in transit only to derive a country, then discarded.
  • Precise location.
  • The contents of text inputs / form fields your visitors type into.

If you choose to pass a user reference so you can correlate behavior on your own side, send only an opaque token (e.g. a hashed ID) — your users' real identity stays with you and never enters our database.

Consent

Our tracking script is consent-aware. You can configure it to hold all tracking until your visitor has consented — nothing fires (no pageview, click, or error) until you callgrantConsent(). This makes LyticData usable under GDPR-style consent requirements.

How long we keep it

Raw, event-level data is kept for a limited retention window (90 days by default). After that it is rolled up into anonymous aggregate statistics and the raw rows are deleted. Aggregates (counts and trends) may be kept longer; raw per-session rows are not kept forever.

Your data, your control

As the customer, you can at any time:

  • Erase a single end-user's data on request (right to erasure).
  • Export all of a project's data.
  • Disconnect a project, which permanently deletes all of its stored data.

Where it lives & how it's protected

Data is logically isolated per project and encrypted in transit and at rest. Database access is locked down with least-privilege credentials and no public network exposure. We use a small set of sub-processors (hosting, database, and the AI provider that phrases insights) — listed in our Data Processing Agreement.

Roles

For your end-users' data, you are the data controller / fiduciary and LyticData is the processor — we process data only to operate the service you configured. A DPA is available.

Breaches

In the unlikely event of a data breach affecting your data, we will notify you without undue delay and within 72 hours of becoming aware of it.

Contact

Questions about privacy? Email privacy@lyticdata.com.

This policy is provided in good faith and describes how the product is built. It is not legal advice; for your own compliance obligations, consult a qualified professional.