Earlier this year, on May 25th, the EU’s GDPR laws came into force. GDPR protects EU residents’ private data and any web-based business that interacts with people in the EU are affected by the new rules, wherever it is based in the world.
Here at ClickMeter, we decided to update our system and offer advanced privacy for free and by default to all customers so that virtually no personal data is stored on our servers. This offer full IP privacy as not even full IP addresses are recorded.
Is our company compliant with privacy laws using a web analytics tool?
Although major analytics tools never associated the identity of users with the data they store, with legislation – especially in European countries – becoming increasingly severe most offer advanced privacy and anonymized data to ensure customers that they are compliant with privacy law wherever they are in the world.
The main concern was IP privacy, as sometimes an IP address can be used to identify the computer or company a connection is coming from. In ClickMeter’s case, full IP addresses aren’t stored.
You can check out how we get your analytics and reports, then make sure the data is anonymized below:
Best Practice for IP Privacy and Law Compliance
By truncating IP addresses using a method known as “IP masking” ClickMeter uses a portion of the users’ IP address, rather than the entire IP address (partial IP).
Incomplete IP addresses don’t allow the computer that clicks or visits come from to be identified. This means the data collected is not associated with a particular person and therefore doesn’t violate any privacy rules.
When truncating the IP, some of the visitor’s data is lost. ClickMeter processes some data from the user and then truncates the IP. All of the information processed with regards to the IP and the links clicked are stored for only 30 minutes in a secure database before being permanently deleted. The IP information is never available in the customer analytics interface. In this way, statistical information is stored without violating users privacy and your company can be compliant with the law.
Please note: ClickMeter may store log files which are only used for disaster recovery purposes (which has less than a 0.001% chance of happening). Files containing raw data, including the user’s IP address, are not associated with any customer, tracking link or pixel.
About Amazon Server-Farm Security
The IT infrastructure that Amazon Web Services provides to its customers is designed and managed in alignment with best security practices and a variety of IT security standards, including: SOC 1/SSAE 16/ISAE 3402 (formerly SAS 70 Type II); SOC 2; FISMA, DIACAP, and; FedRAMP; PCI DSS Level 1; ISO 27001; ITAR; FIPS 140-2.
In addition, the flexibility and control that the AWS platform provides allows customers to deploy solutions that meet several industry-specific standards, including HIPAA; Cloud Security Alliance (CSA); Motion Picture Association of America (MPAA).
You can find out more here.
- Is ClickMeter secure and reliable?
- The 30 best ways to track links
- Click fraud protection: Tracking malicious fraudulent clicks
This blog post is about:
- Is ClickMeter GDPR compliant?
- IP privacy
- IP masking
- Anonymized data in ClickMeter
Originally published: July 26th, 2017.
Updated: August 15th, 2018.