BetterlyticsBetterlytics

Data Processing Agreement (DPA)

Last updated: June 27, 2025

Scope of This DPA

This Data Processing Agreement applies exclusively to the Betterlytics hosted cloud service available at betterlytics.io and our official domains. It does not apply to self-hosted installations of our open source software. If you self-host Betterlytics, you are responsible for your own data processing agreements and legal compliance.

Why This DPA Is Different

Unlike traditional analytics services, Betterlytics is designed to be anonymous-by-design. We process no personal data, making this one of the simplest DPAs in the analytics industry.

1. Introduction

This Data Processing Agreement ("DPA") forms part of the Betterlytics Terms of Service and governs the processing of data when you use our analytics service. This agreement is designed to ensure compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

Important: Betterlytics is specifically designed to process only anonymous, aggregated data. No personal data is collected, stored, or processed by our service.

2. Definitions

"Data Controller": You (the customer) who determines the purposes and means of processing data from your website visitors.

"Data Processor": Betterlytics, who processes data on your behalf according to your instructions.

"Processing": In our case, the collection and analysis of anonymous, aggregated website analytics data.

"Personal Data": Not applicable - Betterlytics is designed to avoid processing any personal data.

3. Data Processing Details

3.1 Nature and Purpose of Processing

  • Providing anonymous website analytics and visitor insights
  • Generating aggregated reports on website traffic and usage patterns
  • Detecting and filtering bot traffic for accurate statistics

3.2 Categories of Data

Anonymous data only:

  • Anonymized IP addresses (last octet removed immediately)
  • Bucketed screen resolutions (small/medium/large categories)
  • Browser and operating system information
  • Country-level geographic data
  • Page URLs and referrer information
  • Daily-rotating visitor fingerprints (anonymous identification)

3.3 Data Subjects

Not applicable - our system is designed to prevent identification of individual data subjects. All data is processed in aggregate and anonymous form only.

3.4 Processing Location

All data processing occurs within the European Union on servers located in secure EU data centers.

4. Your Instructions

By using Betterlytics, you instruct us to:

  • Collect anonymous analytics data from your website visitors
  • Process this data to generate website analytics and insights
  • Store the data for the duration of your subscription
  • Delete all data immediately upon account deletion
  • Provide you with analytics reports and access to your data

5. Security Measures

Betterlytics implements appropriate technical and organizational measures to ensure data security:

  • All data transmission encrypted using TLS 1.2/1.3
  • Data at rest encrypted using industry-standard encryption
  • Access controls limiting data access to authorized personnel only
  • Regular security audits and updates
  • EU-based servers in secure data centers
  • Immediate IP anonymization at data collection point

6. Subprocessors

Betterlytics may engage the following categories of subprocessors:

Infrastructure providers: EU-based cloud hosting and infrastructure services

We will notify you of any changes to our subprocessors and obtain your consent where required by law.

7. Data Subject Rights

Not applicable: Since Betterlytics processes only anonymous data, individual data subject rights (access, rectification, erasure, etc.) do not apply to our analytics data. Visitors cannot be identified in our system, making individual rights requests impossible to fulfill.

8. Data Breach Notification

In the unlikely event of a security incident affecting our service:

  • We will notify you within 72 hours of becoming aware of any incident
  • We will provide details of the incident and our response measures
  • We will assist with any required notifications to data protection authorities
  • Note: Risk to individuals is minimal given our anonymous-only data processing

9. Data Deletion and Return

Account Deletion

All data (personal and analytics) is permanently deleted immediately upon account deletion.

Subscription Cancellation

Analytics data is retained for 1 month in case you return, then permanently deleted.

Data Export

You can export your analytics data at any time through your dashboard.

10. Audits and Compliance

Betterlytics maintains compliance through:

  • Regular internal security and privacy assessments
  • Transparent, open-source codebase for technical verification
  • Public privacy policy and terms of service
  • Commitment to cooperate with reasonable audit requests from enterprise customers

Contact for DPA Matters

For questions about this DPA or data processing practices:

Legal inquiries: legal@betterlytics.io

Technical questions: support@betterlytics.io

This DPA is automatically accepted when you use Betterlytics and forms part of our Terms of Service.
🇪🇺 Anonymous-by-design analytics - Made and hosted in the European Union