Privacy Policy

At RGstat, we take privacy seriously. Our web analytics service is built from the ground up to be privacy-friendly and GDPR-compliant. This Privacy Policy explains what data we collect, how we use it, and how we keep it secure.

1. What Data We Collect

a) Website Visitors (by our tracking script)

RGstat collects no personal data from your website visitors. Our tracking script:

• Does not use cookies
• Does not store or log IP addresses
• Does not fingerprint devices
• Does not track users across websites

We collect only aggregated, anonymized data such as:

• Page URL
• Referrer (if available)
• Screen resolution and device type (if available)
• Browser name and version (if available)
• Operating system name and version (if available)
• Approximate location (derived in real time from the visitor's IP address — the IP itself is never stored or logged)
• Time on page, session duration, navigation events

Even when viewing aggregated statistics across all websites or group of websites, a single person visiting two different websites will be counted as two separate visitors. We do not associate activity between domains.

b) RGstat Clients

When you sign up for RGstat, we collect:

• Your email address
• Payment and billing details
• Account usage and login history
• The URLs of the websites you connect to RGstat

This information is collected directly from you and used only to provide and maintain the service, manage your account, generate usage reports, and handle support or billing.

2. How We Use the Data

We use the data we collect for the following purposes:

• To provide anonymous insights into website traffic and user behavior
• To operate and improve the RGstat platform
• To secure the service and detect abuse
• To provide technical support and manage billing

3. How the Tracking Script Works

The RGstat tracking script:

• Runs client-side in the browser
• Does not set cookies or store data in localStorage
• Sends only minimal technical data
• Does not assign persistent identifiers
• Does not link user sessions across websites

Data is processed and stored exclusively in the European Union, in Amsterdam (Netherlands).

4. GDPR Compliance

RGstat is fully compliant with the General Data Protection Regulation (GDPR):

• Lawful basis: We process data based on legitimate interest (analytics) and contractual obligation (client accounts).
• Data minimization: We only collect what is necessary to deliver and improve the service.
• Transparency: Our practices are clearly explained in this policy.
• User rights: You have full control over your personal data.
• Roles: You (the website owner) act as the data controller for your visitors; RGstat acts as your data processor.

5. Data Security

RGstat applies industry-standard security measures:

• HTTPS encryption for all data transfers
• Access control and internal audit logging
• Regular vulnerability monitoring and patching
• Data hosting in certified EU data centers (Amsterdam)

6. Third-Party Services

RGstat uses a minimal number of third-party services. When we do, we ensure:

• Each provider is GDPR-compliant
• A Data Processing Agreement (DPA) is in place
• Data shared is limited to what is necessary (e.g., payment processing, email delivery)

We do not share your data with third parties for marketing purposes. We do not share visitor analytics data with any third party.

7. Your Rights

As a data subject under the GDPR, you have the right to:

• Access your personal data
• Correct inaccurate data
• Request deletion of your data
• Object to or restrict processing
• Request data portability