Privacy policy

We track pageviews and events for sites that install our script. We don't use cookies. We don't track individual people across sites or across days. We don't sell your data. We're a small team based in the United States; if you email us we read it.

The rest of this page is the precise version. If anything here disagrees with the summary, the precise version wins.

"Gizmo", "we", and "us" refers to Gizmo Analytics, a service provided by Gizmo Analytics, LLC (the "Company"). Contact: hello@gizmoanalytics.io.

This policy covers two distinct categories of people: our customers (people who sign up for an account on gizmoanalytics.io) and visitors to customer sites (people whose browsers load the Gizmo tracking script when they visit a website using our service). What we collect is different for each.

When a visitor loads a page on a website running our tracking script, we record the following for each event:

• The site domain (e.g. example.com)
• Event name (typically pageview or a custom event the site owner defines)
• Path visited (e.g. /blog/post)
• Referrer (the URL they came from, if any)
• Country (derived from IP via Vercel/Cloudflare headers; no city, no IP stored)
• Device type (desktop / mobile / tablet)
• Browser family (Chrome, Firefox, Safari, etc.)
• Custom event properties the site owner chose to send
• A daily-rotating visitor ID, described below
• Timestamp

We do not set cookies, use localStorage, or persist any client-side identifier. We do not collect names, email addresses, IP addresses, screen fingerprints, or precise location.

We generate a per-visit identifier by hashing the visitor's IP address, User-Agent, the website domain, and a daily salt:

visitor_id = sha256(daily_salt + utc_date + workspace_id + ip + user_agent)

Only the first 16 hex characters of the hash are stored. The IP address itself is never written to our database. The salt rotates at midnight UTC, so the same person visiting on two different days appears as two different visitors. This makes it possible for us to count distinct visitors and compute things like bounce rate for a single day, while making it impossible to identify a specific person or to track them across days or across websites.

This is the same approach used by Plausible, Fathom, and Simple Analytics. It complies with GDPR's anonymization standards and does not require a cookie banner under the ePrivacy Directive.

When you sign up for a Gizmo account, we collect:

• Your email address (from Google or via magic-link signup)
• Your name and profile image (only if you sign in with Google)
• Workspace name, sites you've added, tags you've created
• API keys you mint (stored as hashes; we encrypt the plaintext separately so you can view it again, but a database leak alone doesn't expose plaintext)
• Billing information through Stripe (we do not see your card details — Stripe holds them)
• Standard server logs (request timestamps, status codes; retained 7 days)

We use the following service providers. Each receives only the data needed to do their job, governed by Data Processing Addendums where applicable:

• Vercel (United States) — application hosting and request routing.
• Neon (United States) — Postgres database for accounts, workspaces, sites, API keys.
• ClickHouse Cloud (United States) — analytics event storage. Visitor IDs and event metadata are stored here.
• Stripe (United States) — payment processing. Card data goes directly to Stripe; we never see it.
• Resend (United States) — sending authentication and quota notification emails.
• Google (United States) — OAuth sign-in if you choose that method.
• OpenAI (United States) — used by our CSV import feature to map column names. The first 20 rows of an uploaded CSV are sent to OpenAI for column inference; no event data crosses the boundary.
• Anthropic and other AI assistants — only when youconnect your AI assistant via MCP. Your AI assistant accesses your data via authenticated API calls; we don't share data with Anthropic independently.

Analytics events are retained for the period defined by your plan:

• Free: 30 days
• Starter: 1 year
• Growth: 3 years
• Scale: 5 years

Events older than your plan's retention window are automatically deleted. Account data (workspace, API keys, billing) is retained while your account is active and for 30 days after deletion (in case of accidental deletion). Server logs roll off after 7 days.

If you are an EU/UK resident under GDPR, you have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Delete your data (right to erasure)
• Object to or restrict processing
• Receive your data in a portable format
• Withdraw consent (where consent is the legal basis)
• Lodge a complaint with your supervisory authority

California residents have similar rights under the CCPA, including the right to know what we collect, the right to delete, and the right to opt out of any "sale" of personal information (we don't sell any).

To exercise any of these rights, email hello@gizmoanalytics.io from the email address associated with your account. We respond within 30 days.

Visitors to customer sites:because we don't identify you (no cookies, no IP stored, daily- rotating ID), we generally cannot find your data to fulfill an access or deletion request. If you believe we hold data about you, contact the site owner — they are the data controller, and we are their processor.

We use no tracking cookies on websites that install our script. On gizmoanalytics.io itself (the customer dashboard), we use a small number of strictly necessary cookies for authentication. We do not use marketing or advertising cookies anywhere.

Gizmo is not directed at children under 13, and we do not knowingly collect data from anyone under 13. If you become aware that a child has provided us with personal data, contact us and we will delete it.

Our infrastructure is hosted in the United States. If you access Gizmo from outside the US, your data will be transferred to and processed in the United States. We rely on Standard Contractual Clauses (SCCs) for transfers from the EU/UK.

We will post any changes here and update the date at the top. For material changes, we will email account holders. Continued use of Gizmo after a change constitutes acceptance.

Questions, requests, or complaints: hello@gizmoanalytics.io or our contact form. We aim to reply within one business day.