Security & privacy

Built to respect your visitors.

This page describes exactly what data we collect, how it's stored, and what we refuse to do — with nothing softened for marketing. If anything here is ambiguous, that's a bug; tell us and we'll fix the copy.

Produl is built as GDPR compliant analytics from the first request: no third-party cookies, no fingerprints, no cross-site identity graph. The same posture covers the CCPA in California and the UK's PECR. For teams that need EU data residency we isolate storage to an EU-only region at the Enterprise tier — backups included. Read the related context on our about page and the practical install side on features.

Compliance posture

GDPR (EU) & UK GDPR / PECR. Because Produl uses no third-party cookies and no persistent cross-site identifiers, ordinary aggregate analytics typically fall outside the consent regime. Customer data is processed under a Data Processing Agreement (template available; signed on request).

CCPA / CPRA (California).We don't sell or share visitor data with advertising partners. There is no “Do Not Sell” switch to flip because the underlying behaviour doesn't exist.

Data residency. US is the default. EU data residency and APAC isolation are available at the Enterprise tier — your rows physically live in the chosen region, including backups.

Encryption at rest and in transit. TLS 1.3 in transit. AES-256 at rest at the storage layer (Neon serverless PostgreSQL); daily encrypted backups retained for 7 days; point-in-time recovery within your retention window.

SOC 2 (aspirational).We are not yet audited. SOC 2 Type II is on the roadmap when usage justifies the recurring cost of a continuous-control audit; we'd rather tell you the truth than ship a badge we haven't earned.

What we don't do

  • Set third-party cookies for tracking
  • Use ad-tech device fingerprints
  • Build a cross-site identity graph
  • Sell, share, or rent your visitor data
  • Syndicate data to DSPs or data brokers
  • Require cookie banners for basic analytics*
  • Run tracking pixels from third-party domains

What we do

  • Store raw pageviews + events in your own PostgreSQL tables
  • Geolocate IPs to country + city (never persist the raw IP)
  • Use localStorage only to dedupe the same visitor across pages
  • Encrypt all traffic with TLS 1.3 end-to-end
  • Offer US / EU / APAC data residency at Enterprise tier
  • One-click export of every row to JSON or CSV
  • Hard-delete everything within 24h when you ask

* Most jurisdictions don't require consent banners for aggregate first-party analytics without persistent cross-site identifiers. Your legal obligations depend on your region and how you use custom events. We are not your lawyer.

How your data is handled

Storage

Neon serverless PostgreSQL. Every row has a site_id scoped to its owner; queries never leak across tenants. Automated daily backups retained for 7 days. Point-in-time recovery within your retention window.

Transport

TLS 1.3 end-to-end. HSTS preload on produl.tech and app.produl.tech. Signed HMAC-SHA256 session cookies (httpOnly, Secure, SameSite=Lax).

Multi-region residency

Enterprise accounts pick US, EU, or APAC when creating a site. Data physically resides in that region and never leaves it — even for backups.

No cookies, by design

The tracker script sets zero HTTP cookies. Visitor deduplication uses localStorage only — which stays inside your users' browser and never becomes a cross-site ID.

Bot & fingerprint hardening

Server-side UA filtering removes known bots from your counts. Our own probes and tracker SDKs identify via User-Agent so they never inflate your analytics.

Access controls

Owner-per-site scoping enforced at the SQL layer. Admin actions audit-logged. Impersonation requires explicit admin role + logs every session.

Secrets & credentials

Stripe API keys (when you connect billing) are encrypted at rest in restricted scope. Webhook secrets rotated per connection.

Data deletion

Deleting a site removes every pageview, event, session, and derived aggregate within 24 hours. Deleting your account removes every trace of your tenant.

Responsible disclosure

Found a vulnerability? Email security@produl.tech — we reply within 48 hours. We don't threaten researchers acting in good faith.

What we're honest about not having yet

Compliance certifications are expensive and time-consuming to audit. We'd rather tell you what's real today than claim checkboxes we haven't earned.

  • SOC 2 Type II — not audited yet. On the roadmap for when usage justifies the cost.
  • ISO 27001 — not certified.
  • HIPAA BAA — not offered. Don't use Produl for PHI.
  • Formal DPA — provided on request for Enterprise, template in review for lower tiers.
  • Bug bounty program — not formalised. Informal disclosure works via support.

Related reading

Privacy policy

The legal version of this page — written by humans, not AI.

Produl vs Google Analytics

How a cookieless tracker compares to GA4 on privacy, sampling, and GDPR.

Data residency docs

Exactly how the US/EU/APAC isolation works on the infrastructure level.

Terms of service

The boring part. Short, readable, no gotchas.

Lightweight analytics and Core Web Vitals

Why a 7 KB cookieless tracker keeps your site green on LCP and INP.

Stop feeding your visitors
to Google. Start measuring
what actually matters.

Start free · 5-minute setupExplore the demo

Free forever up to 10k events · cancel any time