GDPR Role is both a data Processor and a data Controller. As a Processor we collect and analyze web traffic to provide marketing analytics on behalf of our clients, the Controllers. We are very strict when processing the data of our clients: we never mix data across client accounts, never merge in 3rd party data and never sell your data to anyone for any reason.
As a data Controller, we handle data about our clients, prospects, employees and vendors.

Data Collected from our Clients' Customers

During the course of business operations, collects very few data points about our clients customers (listed below). You may be surprised at how few there are; this is very intentionally limited to ensure that we do not collect any data that is not strictly necessary for the operations of the platform.

Data Collected about our Clients

During the course of business collects several data points about our clients, used to create and operate your account (listed below). We do not buy data about our clients from 3rd parties for sales, marketing or ongoing management of accounts.

3rd Party Integrations

We have data integrations with the following companies (below). During the course of normal business operations we may receive or send data about our clients. For example, if you sign-up for our Shopify App, we will populate many fields using data provided by Shopify. Stripe provides secure credit card processing and as such receives some minimal information required to tie your payment information to your account.

Data Retention

We have defined data retention periods for each type of data we collect. Data retention may be affected by custom settings in your account. There may be additional audit or operational logs used for debugging that retains data longer. Client's Customer Data: Anonymous data retained for 60 days, known user data retained for 1 year after last seen. Client data: Retained while account is in use and for 2 years after account is cancelled or closed.

Data Processing

We collect the above web activity data and assemble a timeline for each customer. We then track traffic sources via referrer and URL values to assign attribution credit for the events reported. We do not conduct profiling and make no predictions about the expected behavior of users.

Data Subject Rights

We are committed to assisting our Controllers in honoring any Data Subject Requests to exercise their rights to access, erasure and portability. Please email for assistance fulfilling your customers data subject requests or to submit a request for yourself.