General
Install script
Script settings
Features
Integrations
Explained
Legal
Affiliate program
API
Events
Account

Compliance FAQ edit

Download PDF

Here is a list of our frequently asked questions with respect to privacy measures and compliance:

Does Simple Analytics collect personal data?

Simple Analytics does not collect personal data. We do not use cookies or similar tracking technologies. We are also careful to avoid collecting any metrics that could be used for finger-printing and singling out a user (Recital 26 GDPR). None of the data we collect fall under the GDPR.

What does Simple Analytics do with IP addresses?

When IP addresses are sent to us, they are immediately discarded after each request. We do not log, store, or transfer IP addresses at any point.

Optionally, Simple Analytics can check IP addresses against a list of known bot addresses. This allows us to filter out the data for bots and keep your analytics accurate. Even in this scenario, IP addresses are discarded immediately after the check.

What is Simple Analytics’ role in the processing of the data?

The notions of data controller and data processor are defined concerning personal data by the GDPR (see Articles 4(7) and (8) GDPR). We only collect anonymous metrics. Therefore, we are neither data controllers nor data processors concerning the data we collect and process for our customers.

The anonymized metrics collected by Simple Analytics are not personal data. They do not fall under the GDPR, and Articles 5(1)(a) and 6 do not apply to them. No legal basis is needed to process anonymous data.

Using Simple Analytics does not make you a controller of personal data. You do not need a legal basis to process the data, as the GDPR and the principle of lawfulness (5(1)(a) GDPR) do not apply to anonymous data.

Do I need a DPA to use Simple Analytics?

You do not need to sign a data processing agreement with Simple Analytics, as we do not collect personal data and are not considered a processor under GDPR and UK GDPR. However, we are available to discuss custom agreements regarding data protection issues.

Does Simple Analytics use third-party providers?

We rely on Dutch companies Worldserver and Leaseweb to store data. We also rely on BunnyCDN to deliver content. BunnyCDN is part of Slovenian company BunnyWay.

Worldserver, Leaseweb, and Bunnyweb are trusted, European, and GDPR-compliant providers with infrastructure located in the EU. We don’t need to use European providers, as non-personal data can be transferred without limitations under the GDPR. We still choose to do so to ensure that the processing is as transparent and confidential as possible.

Does Simple Analytics require a privacy notice or a privacy policy?

Simple Analytics does not require a privacy notice. Our customers are not controllers of personal data and are not required to provide any information under Art. 13 GDPR, as the provision only applies to the data controller.

For the same reason, it is not mandatory to include Simple Analytics in a website’s privacy policy. We still encourage our customers to do so to be as transparent as possible.

How can I add Simple Analytics to my privacy policy?

Adding us to your privacy policy is not strictly necessary, but we still encourage you to do so in order to be as transparent as possible with your visitors. This is a template you can use or take inspiration from:

We use anonymous metrics to understand how you use your website and where our traffic comes from. We use this insight to improve our website and create a better experience for visitors. We do not track you, serve personalized advertising, or sell the data to anyone.

Our website is powered by Simple Analytics, a privacy-friendly web analytics provider. You can learn more about Simple Analytics on its website.