mandera analytics, operated by mandera software GmbH, takes privacy protection seriously. This privacy policy explains how we collect, process, and protect data in accordance with the General Data Protection Regulation (GDPR). This policy covers both our analytics service and our website (mandera.io). We serve as the data controller for personal data collected through our website and service. Questions regarding this privacy policy or our data practices can be directed to billing@mandera.io. You must be of legal age to create an account with our service.
2.1 Role and Approach
In providing our analytics service, we act as a data processor on behalf of our clients. Our service is fundamentally designed with a privacy-first approach, which means we collect only the minimum amount of data necessary to provide meaningful analytics insights. Since our service is designed to collect no personal data, a Data Processing Agreement (DPA) is not required for using our service. This simplifies compliance requirements for our clients while ensuring maximum privacy protection.
2.2 Data Collection Practices
Our analytics service operates without collecting personal data of website visitors, IP addresses, cookies, tracking technologies, device fingerprints, or any other information that could identify individual users. Instead, we collect only anonymous, aggregated data including page views, anonymized visit duration, partial URL referrer information, anonymized browser and device information, country of origin (determined by time zone rather than IP address), screen dimensions, UTM parameters, and language preferences. Detailed information about our tracking methods can be found in our documentation on the website.
2.3 Data Processing and Storage
All data processing and storage operations are conducted exclusively within the European Union. We use Hetzner's data centers in Germany for our primary hosting infrastructure and Bunny CDN (EU locations only) for content delivery. Both providers process only anonymous data and are bound by strict European data protection standards. We implement comprehensive security measures, including end-to-end encryption for all stored data. Analytics data remains stored for the duration of our client's subscription, after which it is permanently deleted following a 90-day grace period after account termination.
3.1 Website Data Collection
When individuals visit mandera.io, we collect only information that is voluntarily provided through contact forms, along with technical information necessary for basic website functionality. We do not use any cookies or tracking technologies on our website. This includes message content and email addresses when provided through our contact form. We use this information solely for responding to inquiries and maintain it only until a deletion request is received.
3.2 Client Account Information
For our client accounts, we process necessary account credentials including email addresses and encrypted passwords, billing information, and any company details that are voluntarily provided. We process this data based on contract fulfillment (Article 6(1)(b) GDPR), legal obligations (Article 6(1)(c) GDPR), and legitimate interests (Article 6(1)(f) GDPR). Account data is maintained for the duration of account existence, while billing data is retained for 10 years as required by law.
We implement appropriate technical and organizational measures to ensure comprehensive data security. This includes end-to-end encryption, regular security updates, access control systems, server monitoring, and regular backup procedures. All data processing occurs exclusively on our servers in the European Union, and we do not transfer data outside the European Union under any circumstances.
Under GDPR, all users maintain comprehensive rights regarding their personal data, including the right to access, rectification, erasure, processing restriction, data portability, objection, and consent withdrawal. These rights can be exercised by contacting billing@mandera.io. In cases where data protection rights may have been violated, individuals have the right to contact us directly for resolution, file a complaint with the relevant supervisory authority, or seek judicial remedy.
We limit third-party service usage to what is strictly necessary for our service operation, including payment processing, email communication, and our infrastructure providers mentioned above. All third-party providers are carefully selected and operate within the European Union. We may update this privacy policy when necessary to reflect changes in our practices or legal requirements. We will notify users of significant changes via email at least 30 days before they take effect, while minor updates will be posted on our website.
For any privacy-related concerns or to exercise your rights under this policy, please contact:
mandera software GmbH
Email: billing@mandera.io
Last updated: January 12, 2025
