docs
to the homepage

Compliance

Introduction

Mandera is dedicated to providing a privacy-first web analytics solution that respects user privacy and adheres to the highest standards of data protection. Our tracking method is designed to collect only the necessary data to provide valuable insights without compromising individual privacy.

Legal Compliance

General Data Protection Regulation (GDPR)

Mandera is fully compliant with the General Data Protection Regulation (GDPR). We do not collect any personal data from end users, such as website visitors or app users. Our tracking method does not use cookies, collect IP addresses, fingerprint users, or use device identifiers. By minimizing the data we collect, we ensure full compliance with the principles of data minimization and purpose limitation.

UK General Data Protection Regulation (UK GDPR)

Similarly, Mandera complies with the UK General Data Protection Regulation (UK GDPR). Our practices align with the requirements for processing personal data, although we do not collect any personal data, making our compliance straightforward.

Privacy and Electronic Communications Regulations (PECR)

Mandera is compliant with the UK’s Privacy and Electronic Communications Regulations (PECR). We do not use cookies or similar technologies that store or access information on end-users’ devices. Therefore, we do not require user consent for our tracking activities, as confirmed by the Information Commission Office (ICO).

California Consumer Privacy Act (CCPA)

Mandera is compliant with the California Consumer Privacy Act (CCPA). We do not collect any personal information as defined by the CCPA, which includes data that identifies, relates to, or could be linked to a user or their household.

Health Insurance Portability and Accountability Act (HIPAA)

Mandera complies with the Health Insurance Portability and Accountability Act (HIPAA). We do not collect personally identifiable data or protected health information (PHI). Therefore, we are not considered a business associate under HIPAA and do not require a Business Associate Agreement (BAA).

ePrivacy Directive and National Implementations

Mandera complies with the EU’s ePrivacy Directive (Article 5(3)) and its national implementations, such as PECR (UK) and TTDSG (Germany). By not collecting data stored on end-user devices, we ensure that our tracking method is in line with these regulations.

Data Collection and Handling

What We Collect

  • Unique Visits: Detected based on referrer domain; counts new visitors when referrer doesn’t match the website.
  • Timestamps: To record when visits occur.
  • Anonymized User Agents: Truncated to prevent identification (e.g., “Chrome/78.0.0.0”).
  • Country: Determined via browser timezone, providing only country-level information.
  • Device Dimensions: Viewport and screen size for device type identification.
  • Time on Page: Measured by active viewing time, excluding time when the page is hidden, with a minimum threshold of 5 seconds.
  • Referrers: To track the source of visitors.
  • UTM Parameters: To identify marketing campaigns.

What We Do Not Collect

  • Cookies: No cookies or similar tracking technologies are used.
  • IP Addresses: IP addresses are dropped immediately and not stored or hashed.
  • Personal Data: No data that can identify an individual is collected.

Data Processing

  • Data Minimization: We collect only the data necessary for providing analytics.
  • Anonymization: All collected data is anonymized and cannot be linked to individual users.
  • Security: Data is stored on EU-based servers with robust security measures, fully encrypted, and never shared or sold.

User Rights and Controls

Since Mandera does not collect personal data, users do not have rights related to data access, correction, or deletion. However, we respect the “Do Not Track” setting in browsers and do not collect data from users who have enabled this feature.

Third-Party Services

Mandera uses European companies for data storage and content delivery, ensuring that all data handling is compliant with EU data protection laws.

Conclusion

Mandera’s privacy-first approach ensures that our customers can use our analytics tool with confidence, knowing that their visitors’ privacy is protected and that we are compliant with all relevant privacy regulations.

This page serves as a comprehensive resource for understanding Mandera’s compliance with privacy laws and our data collection practices. If you have any questions or need further clarification, please contact us at hello@mandera.io.

Template for Customer Privacy Policies

If you are a customer of Mandera and need to mention our analytics tool in your privacy policy, you can use the following template:

“Mandera provides us with anonymous website analytics. They do not collect any personal data, use cookies, or track individual users. All data is collected in a way that respects user privacy and complies with privacy regulations such as GDPR and CCPA.”

This statement reflects Mandera’s commitment to privacy and can be adapted to fit your specific privacy policy language.

arrow-left