Produl/ docs
DashboardPricing

Privacy & Compliance

How Produl handles your visitors' data — and why you don't need a cookie banner.

No cookies, no fingerprint storage

Produl does not set cookies. The tracker generates a pseudonymous visitor_id from browser characteristics (canvas hash, language, screen color depth, timezone, hardware concurrency) and stores it in localStorage so the same person counts once across visits.

The visitor ID is per-origin. It's generated on first visit to your site and never leaves the visitor's browser except as an opaque string attached to their own events on your own site. It cannot be used to correlate the same person across different domains.

No cookie banner required

Because Produl stores no personally identifying information and no cross-site tracker, most European DPAs accept it as out of scope for the ePrivacy Directive's consent requirements. (Consult your legal counsel for your specific situation.)

What's collected

For each pageview or event, Produl stores:

  • The URL path (query string stripped)
  • The referrer (if present)
  • UTM parameters on the URL
  • Screen dimensions and browser language
  • Parsed browser / OS / device-type (from user-agent)
  • Approximate geo (country, region, city) derived from IP — the IP itself is never stored
  • Pseudonymous visitor ID and session key (see above)
  • Event name and properties you submit via track()
  • Core Web Vitals metrics (LCP, FCP, CLS, INP, TTFB)

What's not collected

  • No cookies — ever
  • No raw IP addresses — geo is resolved server-side, then discarded
  • No cross-site identifiers, shared IDs, or syndicated pixels
  • No personal names, emails, phone numbers, addresses
  • No payment, health, or other regulated-category data
  • No page content (we store paths and titles, never the body)
  • No Do-Not-Track-violating profiling

Event properties are your responsibility

If you pass PII to track() in an event's properties, it will be stored. Don't do that — stick to pseudonymous values (plan names, cohort IDs, feature variants).

GDPR & consent-free use

Produl is designed for lawful processing under GDPR's legitimate interest basis without requiring explicit consent, because:

  • No personal data under Article 4(1) is stored
  • No cross-site profiling happens
  • The visitor ID is pseudonymous and can't be linked to a natural person

If your jurisdiction or risk posture requires consent anyway, the tracker can be initialized only after consent — delay loading the script until your consent manager returns analytics accepted.

Data residency

Enterprise+

Enterprise plans can select where data is physically stored and processed. Options:

  • 🇺🇸 US — default, stored in North America
  • 🇪🇺 EU — stored in the European Economic Area
  • 🌏 APAC — stored in Asia-Pacific

Data never leaves the chosen region. Change the region per-site in Settings → Data region. See Data Regions.

Retention

Historical data is automatically deleted once it ages past your plan's retention window. See Plans & Limits for the exact window on each tier. Aggregates (monthly totals) are preserved indefinitely.

Data deletion

To delete all data for a site before retention takes over, open a support ticket from Account → Support. Deletions are processed within 30 days — this matches GDPR Article 17 (right to erasure) timeframes. Per-visitor deletion (right to erasure for a specific end user) is also available on request — include the pseudonymous visitor ID.

DPAs & subprocessors

A Data Processing Agreement (DPA) is available for Business and Enterprise plans on request — contact privacy@produl.tech.

Current subprocessors:

  • Vercel — application hosting
  • Neon — managed database
  • Produl AI provider — powers AI features (insights, Ask Produl). Only aggregated stats or user-submitted prompts are sent, never raw event data.
  • Stripe — billing (for paid plans)
  • Resend / Twilio — email and SMS delivery for alerts (only when configured)

Previous

Plans & Limits

Next

FAQ & Troubleshooting