Privacy Policy

Last updated: January 10, 2026

Terms of Service

Privacy-First Architecture

GoodData is built on a Privacy by Design philosophy. Unlike traditional analytics that rely on invasive cross-site cookies, we use Server-Side Fingerprinting with a 24-hour rotating salt. This means user identities are ephemeral, we can track a session effectively, but user history is naturally anonymized every day. We do not use cookies, and we do not track users across different websites.

Data Collection & Behavioral Intelligence

We collect behavioral vectors to help developers improve their user experience. This includes:

  • Device Telemetry: Screen size, browser type, operating system, and rough geolocation (Country/City level).
  • Interaction Events: Clicks, scrolls, and navigation patterns.
  • "Active Spy" Metrics: To detect user intent, we track micro-interactions such as Rage Clicks (rapid clicking), Hesitation (cursor velocity), Text Copying, and Screenshots (via heuristic detection).

Screenshots & Sensitive Data

Our "Screenshot Detection" feature logs that a screenshot was taken, along with page metadata (URL, OpenGraph tags). We do not capture the visual image of the user's screen or any content outside the browser window. We encourage all customers to avoid sending Personally Identifiable Information (PII) in their page metadata.

Data Retention & Hashing

  • No IP Storage: IP addresses are used momentarily to generate a session hash and look up geolocation, then immediately discarded. We do not store raw IP addresses in our database.
  • Daily Salt Rotation: Our fingerprinting algorithm rotates its secret salt every 24 hours. This makes it mathematically impossible to link a user's activity from one day to the next, ensuring long-term privacy.

Subprocessors & Infrastructure

We utilize industry-standard infrastructure providers to ensure high availability and security. Our primary subprocessors include Render (Application Hosting) and Supabase (Database & Auth). All data is encrypted in transit (TLS 1.3) and at rest.

Your Rights (GDPR & CCPA)

As a Data Processor, we provide tools for our customers (Data Controllers) to manage their data. You retain full ownership of your analytics data. You may export your raw event data or request the deletion of specific project data at any time via the dashboard settings or by contacting support.

Contact Us

If you have any questions about our encryption standards, hashing algorithms, or privacy practices, please contact our Data Protection Officer at privacy@gooddata.app.