Gaaust

Privacy Policy

Last updated: 2025-10-31

1. Introduction

This Privacy Policy describes how Gaaust ("we," "our," or "us") collects, uses, and protects information in connection with our privacy-first analytics service ("Service"). This policy covers two types of data subjects:

  • Customers: Individuals or organizations who subscribe to and use our Service
  • End Users: Visitors to our Customers' websites where our tracking script is installed

Our Privacy-First Approach: Our tracking script is designed to provide valuable analytics while respecting End User privacy. We do not use cookies or localStorage on End Users' devices, and we do not store IP addresses or any personally identifiable information.

2. Information We Collect from Customers

2.1 Account Information

When you create an account with Gaaust, we collect:

  • Name and email address
  • Password (stored in encrypted form)
  • Company name (optional)
  • Website URL where the tracking script will be installed

2.2 Billing Information

For paid subscriptions, we collect:

  • Payment card information (processed through secure third-party payment processors)
  • Billing address
  • Transaction history

2.3 Usage Information

We automatically collect information about how you use the Service:

  • Dashboard access times and interactions
  • Features and settings you use
  • Browser type, IP address, and device information
  • Log data including access times and system errors

3. Information We Collect from End Users

When our Customers install our tracking script on their websites, we collect the following anonymous analytics data from End Users on behalf of our Customers:

3.1 Technical Information

  • User Agent: Browser type, version, and operating system information (stored for aggregate statistics)
  • Browser Language: Language settings of the browser
  • Device Information: Screen resolution, device type (desktop, mobile, tablet)

3.2 Anonymous Session Data

  • Anonymous Session Identifier: A cryptographic hash generated from the combination of IP address, user agent, and a randomly-generated salt that changes daily. Important: The original IP address is used only momentarily to create this hash and is never stored or logged. This approach allows us to count unique visitors within a 24-hour period while making it impossible to track individuals across days.
  • Geographic Region: Country-level location derived from IP address before it is discarded (we do not store city or precise location data)

3.3 Behavioral Data

  • Referrer URL: The webpage that linked to the Customer's website
  • Page Visit Duration: Time spent on each page
  • Navigation Patterns: Pages visited within the Customer's website
  • Session Information: Timestamps of visits

3.4 Content Data

  • Page Titles: Titles of pages visited on the Customer's website
  • Page URLs: URLs of visited pages
  • HTML Content: The HTML body content of visited pages for content analysis (optional, configured by Customer)

3.5 What We DON'T Collect Automatically

We do not collect or store:

  • IP addresses (used only for hash generation, then immediately discarded)
  • Cookies or any data which relate to End Users' privacy in End Users' browsers (no cookies, no localStorage)
  • Persistent identifiers that can track users across websites
  • Personal identification information such as names or email addresses
  • Precise geolocation data (only country-level)

No Cookie Banners Required: Because we don't use cookies, localStorage, or store personal data, our Service is designed to comply with GDPR and ePrivacy Directive without requiring cookie consent banners in most jurisdictions. However, Customers are responsible for determining their specific legal obligations based on their location and audience.

Data Processor Role: Gaaust processes End User data solely on behalf of our Customers as a data processor. Customers are responsible for ensuring their use of our Service complies with applicable privacy laws.

4. How We Use Information

4.1 Customer Information

We use Customer information to:

  • Provide, maintain, and improve the Service
  • Process payments and manage subscriptions
  • Send service-related notifications, updates, and security alerts
  • Provide customer support and respond to inquiries
  • Analyze usage patterns to improve our platform
  • Detect and prevent fraud and security incidents
  • Comply with legal obligations

4.2 End User Information

We process End User information on behalf of our Customers to:

  • Generate anonymous analytics reports and insights for Customers
  • Track visitor behavior and engagement patterns on Customer websites
  • Provide Customers with aggregated data about their website performance
  • Improve the accuracy and usefulness of our analytics Service

We do not:

  • Use End User data for our own marketing purposes
  • Sell or share End User data with third parties for advertising
  • Create profiles of individual End Users
  • Track End Users across different websites

5. Data Storage and Security

We implement industry-standard security measures to protect all data collected through our Service:

  • End-to-end encryption in transit using TLS/SSL protocols
  • Access controls with multi-factor authentication and role-based permissions
  • Regular security audits and vulnerability assessments
  • Secure data centers with physical access controls
  • Regular automated backups and disaster recovery procedures
  • Employee training on data security and privacy best practices
  • Automatic deletion of cryptographic salts after 24 hours, ensuring historical session data cannot be re-identified

While we implement reasonable security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data.

6. Data Sharing and Third Parties

We may share information with the following third parties:

6.1 Service Providers

  • Cloud hosting and infrastructure providers
  • Payment processors for handling billing transactions
  • Email service providers for sending notifications
  • Customer support and help desk platforms

These service providers are contractually obligated to protect your information and use it only for the purposes we specify.

6.2 Legal Requirements

We may disclose information if required by law, subpoena, court order, or government request, or if we believe such action is necessary to:

  • Comply with legal obligations
  • Protect and defend our rights or property
  • Prevent fraud or security issues
  • Protect the safety of our users or the public

6.3 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the acquiring entity. You will be notified of any such change via email or prominent notice on our Service.

We do not sell, rent, or share your personal information or End User data with third parties for advertising or marketing purposes.

7. Data Retention

7.1 Customer Data

We retain your account and billing information for as long as your account is active or as needed to provide you services. After account termination, we may retain certain information for legitimate business purposes such as resolving disputes, enforcing agreements, or as required by law (typically no longer than 7 years).

7.2 End User Data

End User analytics data is retained according to the Customer's subscription plan settings and preferences. Customers can configure retention periods through their dashboard. Upon Customer account termination, all End User data will be deleted within 730 days unless earlier deletion is requested or legal obligations require retention.

Automatic Anonymization: The cryptographic salts used to generate session identifiers are automatically deleted after 24 hours. Once deleted, it becomes cryptographically impossible to re-identify or link historical session data to individual End Users, providing an additional layer of privacy protection.

8. Your Rights and Choices

8.1 Customer Rights

As a Customer, you have the right to:

  • Access and review your account information
  • Update or correct your personal information
  • Request deletion of your account and associated data
  • Export your analytics data in CSV or JSON format
  • Opt-out of marketing communications (service notifications will continue)
  • Object to processing of your personal data
  • Lodge a complaint with a supervisory authority

You can exercise these rights by logging into your account dashboard or contacting us at the email address provided below.

8.2 End User Rights

Because we collect only anonymous, aggregated analytics data and do not store IP addresses or create persistent identifiers, there is typically no personal data to access, correct, or delete for End Users.

If you are an End User and have questions about data collected on a website you visit, please contact the website owner directly. As a data processor, we process End User data on behalf of our Customers, and they are the data controllers responsible for responding to End User requests.

If you cannot reach the website owner or your request is not addressed, you may contact us at the email below, and we will work to facilitate your request with the appropriate Customer.

9. Cookies and Tracking Technologies

9.1 Our Website (gaaust.com)

On our own website, we use minimal cookies for:

  • Essential Cookies: Required for authentication and security when you log into your account
  • Functional Cookies: Remember your preferences and dashboard settings

You can control cookie preferences in your browser settings, but disabling essential cookies may limit your ability to use certain features of the Service.

9.2 Our Tracking Script (Customer Websites)