LiteStats iconLitestats

Privacy Policy

Last updated: 6 February 2026

LiteStats ("we", "us", "our") operates the litestats.io website and analytics service. This Privacy Policy explains how we collect, use, and protect information when you use our service.

1. Information we collect

1.1 Account information

When you create an account, we collect your email address for authentication and account management. If you sign in via a third-party provider (e.g. Google, GitHub), we receive your email from that provider.

1.2 Analytics data (collected from your website visitors)

When the LiteStats tracking script runs on your website, we collect the following non-personal data from your visitors:

  • Page URL and referrer URL
  • Browser type, operating system, and device type (derived from user agent)
  • Country (derived from IP address — the IP itself is not stored)
  • UTM campaign parameters (if present in the URL)
  • A random session identifier stored in sessionStorage (resets when the tab closes)
  • Pageview timestamps and session duration

1.3 What we do NOT collect

  • No cookies are set on your visitors' devices
  • No IP addresses are stored or logged
  • No personal data, names, or email addresses of your visitors
  • No browser fingerprinting
  • No cross-site or cross-device tracking

2. How we use your information

  • Account email: authentication, account notifications, and (only with your opt-in consent) product updates
  • Analytics data: displayed on your dashboard as aggregated metrics to help you understand your website traffic

3. Legal basis for processing (GDPR)

  • Account data: processed under contractual necessity (Art. 6(1)(b) GDPR) — we need your email to provide the service
  • Analytics data: processed under legitimate interest (Art. 6(1)(f) GDPR) — aggregate website analytics that do not constitute personal data
  • Marketing emails: processed under consent (Art. 6(1)(a) GDPR) — only sent if you opt in

4. Data sharing

We do not sell, rent, or share your data with third parties, except:

  • Supabase — our database and authentication provider (data processor)
  • Vercel — our hosting provider (data processor)
  • Stripe — payment processing (only if you purchase a paid plan)

All sub-processors are bound by Data Processing Agreements and process data only on our instructions.

5. Data retention

  • Account data: retained for the lifetime of your account. Deleted within 30 days of account deletion.
  • Analytics data: retained for the lifetime of your account. Deleted when you remove a site or delete your account.

6. Your rights

Under GDPR, CCPA, and applicable privacy laws, you have the right to:

  • Access your data (Art. 15 GDPR)
  • Export your data in a portable format (Art. 20 GDPR)
  • Rectify inaccurate data (Art. 16 GDPR)
  • Delete your account and all associated data (Art. 17 GDPR — "right to be forgotten")
  • Withdraw consent for marketing communications at any time
  • Object to processing based on legitimate interest (Art. 21 GDPR)

To exercise any of these rights, go to Account Preferences → Privacy & Data or email us at privacy@litestats.io.

7. Cookies

The LiteStats website and tracking script do not use cookies. We usesessionStorage for temporary session management, which is cleared when the browser tab is closed and does not require consent under the ePrivacy Directive.

8. Security

All data is encrypted in transit (TLS) and at rest. We follow industry security best practices including principle of least privilege, input validation, and rate limiting.

9. Children's privacy

LiteStats is not directed to children under 16. We do not knowingly collect personal information from children.

10. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on our website. The "Last updated" date at the top of this page indicates when it was last revised.

11. Contact

If you have any questions about this Privacy Policy, please contact us at privacy@litestats.io.