# Data & Privacy



VitalSentinel is designed with privacy in mind. This page explains what data we collect, how we handle it, and how to maintain compliance.

## Privacy by Default [#privacy-by-default]

VitalSentinel's tracking scripts are privacy-focused:

* **No cookies by default** - Works without consent banners
* **No personal data** - We don't collect PII
* **No cross-site tracking** - Each domain is isolated
* **IP anonymization** - IP addresses are not stored

## What Data is Collected [#what-data-is-collected]

### VitalSentinel App Users [#vitalsentinel-app-users]

When you create a VitalSentinel account, we collect:

**Account Information:**

* Email address (used for login and notifications)
* Password (securely hashed, never stored in plain text)
* First and last name
* Timezone and theme preferences
* Profile picture (retrieved from Gravatar based on your email)
* Two-factor authentication settings (if enabled)

**Workspace Data:**

* Workspace name and configuration
* Team member emails, roles, and invitation status

**Billing Information:**

* Subscription plan and status
* Usage metrics (page views, events, domains against plan limits)
* Payment methods and invoices (processed and stored by Stripe, not VitalSentinel)

**Third-Party Services:**

* **Stripe** - Handles all payment processing. We don't store credit card numbers.
* **Google OAuth** - Used only if you connect Google Analytics or Search Console integrations.

**App Analytics:**

* We use our own RUM and Web Analytics scripts on the VitalSentinel dashboard
* The same privacy-by-default principles apply (no cookies, anonymous data)
* We do not sell or share your account data with third parties

For complete details, see our [Privacy Policy](https://www.vitalsentinel.com/privacy-policy).

***

### Website Visitors (Tracking Scripts) [#website-visitors-tracking-scripts]

The following data is collected about visitors to **your** website when you install our tracking scripts.

#### RUM Script [#rum-script]

The Real User Monitoring script collects:

**Performance Data:**

* Core Web Vitals (LCP, CLS, INP, TTFB, FCP)
* Navigation timing metrics
* Resource loading times
* JavaScript errors

**Session Data:**

* Session ID (anonymous, regenerated per page load)
* Page URLs visited (sanitized)
* Timestamps

**Device Data (anonymous):**

* Browser type and version
* Operating system
* Screen resolution
* Device type (mobile/desktop)
* Network connection type

**Engagement (optional):**

* Scroll depth
* Time on page
* Click patterns (anonymous)

#### Web Analytics Script [#web-analytics-script]

The Web Analytics script collects:

**Traffic Data:**

* Page views
* Referrer URL
* UTM parameters
* Traffic source classification

**Session Data:**

* Session ID (anonymous)
* Pages per session
* Session duration

**Device Data (same as RUM)**

**E-commerce (if applicable):**

* Product views
* Cart actions
* Purchases (no payment details)

#### What We Don't Collect (By Default) [#what-we-dont-collect-by-default]

* Names, emails, or personal identifiers
* IP addresses (hashed and discarded)
* Passwords or sensitive form data
* Payment card information
* Health or financial data
* Precise location (city-level only)

<Callout type="info">
  The Web Analytics script has an optional `identify()` method that allows you to associate user data (like email or user ID) with analytics events. This is opt-in and requires explicit implementation by your developers. If you use `identify()`, ensure you have proper consent for collecting that data.
</Callout>

## Data Handling [#data-handling]

### Transmission [#transmission]

* All data is encrypted in transit (TLS)
* Direct connection to our servers
* No third-party data sharing

### Storage [#storage]

* Encrypted at rest
* Stored in secure cloud infrastructure
* Access controlled and audited
* Regular security assessments

### Retention [#retention]

Data is retained based on your plan:

| Plan     | Retention |
| -------- | --------- |
| Free     | 6 months  |
| Starter  | 12 months |
| Lite     | 16 months |
| Standard | 24 months |
| Advanced | 24 months |

After the retention period, data is automatically deleted.

### Deletion [#deletion]

You can delete data by:

* Removing a domain (deletes all associated data)
* Canceling your workspace subscription (data deleted after a grace period)
* Requesting account deletion (removes everything)

## GDPR Compliance [#gdpr-compliance]

VitalSentinel is designed for GDPR compliance.

### No Consent Required (Default) [#no-consent-required-default]

With default settings:

* No cookies
* No persistent identifiers
* Anonymous data only
* No consent banner needed

### With Consent (Enhanced Features) [#with-consent-enhanced-features]

If you want returning visitor tracking:

1. Get user consent
2. Call `grantConsent('persistent')`
3. Persistent visitor IDs enabled
4. Follow your consent requirements

### Data Subject Rights [#data-subject-rights]

For GDPR compliance, users have rights to:

* Access their data
* Delete their data
* Object to processing

Since we don't collect personal data by default, these rights typically don't apply to our analytics data.

### Data Processing Agreement [#data-processing-agreement]

A DPA is available for custom packages. Contact [legal@vitalsentinel.com](mailto:legal@vitalsentinel.com) to discuss your requirements.

## Other Privacy Regulations [#other-privacy-regulations]

### CCPA (California) [#ccpa-california]

VitalSentinel does not:

* Sell personal information
* Share data for cross-context advertising
* Collect sensitive personal information

### PECR (UK/EU Cookie Law) [#pecr-ukeu-cookie-law]

Default configuration requires no cookies, so PECR consent is not needed for basic tracking.

### Other Regions [#other-regions]

Our privacy-by-default approach generally satisfies:

* Brazilian LGPD
* Canadian PIPEDA
* Australian Privacy Act

## Best Practices [#best-practices]

### For Maximum Privacy [#for-maximum-privacy]

1. Use default configuration (no storage)
2. Don't enable persistent tracking
3. Use lower sample rates to reduce data collection
4. Mask text and selectors if needed

### For GDPR Compliance [#for-gdpr-compliance]

1. Use default (no-cookie) mode
2. Only enable persistent storage with consent
3. Provide an opt-out mechanism
4. Update your privacy policy

### Privacy Policy Updates [#privacy-policy-updates]

Add to your privacy policy:

> We use VitalSentinel to monitor website performance and gather analytics. By default, this service does not use cookies or collect personal information. Anonymous performance and usage data is collected to improve our website. For more information, see [VitalSentinel's privacy documentation](https://docs.vitalsentinel.com/others/data-privacy).

## Script Configuration for Privacy [#script-configuration-for-privacy]

### Maximum Privacy [#maximum-privacy]

```html
<script
  src="https://rum.vitalsentinel.com/rum.js"
  data-key="YOUR_ID"
  data-mask-text="true"
  data-mask-selectors="true"
  data-filter-query-params="true"
  async
></script>
```

### Standard (Default) [#standard-default]

```html
<script
  src="https://rum.vitalsentinel.com/rum.js"
  data-key="YOUR_ID"
  async
></script>
```

### With Consent Management [#with-consent-management]

```html
<script
  src="https://analytics.vitalsentinel.com/analytics.js"
  data-key="YOUR_ID"
  data-storage="none"
  async
></script>

<script>
  // Option 1: Call grantConsent when your cookie banner fires
  document.addEventListener('your-cookie-consent-event', function() {
    window.VitalSentinelAnalytics.grantConsent('persistent');
  });

  // Option 2: Dispatch the built-in event (handled automatically)
  // window.dispatchEvent(new CustomEvent('vs-analytics-consent', {
  //   detail: { level: 'persistent' }
  // }));
</script>
```

## Opt-Out for Visitors [#opt-out-for-visitors]

Provide an opt-out mechanism for Web Analytics tracking:

```javascript
// Opt out of Web Analytics tracking
window.VitalSentinelAnalytics.optOut();

// Resume tracking
window.VitalSentinelAnalytics.optIn();
```

Opt-out applies to the current page load and is not persisted across page loads. If you need to remember a visitor's choice, store your own flag (for example in `localStorage`) alongside calling `optOut()`, and call `optOut()` again on each page load when that flag is set.

For RUM, you can respect the browser's Do Not Track setting by conditionally loading the script:

```javascript
// Only load RUM if Do Not Track is not enabled
if (navigator.doNotTrack !== '1') {
  // Load RUM script
}
```

## Security [#security]

### Our Security Practices [#our-security-practices]

* Regular penetration testing
* Encrypted data at rest and in transit
* Access logging and monitoring
* Incident response procedures

### Reporting Vulnerabilities [#reporting-vulnerabilities]

If you discover a security issue:

* Email: [security@vitalsentinel.com](mailto:security@vitalsentinel.com)
* Do not publicly disclose until resolved
* We'll acknowledge within 24 hours

## Contact [#contact]

For privacy questions:

* Email: [privacy@vitalsentinel.com](mailto:privacy@vitalsentinel.com)
* DPA requests: [legal@vitalsentinel.com](mailto:legal@vitalsentinel.com)

## Related [#related]

<Cards>
  <Card title="RUM Script Installation" href="/installation/rum-script">
    Privacy configuration options
  </Card>

  <Card title="Web Analytics Script Installation" href="/installation/analytics-script">
    Consent management
  </Card>

  <Card title="FAQ" href="/help/faq">
    Common questions
  </Card>
</Cards>
