GDPR & CCPA Compliance

Narrowbeam delivers real insights without banners by being GDPR and CCPA compliant by design. No consent prompts, no legal complexity, no interruptions—just compliant analytics that works.

Real insights without banners: Track funnels, conversions, and user journeys with complete GDPR/CCPA compliance and zero cookie consent requirements.

GDPR Compliance Without Cookie Banners

The General Data Protection Regulation (GDPR) requires protecting EU residents' personal data. Most analytics tools need cookie consent banners to comply. Narrowbeam doesn't:

No Personal Data Collection

GDPR applies to "personal data" - information that can identify individuals. Narrowbeam doesn't collect:

❌ Names, emails, or contact information
❌ IP addresses (used for hashing only, not stored)
❌ User IDs or account identifiers
❌ Precise location data
❌ Unique device identifiers
✅ Only aggregate, anonymous analytics data

This means you can track funnels, conversions, and user behavior without needing consent banners that interrupt your visitors and reduce conversion rates.

No Cookie Consent Banners Required

Because Narrowbeam doesn't use cookies or collect personal data, cookie consent banners are typically not required under GDPR Article 6(1)(f) - legitimate interest. Your visitors get a cleaner experience, and you get 100% visitor coverage instead of losing 30-50% to consent declines.

Legal Basis: Legitimate Interest

Website analytics serve a legitimate business interest (understanding how your site is used), and Narrowbeam's privacy-preserving approach means minimal impact on user rights. This typically satisfies GDPR's legitimate interest basis without requiring explicit consent.

Data Subject Rights

GDPR grants users rights over their personal data. With Narrowbeam:

GDPR Right	Narrowbeam Status
Right to Access	N/A - No personal data to access
Right to Rectification	N/A - No personal data to correct
Right to Erasure	N/A - No personal data to delete
Right to Object	Typically satisfied by privacy design
Right to Data Portability	N/A - No personal data to export

Data Processing Agreement

While Narrowbeam doesn't process personal data, we provide a Data Processing Agreement (DPA) for customers who require one for compliance documentation.

ePrivacy Directive

The EU ePrivacy Directive (Cookie Law) regulates cookies and tracking technologies:

✅ No cookies used: Narrowbeam is exempt from cookie consent requirements
✅ No tracking across sites: Single-site analytics only
✅ No device storage: No localStorage, cookies, or other storage mechanisms
✅ Minimal data collection: Only what's necessary for analytics

CCPA Compliance

The California Consumer Privacy Act (CCPA) regulates how businesses handle California residents' personal information:

No Personal Information Collected

CCPA defines "personal information" broadly. Narrowbeam's data doesn't qualify because:

Cannot identify specific individuals
Cannot be used to profile or track consumers
Aggregated and anonymized by design

No Sale of Data

CCPA requires "Do Not Sell My Personal Information" options. With Narrowbeam:

❌ We don't sell data (ever)
❌ We don't share data with third parties
❌ We don't use data for advertising
✅ Your data is exclusively yours

CCPA Rights

CCPA grants California residents rights over their data:

CCPA Right	Narrowbeam Status
Right to Know	No personal information collected
Right to Delete	No personal information to delete
Right to Opt-Out	N/A - No sale of data occurs
Right to Non-Discrimination	Automatic - no impact on service

Other Privacy Regulations

PECR (UK)

UK's Privacy and Electronic Communications Regulations follow similar principles to ePrivacy. Narrowbeam's cookie-free approach satisfies PECR requirements.

PIPEDA (Canada)

Canada's Personal Information Protection and Electronic Documents Act requires consent for personal data collection. Narrowbeam doesn't collect personal data.

LGPD (Brazil)

Brazil's Lei Geral de Proteção de Dados is similar to GDPR. Narrowbeam's privacy approach aligns with LGPD principles.

Privacy Policy Requirements

Even with Narrowbeam, you should update your privacy policy to mention analytics:

Sample Privacy Policy Language

We use Narrowbeam, a privacy-friendly web analytics service,
to understand how visitors use our website. Narrowbeam does
not use cookies and does not collect personal information.
All data is aggregated and anonymized. Learn more about
Narrowbeam's privacy practices at narrowbeam.com/privacy

Consult Legal Counsel

This documentation provides general information, not legal advice. Always consult qualified legal counsel for your specific situation and jurisdiction.

Compliance Checklist

Getting Compliant with Narrowbeam

Install Narrowbeam tracking scriptRemove cookie consent banner (if Narrowbeam is your only tracking)Update privacy policy to mention NarrowbeamReview with legal team (recommended)Document compliance approach

Why Narrowbeam Simplifies Compliance

Traditional Analytics

❌ Cookie consent required
❌ DPA negotiations
❌ Data subject request handling
❌ Third-party data sharing
❌ Complex compliance documentation

Narrowbeam

✅ No consent needed
✅ Simple DPA (if needed)
✅ No personal data = no requests
✅ No third-party sharing
✅ Straightforward compliance