Privacy Policy

Last updated: 9/29/2025

1. Our Commitment to Privacy

Narrowbeam is built with privacy as a core principle. We believe in providing valuable analytics insights while respecting user privacy and complying with GDPR, ePrivacy Directive, and CCPA regulations.

2. Data Minimization Principle

We process minimal personal data and collect only what is essential to provide our analytics service. This includes only IP address and User-Agent information, which we immediately process and anonymize.

Analytics Data

For websites using our analytics service, we collect:

  • Page views and website traffic patterns
  • Referrer information (where visitors came from)
  • Device and browser information (for compatibility insights)
  • Geographic location (country-level only)
  • Anonymous session identifiers (based on IP + User-Agent hashing)

Account Information

For account holders, we collect:

  • Email address (for account management and support)
  • Billing information (processed securely through our payment processor)
  • Organization and domain settings

3. What We DON'T Collect

We are committed to not collecting:

  • Personally identifiable information (PII)
  • Precise geolocation data

4. How We Process Data

All analytics data is processed with privacy in mind:

  • All processing happens server-side
  • IP addresses are hashed and not stored in readable form
  • Data is anonymized and cannot be traced back to individuals

5. Data Retention and Lawful Basis

We retain data only as long as necessary to fulfill the purposes for which it was collected:

  • Analytics data: Retained for the duration needed to provide insights and comply with legal obligations
  • Account information: Retained until account deletion or legal requirements mandate longer retention
  • Billing data: Retained for tax and accounting purposes as required by law

Legal Basis for Processing

We process your personal data based on the following lawful grounds:

  • Consent: When you voluntarily provide data with clear consent
  • Contract: To fulfill our contractual obligations to provide analytics services
  • Legal Obligations: To comply with applicable laws and regulations
  • Legitimate Interests: For business operations while respecting your privacy rights

6. Data Sharing and Transfers

We do not sell, rent, or otherwise transfer your personal data to third parties for their own use. We only share data in the following limited circumstances:

  • With trusted service providers who assist in operating our service under strict data processing agreements
  • When required by law or to protect our rights and comply with legal obligations
  • With your explicit consent

International Data Transfers

When we transfer data internationally, we implement appropriate safeguards including:

  • EU adequacy decisions for transfers to countries with adequate protection
  • Standard contractual clauses approved by regulatory authorities
  • Binding corporate rules where applicable

7. Security Measures

We implement comprehensive security measures to protect your information against unauthorized access, alteration, disclosure, or destruction:

  • Strong password requirements and secure authentication systems
  • Data encryption in transit and at rest
  • Two-factor authentication for enhanced account security
  • Regular security audits and vulnerability assessments
  • 72-hour data breach notification process in compliance with GDPR

8. Your Data Protection Rights

Under GDPR and other privacy laws, you have comprehensive rights regarding your personal data:

  • Right of Access: Request access to your personal data and information about how we process it
  • Right to Rectification: Request correction of inaccurate or incomplete personal data
  • Right to Erasure: Request deletion of your personal data under certain circumstances
  • Right to Object: Object to the processing of your personal data for specific purposes
  • Right to Data Portability: Request transfer of your data to another service provider
  • Right to Restrict Processing: Request limitation of how we process your data

To exercise any of these rights, please contact us through our support channels. We will respond to your request within one month.

9. Automated Decision-Making

We do not engage in automated decision-making or profiling that would have legal or significant effects on individuals. Our analytics service focuses purely on aggregated, anonymous data insights.

10. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the new policy on this page with an updated revision date and, where appropriate, through other communication channels.

11. Contact Us

If you have any questions about this Privacy Policy, would like to exercise your data protection rights, or need to report concerns about how we handle your personal data, please contact us through our support channels. We are committed to providing clear and transparent information about our privacy practices and will respond to your inquiries promptly.