Trust
This Data Processing Addendum (“DPA”) details the privacy and security commitments governing TrackWhy’s processing of customer analytical events. It forms part of the TrackWhy Terms of Service.
Last updated 2026-06-22
In this DPA, terms like “Controller”, “Processor”, “Personal Data”, “Processing”, and “Supervisory Authority” have the meanings given in the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679).
The customer acts as the Controller of the analytics data. TrackWhy acts as the Processor on the customer’s behalf. TrackWhy will process data only in accordance with the customer’s instructions, specifically to provide, maintain, and optimize the analytics service.
| Subject Matter | Aggregate web analytics events and usage tracking. |
|---|---|
| Duration | For the term of the agreement, up to a retention cap of five years. |
| Nature & Purpose | Processing browser signals and page paths to construct dashboard analytics reports. |
| Categories of Data | Non-identifying browser agents, referral URLs, page paths, custom event names, and derived country. (IP addresses are hashed immediately and never stored). |
TrackWhy implements standard physical, technical, and administrative protections including encrypted transit (HTTPS/TLS), isolated cloud servers, and restricted dashboard access policies. Our trackers are lightweight (1.7 KB) and collect no cookies, which eliminates the security risks associated with device tracking storage.
Upon termination of the service, TrackWhy will delete or aggregate your analytics data, unless legal or regulatory retention is required.
Any questions or notifications regarding this DPA or EU data processing should be sent to hello@trackwhy.com. Governed by [Governing jurisdiction] laws.
See also our Privacy Policy and standard Terms of Service.