VitalFrog Privacy Policy

TL;DR: For vitalfrog.com visitors, we do not use cookies, and we do not collect any personal data. If you decide to create an account, we ask for the bare minimum and only share it with services that are absolutely necessary for the app to function.

At VitalFrog, we are committed to complying with GDPR, CCPA, PECR and other privacy regulations on our website and on our web analytics product too. The privacy of your data — and it is your data, not ours! — is a big deal to us.

In this policy, we lay out what data we collect and why, how your data is handled and your rights to your data. We promise we never sell your data: never have, never will.

If you have placed the VitalFrog field data script on your website, take a look at our data policy for details on the information we do collect about your website visitors on your behalf.

As a visitor to the vitalfrog.com website

The privacy of our website visitors is important to us, so we do not track any individual people. As a visitor to the vitalfrog.com website:

  • No personal information is collected
  • No information such as cookies is stored in the browser
  • No information is shared with, sent to or sold to third-parties
  • No information is shared with advertising companies
  • No information is mined and harvested for personal and behavioral trends
  • No information is monetized

We run the Plausible Analytics script to collect some anonymous usage data for statistical purposes. The goal is to track overall trends in our website traffic, it is not to track individual visitors. All the data is in aggregate only. No personal data is collected. You can view the data we collect in our public plausible dashboard.

Data collected includes referral sources, top pages, visit duration, information from the devices (device type, operating system, country and browser) used during the visit and more. You can see full details in the Plausible data policy.

As a customer and subscriber of VitalFrog

Our guiding principle is to collect only what we need and that we will solely process this information to provide you with the service you signed up for.

We use a select number of trusted external service providers for certain service offerings. These service providers are carefully selected and meet high data protection, data privacy and security standards.

We only share information with them that is required for the services offered, and we contractually bind them to keep any information we share with them as confidential and to process personal data only according to our instructions.

Here’s what that means in practice:

What we collect and what we use it for

  • An email address is required to create an account. You need to provide us with your email address if you want to create a VitalFrog account. That’s just so you can log in and personalize your new account, and we can send you invoices, updates or other essential information.
  • A persistent first-party cookie is stored to remember you’re logged in. If you log in to your Plausible account, you give us permission to use cookies, so you don’t have to log in on each returning session. This makes it easier for you to use our product. A cookie is a piece of text stored by your browser. You can adjust cookie retention settings in your own browser. Cookies that are already stored may be deleted at any time.
  • All of the backend data that we collect is kept fully secured, encrypted and hosted on 100% renewable energy powered server in Germany. The server is owned by Uberspace, a European company. This ensures that all the site data is being covered by the European Union’s strict laws on data privacy. Your site data never leaves the EU. See Uberspace privacy policy for full details.
  • The frontend is hosted on vercel.com which allows us a fast deployment and continuous improvement of the service. Your data is only sent from your browser to our backend, so none of your Data gets to Vercel. To get an in-depth view of how vercel processes data, checkout their Privacy Policy
  • We use Cloudflare for a global CDN and DDoS protection. Cloudflare is an American company. Cloudflare is fully GDPR compliant
  • The payment process is handled by a third-party payment provider. If you choose to upgrade to a paid plan, the billing information and the payment process is handled by Paddle. See the Paddle Privacy Policy for full details.
  • When you write to us with a question or to ask for help. We keep that correspondence, which includes the email address, so that we have a history of past correspondences to reference if you reach out in the future. We use this data solely in connection with answering the queries we receive.
  • We use auth0 as authentication provider. This ensures your login data is secured by industry experts and the VitalFrog attack surface is as small as possible. Auth0 as well is a fully GDPR-compliant company

Retention of data

We will retain your information as long as your account is active, as necessary to provide you with the services or as otherwise set forth in this policy.

We will also retain and use this information as necessary for the purposes set out in this policy and to the extent necessary to comply with our legal obligations, resolve disputes, enforce our agreements and protect Plausible’s legal rights.

You can choose to delete your account at any time. All your data will be permanently deleted immediately when you delete your account.

Changes and questions

We may update this policy as needed to comply with relevant regulations and reflect any new practices. Whenever we make a significant change to our policies, we will also announce them on our company blog or social media profiles.

Contact us if you have any questions, comments, or concerns about this privacy policy, your data, or your rights with respect to your information.

Last updated: Februrary 15th, 2022