BetterMeter
Legal
DocsSign in

Privacy Policy

Last updated: March 22, 2026

1. Overview

BetterMeter (“we”, “us”, “our”) operates the website located at bettermeter.com and provides a privacy-first web analytics service. This Privacy Policy describes how we collect, use, store, and protect information when you use our dashboard, integrate our tracking script, or interact with our CLI, MCP, or API products.

This policy is effective as of March 22, 2026. By accessing or using BetterMeter, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described herein, please discontinue use of the service.

We have designed BetterMeter from the ground up to minimize the personal data we collect and to avoid invasive tracking techniques. We believe meaningful analytics do not require sacrificing user privacy.

2. Information We Collect from Dashboard Users

When you create an account on BetterMeter and configure your analytics sites, we collect the following categories of information:

Account Information

  • Email address — Required for account creation, authentication, and transactional communications (e.g., team invitations, alert notifications).
  • Name — Optional. If provided, it is used solely for display purposes within the dashboard.
  • Profile image — Retrieved from your OAuth provider (Google or GitHub) during sign-in. We do not independently upload or store profile images beyond the URL provided by the OAuth provider.

Site Configuration Data

  • Domain name — The website domain you register for analytics tracking.
  • Brand name, keywords, and competitors— Used for the brand monitoring feature to track your brand's online presence.
  • Social media handles — Optional. Used for brand monitoring reports.

Authentication Data

  • OAuth tokens — Issued by Google or GitHub during the authentication flow. These tokens are used solely to verify your identity and are handled by our authentication provider (NextAuth.js).
  • Session tokens — Encrypted, server-side session identifiers used to maintain your authenticated state. Session tokens expire automatically after 30 days of inactivity.

3. Information We Collect from Tracked Visitors

When a visitor loads a page on a website that has installed the BetterMeter tracking script, the following data points are collected with each pageview event:

  • Page URL — The full URL of the page being viewed.
  • Referrer URL— The URL of the previous page, as reported by the browser's document.referrer property.
  • Screen width— The width of the visitor's viewport in pixels, used to classify device type (mobile, tablet, desktop).
  • Timezone— The visitor's IANA timezone string (e.g., “America/New_York”), used for time-based analytics.
  • User agent— The browser's user-agent string is parsed server-side to extract browser name, operating system, and device type. The raw user-agent string is not stored in the database.
  • IP address— The visitor's IP address is used solely as an input to a SHA-256 hash function combined with a daily rotating salt. The raw IP address is never written to the database, never logged, and is discarded immediately after hashing.
  • Geographic location — Country, region, and city are derived from Vercel edge network headers (x-vercel-ip-country, x-vercel-ip-city, etc.) at the network edge. We do not perform independent IP geolocation lookups.

What We Do Not Collect

BetterMeter is designed to be privacy-first. The following is an explicit list of what we do not do:

  • We set no cookieson the visitor's browser.
  • We use no localStorage, sessionStorage, or IndexedDB.
  • We perform no browser fingerprinting (canvas, WebGL, audio, font enumeration, etc.).
  • We do not track visitors across websites.
  • We do not collect or store personally identifiable information (PII) from tracked visitors.

The BetterMeter tracker script is fully stateless. Each pageview is transmitted as an independent HTTP request with no client-side state persisted between requests.

4. How We Process Data

All incoming analytics events are processed through a single, deterministic processEvent() function. This pipeline is fully auditable in our codebase and performs the following operations:

Visitor Identification

We generate two pseudonymous identifiers per visitor using SHA-256 hashing:

  • visitorHash— A daily rotating hash computed from the visitor's IP address, user agent, and the site domain, combined with a salt that changes every 24 hours. This allows us to count unique visitors within a day without persistent identifiers.
  • sessionHash — An hourly rotating hash derived from the same inputs with a salt that changes every hour. This allows us to approximate session boundaries.

Because the salts rotate, the same visitor will produce different hashes on different days, making it mathematically infeasible to track a visitor across time periods.

Bot Detection

We perform user-agent pattern matching to identify known bots, crawlers, and automated agents. Bot traffic is classified and reported separately from human visitor traffic.

Referrer Classification

Incoming referrer URLs are parsed and classified into categories such as search engines, social media platforms, AI tools, and direct traffic. This classification is based on domain pattern matching and does not involve any external lookups or third-party services.

5. Subprocessors

We use the following third-party service providers (subprocessors) to operate BetterMeter. Each subprocessor has been evaluated for appropriate data protection standards.

SubprocessorPurposeLocation
VercelHosting, edge compute, cron jobsUnited States
NeonPostgreSQL database (primary data store)United States (AWS us-east-1)
UpstashRedis event queue (transient buffering)United States
GoogleOAuth authentication providerUnited States
GitHubOAuth authentication providerUnited States
ResendTransactional email deliveryUnited States
SerpAPIBrand monitoring search dataUnited States

We will update this list if we add or replace subprocessors. Material changes to our subprocessor list will be communicated to affected customers.

6. Data Retention

  • Analytics event data — Retained for as long as your site is active on BetterMeter. When you delete a site from the dashboard, all associated analytics events, visitor hashes, and aggregated metrics are permanently and irreversibly deleted via cascade deletion.
  • Account data — Retained for the lifetime of your account. You may request account deletion at any time by contacting us (see Section 11).
  • Session data — Authentication sessions expire automatically after 30 days of inactivity. Expired session records are purged from the database.
  • Invitation tokens — Team invitation tokens expire after 7 days. Unclaimed invitations are automatically invalidated and may be deleted during routine maintenance.
  • Event queue (Upstash) — Events are buffered in the Redis queue for a maximum of 60 seconds before being flushed to the primary PostgreSQL database. The queue is transient and does not serve as a long-term data store.

7. Your Rights Under GDPR

If you are located in the European Union or the European Economic Area, you have the following rights under the General Data Protection Regulation (EU 2016/679):

  • Right of access (Article 15) — You have the right to request a copy of the personal data we hold about you.
  • Right to rectification (Article 16) — You have the right to request correction of any inaccurate personal data.
  • Right to erasure (Article 17) — You have the right to request the deletion of your personal data, subject to applicable legal retention obligations.
  • Right to data portability (Article 20) — You have the right to receive your personal data in a structured, commonly-used, and machine-readable format.
  • Right to object (Article 21) — You have the right to object to the processing of your personal data for reasons relating to your particular situation.
  • Right to restrict processing (Article 18) — You have the right to request the restriction of processing under certain circumstances.

To exercise any of these rights, please contact us at privacy@bettermeter.com. We will respond to your request within 30 days, as required by applicable law.

You also have the right to lodge a complaint with your local data protection supervisory authority if you believe your rights have been infringed.

Note regarding tracked visitors: Because BetterMeter does not collect personally identifiable information from website visitors (no cookies, no persistent identifiers, no raw IP storage), we are generally unable to identify or retrieve data pertaining to a specific individual visitor. The pseudonymous hashes we generate cannot be reversed to identify a natural person.

8. Cookies

Analytics Tracker (Your Visitors)

The BetterMeter analytics tracker script sets zero cookies on your visitors' browsers. No first-party cookies, no third-party cookies, no tracking pixels, and no local storage mechanisms of any kind. This means websites using BetterMeter do not need to display a cookie consent banner for analytics purposes.

Dashboard (Your Account)

The BetterMeter dashboard at bettermeter.com uses essential authentication cookies managed by NextAuth.js. These cookies are strictly necessary for maintaining your authenticated session and do not require consent under the GDPR's ePrivacy Directive (Article 5(3)), as they are essential for providing the service you have requested.

We do not use any third-party tracking cookies, advertising cookies, or analytics cookies on the BetterMeter dashboard.

9. International Data Transfers

BetterMeter's infrastructure is hosted in the United States. If you are located outside the United States, including in the European Union or the European Economic Area, your data will be transferred to and processed in the United States.

For transfers of personal data from the EU/EEA to the United States, we rely on Standard Contractual Clauses (SCCs) as adopted by the European Commission, which are incorporated into the data processing agreements of our subprocessors listed in Section 5.

We only engage subprocessors that maintain appropriate technical and organizational data protection measures consistent with the requirements of the GDPR.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will notify you by email or through a prominent notice in the BetterMeter dashboard prior to the changes taking effect.

We encourage you to review this Privacy Policy periodically. Your continued use of BetterMeter after any changes to this policy constitutes your acceptance of the updated terms.

The “Last updated” date at the top of this page indicates when the most recent revision was published.

11. Contact

If you have any questions, concerns, or requests relating to this Privacy Policy or our data practices, please contact us at:

privacy@bettermeter.com

We will make every effort to respond to your inquiry within a reasonable timeframe and no later than 30 days.