Volument Data Policy

Volument tracks the usage of a website without collecting personally identifiable information (PII). It respects the privacy of your visitors.

What we collect and what we use it for

Volument focuses on masses, not individuals. We only collect data that is relevant for conversion optimization. Here's what we store from your visitors and why:

  1. Path name of the current location such as /about/. We use this to show you the product side of things and how the different areas and pages are consumed.
  2. Referring site where the visitor came from such as “google.com.“. We use this to show you the market side of things and how the various audiences generate traction.
  3. Campaign indicator — this is a query string parameter such as c1. No named query strings are collected. We use this parameter to identify marketing campaigns.
  4. Time on page – the number of seconds a visitor actively spends on a page, and it's viewports. We use this to understand how the content is consumed.
  5. Conversion events — the event type and timestamp when the visitors take action and convert to leads, customers, or promoters. We use these events to understand the outcomes at the end of the conversion funnel.

Disregarded data

Volument does not collect or store any sensitive information so it's impossible to leak any personal data to third parties. We don't track following data:

  1. Location, language, computer details, or the IP number
  2. Personal data such as email, name, credit card, or phone number
  3. Login information like passwords

Use of local storage

To understand retention and the long-term behavior of your visitors, Volument stores following information to your visitors’ localStorage:

  1. The timestamp of the first and last visit
  2. The total amount of visits
  3. Initial referring site
  4. The pathname of the initial landing page
  5. Campaign indicator

This information is purely behavioral. No personal data or random identifiers are stored. This data is stored in JSON format. The variable name is %v.

Use of session storage

Volument uses a single random identifier on your visitors’ sessionStorage to understand which pages are visited within a single visit. This identifier is random and is not based on anything sensitive such as the user-agent or IP address. The visitor cannot be identified by this temporary id. The variable name is %s.

Data ownership

The users of Volument have full ownership of their traffic data. We never share or sell this data to third parties. In the future, you have full access to your website data from S3, Glazier, Backblaze, or similar.

Privacy FAQ

What is privacy-friendly analytics?

Privacy-friendly analytics does not process or collect personally identifiable information (PII). Sensitive information like passwords, email addresses, and user identifiers of any kind are not collected and there is no way to trace back the person or the person's device.

Examples of privacy-friendly analytics include Plausible, Fathom, Simple Analytics, and Volument.

What is privacy-unfriendly analytics?

Privacy-unfriendly analytics collects and processes personally identifiable information. They use a permanent and unique id on the client machine to track visitor's online behavior over a long period. There are no restrictions on what data can be collected: email addresses, passwords, and userId's are just fine. The data is typically used by advertising networks.

These systems are vulnerable to a data breach. For example, in 2018, Mixpanel pulled the values of hidden and password fields to their system and slurped them out to the public. No less than 25% of their customers were impacted.

Examples of privacy-unfriendly analytics include Google Analytics, Amplitude, and MixPanel.

All third-party analytics software, privacy-friendly or not, must ask for user consent from European visitors before tracking them. All behavioral information, such as the “amount of pages visited within a single session” is covered by the General Data Protection Regulation (GDPR).

Consent is needed regardless of the storage technology. GDPR covers cookies, localStorage, sessionStorage, server-side “fingerprinting”, or any new technology introduced in the future.

How about GDPR compatible analytics?

There is no such thing. “GDPR compatibility” is a marketing term to separate privacy-friendly analytics from the unfriendly ones. No privacy law specialist would give an exception for a third-party website analytics product.

For example, Plausible and Fathom use the user-agent and IP address information to uniquely identify visitors on the server-side. This is called “fingerprinting”, and is not permitted by GDPR.

Even if the personal data is being anonymized, the data is still being processed. Every third- party analytics requires consent from the visitor.

What should I do then?

You should obey the law and respect one’s right to choose if they want to share their behavioral data:

  1. And ask users for their consent before tracking.
  2. Allow users who don’t want to be tracked to opt-out.
  3. Always opt-out when the Do Not Track (DNT) header is set.
  4. Don’t disguise your tracker as a first-party resource to avoid ad-blockers.

Thanks to Roger Comply at Paranoidpenguin for clearing out the above points.

Yes. The banners you see over the internet are annoying because their purpose is to get your permission to all tracking or you don't get to see anything at all.

There is a better strategy: ask users for their consent in a nice way.

Use a small and clear dialog without ruining the user experience. The visitors will trust you and they won't leave the site as soon as they arrived. And you get more conversions as a result.

And if you are worried about not getting enough data for statistical significance you can disable the dialog from non-EU visitors.

{"desc":"Volument tracks the usage of a website without collecting personally identifiable information (PII). It respects the privacy of your visitors.","title":"Volument Data Policy","url":"/learn/data-policy","key":"data-policy","created":"2020-07-28T02:51:59.073Z","modified":"2020-09-24T04:00:24.049Z","createdISO":"2020-07-28","modifiedISO":"2020-09-24"}