OneMetric

Privacy Policy

Last updated: June 14, 2026

OneMetric ("we", "us") provides a privacy-first, cookieless website analytics platform. This policy explains what data we handle and how. For analytics data collected on our customers' websites, our customers are the data controllers and we act as their data processor.

Data we collect

  • Account data: your email address, used to authenticate and contact you about your account.
  • Analytics data collected via our tracking script on a customer's site: pageviews, custom events, referrer and UTM parameters, and derived device, browser and country. Country, device and browser are derived server-side from the IP address and user-agent and the raw IP is not stored.
  • Cookieless visitor count: visitors are identified by a salted hash that rotates daily. It is not personally identifiable and cannot be used to track a person across days or across sites.

Cookies and the ePrivacy Directive

Our analytics set and read nothing on a visitor's device — no cookies and no persistent identifiers. Because storing or accessing information on a device is what triggers the consent requirement of the EU ePrivacy Directive (Article 5(3)), cookieless analytics like ours fall outside it, so sites using OneMetric generally do not need a cookie banner for analytics. (The proposed ePrivacy Regulation was withdrawn in 2025; cookie rules remain governed by the Directive as implemented in each member state.) The dashboard itself uses essential cookies only, to keep you signed in.

Where data is processed

Analytics data is hosted and processed in the European Union (Supabase, eu-central-1). We use the following sub-processors: Supabase (database, authentication, hosting), Vercel (application hosting), Resend (email delivery), and our payment provider for billing. PayPal is used only when a customer connects it for revenue attribution.

Applicable law & international transfers

OneMetric is operated from Algeria and handles personal data in accordance with Algerian Law No. 18-07 on the protection of personal data (as amended). Personal data of website visitors in the EU is handled under the GDPR, with OneMetric acting as our customers' processor. Where personal data is transferred across borders, we rely on appropriate legal safeguards.

Data retention

Analytics data is retained according to your plan. Account data is kept until you delete your account, after which it is removed.

Your rights

Subject to applicable law (including the GDPR), you may request access to, correction of, or deletion of your personal data. Contact us at support@onemetric.app and we will respond within a reasonable time.

Changes

We may update this policy; material changes will be reflected by the "last updated" date above.

Contact

Questions about this policy: support@onemetric.app.