Help »

Privacy

Our privacy policy is linked at the bottom of this page. This page is simply about visitor privacy in general.

By default, we do not log any "personal data" of visitors to web sites monitored by our service, because the default option is to apply privacy to "all visitors". This means all IP addresses are anonymized, and global opt out cookies are honored.

The one exception is a tracking cookie containing a randomly generated Unique ID ("UID"). This cookie does not identify who a visitor actually is or reveal anything else about them, but the General Data Protection Regulation ("GDPR"), as well as the California Consumer Privacy Act ("CCPA"), consider a UID to be "personal data". However, per Article 6 of the GDPR, this cookie does not require a visitor's direct consent as it is well within the "legitimate interests" of any web site to know how many unique visitors they have, which is best accomplished with a UID cookie. The CCPA is an opt-out law, so UID cookies are allowed by default. The ePrivacy Regulation (ePR) is not yet law as of May 2018, but we don't anticipate any further impact.


Customers can select which visitors to apply privacy to, via their user preferences page:

All visitors
(Default) Apply visitor privacy to all visitors. No matter where you live, you cannot log the personal data of EEA visitors, unless you have their consent or a legitimate interest to do so. But if you live in EEA, then this personal data restriction applies to all visitors regardless of their location. So to be safe, we make this the default for all new customers.
EEA visitors
Apply visitor privacy to European Economic Area visitors only. We use geolocation software that is 99.8% accurate on the country level to determine where a visitor is located. You should only choose this option if you are outside of the EEA.
No visitors
Do not apply visitor privacy to any visitors. If you use Clicky to help prevent fraud and abuse and/or maintain information security, choose this option. Recital 47 of the GDPR states that "the processing of Personal Data strictly necessary for the purposes of preventing fraud also constitutes a legitimate interest", so logging their full IP address and ignoring opt-out cookies should be safe for this purpose.


Regardless of the option you choose, you must state in your site's privacy policy which analytics services you use and what kind of personal data you log to those services, in particular if you choose the "no visitors" option which enables full IP address logging. Failure to do so is a considerable legal risk.

We are not lawyers and this is not legal advice. Consult your attorney.