Changes to Software, Terms of Service, and Privacy Policy

You must login to your account to accept the new Terms and Privacy Policy on this page.

In light of the General Data Protection Regulation ("GDPR") going into effect on May 25 2018, we have updated our Terms of Service and Privacy Policy (collectively, the "Terms"). Our new Terms and Privacy Policy went into effect for all accounts on May 25 2018, unless the account rejected them and closed their account prior to that date.

In addition to the new Terms, we have updated our software, with the goal of these changes being to make Clicky fully GDPR compliant.

This page covers the major changes to everything.

Clicky software changes

  • This update is all about visitor privacy. There is a lot of new info in our help section.
  • There is a new global opt out page.
  • The "Recent Visitors" widget, and the "Most active visitors" option for the "Poppy" widget, have both been disabled, as they could contain Personal Data.
  • There is a new visitor privacy option in your user preferences that lets you specify who you want the maximum privacy settings to apply to. Defaults to "All visitors".
  • For visitors that your privacy setting apply to, IP addresses are anonymized, and "Opt Out" cookies are honored.
    Our Unique ID (UID) tracking cookie contains no actual "Personal Data" about visitors, but alas UIDs are considered Personal Data by the GDPR. This is the only Personal Data logged by default, but per Article 6 of the GDPR, this cookie does NOT require a visitor's direct consent as it is well within the "legitimate interests" of a web site using the service to know how many unique visitors they have, which is best accomplished with a UID. You must disclose this cookie in your privacy policy though (see Terms of Service changes below), or (not recommended) fully disable tracking cookies.
  • There is a new custom tracking option called visitor_consent. This allows you to override your visitor privacy settings for individual visitors by obtaining their consent to track Personal Data that you disclose up front. How you obtain consent from visitors and remember that consent is up to you, but supposing you do that, then privacy settings will be ignored for this visitor.
  • "Public access" is no longer an option to view data for a site. Viewing data requires some kind of authentication now, whether it's a user login or a private link. We must do this to protect End User personal data from being accidentally leaked to unauthorized parties.

Terms of Service changes

  • Our new Data Processing Agreement ("DPA") is automatically amended to the Terms for business and commercial customers. The DPA covers our and your responsibilities when it comes to the GDPR and "Personal Data". It's important. Read it.
  • We now require you to disclose your usage of Clicky in your site's privacy policy, including a link to our own Privacy Policy. If you log any Personal Data, you must disclose that as well as state why you need the specific Personal Data that you log. Examples of a basic disclosure and a disclosure with Personal Data are in the new terms page. This is the very first section of the new Terms page so it's easy to find.
  • EEA citizens have the right under the GDPR to access, modify, and delete any Personal Data that Data Controllers (you) have about them. You are responsible for handling their inquiries. We are building tools for you to easily find, update, and delete their info, which will be available by May 25 2018.

Privacy Policy changes

The Privacy Policy has been vastly expanded and moved to its own page (instead of buried in the Terms of Service). The old version was very short and basically just said that we respect your privacy, we won't share your data with any third party unless required to do so by law, and it also listed the data points we log and the cookies that were used. We didn't feel any more was necessary because we are a paid service, and we don't do anything shady with your information to make money. That's one of the big advantage of paid services! (Usually).

The one thing we didn't state in the old policy was that we used Clicky to track Clicky customers (you), although we thought that was pretty gosh darn obvious. The new policy states this fact.

The GDPR requires a lot more up front information than we had before, which we have zero problem with because we are honest and transparent, but that means the whole policy is basically new. It's easy to read and understand though, that's a hallmark of the legislation. The info from our old policy is still in there but there's a lot more now.