What Data We Collect

Data Collected

Insights collects some data from users in order to provide analytics services. We respect you and your users' privacy as much as feasible, and all requests are anonymized. We only collect what is really needed.

IP Addresses

For all incoming requests, we hash IP addresses and keep them stored for a short time in memory (RAM). They are not stored in the DB nor do they show up in any logs, not even hashed. This is done for fraud prevention reasons. Your users IPs will not appear in any analytics nor will anybody (not even us) have access to them.

Device Dimensions

When requested in the call to track event, we collect device dimensions rounded up to the nearest 50px, and store them. This is done to provide some measure of anonymization to your users while still allowing you to know which resolutions are the most popular, so that your app can be properly tested and displayed.

Referrers

When requested in the call to track event, we store URLs and parameters in order for you to know where your users are coming from.

Do Not Track

We honor the Do Not Track header.

Timestamps

For all incoming requests, We collect and store the last timestamp. This is required to identify unused event parameters and trim irrelevant data.

User Agents

When requested in the call to track event, we extract and store the browser and/or operating system from the user agent. We do not store - nor log - the user agent itself.

Firebase Requirements

Insights uses services from Google's Firebase in order to provide some of our services. Here is a list of the data collected by them, extracted from Firebase's Privacy Policy.

Firebase Service Data Required How is it used Retention Cloud Functions for Firebase IP addresses Cloud Functions uses IP addresses to execute event-handling functions and HTTP functions based on end-user actions.Cloud functions only saves IP addresses temporarily, to provide the service. Firebase Authentication Passwords, Email addresses, Phone numbers, User agents, IP addresses Firebase Authentication uses the data to enable end-user authentication, and facilitate end-user account management. It also uses user-agent strings and IP addresses to provide added security and prevent abuse during sign-up and authentication. Firebase Authentication keeps logged IP addresses for a few weeks. It retains other authentication information until the Firebase customer initiates deletion of the associated user, after which data is removed from live and backup systems within 180 days. Firebase Hosting IP addresses Hosting uses IP addresses of incoming requests to detect abuse and provide customers with detailed analysis of usage data. Hosting retains IP data for a few months.