Seline's privacy policy
Seline is built around the principle of minimal data collection. We process only the information required to deliver our analytics service, and we never sell, share, or monetize personal data.
In summary:
- We do not set cookies on your visitors' browsers.
- We do not store personal data by default. Clients may choose to send it, but only at their own discretion.
- We do not share tracked visitor data with any third party.
- We share only the minimum client data necessary with a small set of trusted sub-processors, such as our transactional email and payment providers.
- We do not sell or monetize any information we collect.
Tracked visitor data
The table below lists every piece of information Seline stores about visitors to your website.
| Name | Description |
|---|---|
| 🔒 Unique hash | Computed via hash(domain, ipAddress, userAgent, dailySalt). The salt is unique per domain and rotated every 24 hours, which lets us count daily unique visitors without setting any cookies. |
| 🏳️ Country | Derived from the Cloudflare CF-IPCountry header. IP addresses are never used for further lookups and are never written to our databases. |
| 🖥️ User agent | We parse only the visitor's browser, operating system, and device type. The full user-agent string is discarded immediately after parsing. |
| 🔗 HTTP referrer | Stored when available so you can attribute incoming traffic. |
| 🏷️ UTM parameters | UTM tracking values are stored when present in the request URL. |
| 👀 Page views | Page views are recorded to power aggregate analytics. |
Key takeaway: no personally identifiable information is retained on Seline's servers.
The unique-hash approach is an established alternative to cookie-based identification. It removes the need for third-party cookies — which require explicit visitor consent under regulations such as the GDPR and the ePrivacy Directive — and remains effective for visitors who block cookies in their browser.
Each domain's dailySalt is rotated every 24 hours and the previous value is permanently deleted. Once rotated, it is mathematically infeasible to reverse-engineer the original IP address or user agent from any prior day's hashes.
If you or your legal team would like a deeper technical review of our data-processing practices, we are happy to provide one on request.
Visitor profiles
Seline clients can enrich visitor profiles with custom data such as name, email, address, IP address, or other sensitive fields. In this case, Seline acts as a sub-processor and the client remains the data controller, responsible to their visitors for the personal data they choose to share. We process and store this data with the same security guarantees and never disclose it to third parties.
Seline client data
We collect and use only the information required to operate the service.
- Account email. Required to sign up and use Seline. We use it solely for transactional messages and essential product updates.
- Sub-processors. Client email addresses are shared with Postmark for transactional email and Stripe for payments. Both providers are GDPR-compliant and privacy-focused.
- Hosting. Our application servers, ClickHouse, and Postgres databases are hosted in the European Union with Hetzner.
- Cookies. The only cookie Seline sets is a first-party session cookie used to keep you signed in. You can clear it from your browser at any time.
Questions or data requests
For questions about this policy, data access requests, or any other privacy-related inquiry, contact us at kostya@seline.com.