Privacy by architecture, not by policy.
SealMetrics does not collect personal data. Compliance is not a configuration option — it is the foundation of how the platform works. Your DPO will appreciate the simplicity, and you can read why engineering teams approve SealMetrics without the usual security review friction.
Core principles
No personal data collection
SealMetrics does not collect IP addresses, device fingerprints, or any data that could identify an individual. Privacy is not a setting — it is the architecture.
No cookies, no consent required
Because SealMetrics uses first-party cookieless collection, no consent banner is required for analytics under GDPR. This eliminates both the legal burden and the UX friction.
EU-only data residency
All data is processed and stored exclusively in European infrastructure. No data transfers outside the EU, no sub-processors in third countries, no reliance on US-EU data transfer frameworks.
Data minimization by design
We collect only what is necessary for analytics: page URLs, referrers, browser type, screen size, and session behavior. No names, no emails, no identifiers.
Regulatory compliance
GDPR (EU)
Compliant by designNo PII collection means GDPR obligations around consent, data subject access requests, and data deletion do not apply to SealMetrics analytics data. No DPA required for the analytics layer — though we provide one for clients who need it for internal governance.
ePrivacy Directive
No consent requiredArticle 5(3) of the ePrivacy Directive requires consent for storing information on a user's device. SealMetrics does not store anything on the user's device — no cookies, no localStorage, no fingerprints.
CCPA / CPRA (California)
CompliantSealMetrics does not sell personal information, does not share personal information for cross-context behavioral advertising, and does not collect sensitive personal information as defined under CCPA/CPRA.
UK GDPR
CompliantThe same privacy-by-design principles that ensure EU GDPR compliance apply equally under the UK's data protection framework. EU-only residency satisfies UK adequacy requirements.
Infrastructure security
Encryption in transit and at rest
All data is encrypted using TLS 1.3 in transit and AES-256 at rest. API communications use authenticated endpoints with token-based access control.
Complete data isolation
Each client's data is logically isolated at the database level. No shared tables, no cross-client data access, no data commingling. No cross-customer learning or model training.
Access controls and audit
Internal access to production data follows the principle of least privilege. All access is logged, audited, and reviewed. No engineer has routine access to client analytics data.
High availability
Infrastructure is designed for high availability with redundancy across multiple availability zones within the EU. Monitoring and alerting run 24/7.
Trust architecture
No cross-customer learning
Your data is never used to train models, improve algorithms, or generate insights for other clients. What you put in is yours alone.
No third-party data sharing
SealMetrics does not share client data with any third party. No advertising partners, no data brokers, no analytics aggregators.
Transparent data processing
We document exactly what data we collect, how we process it, and where it is stored. No black boxes, no hidden processing.
Right to data portability
Export your complete dataset at any time via BigQuery integration or API. Your data is yours — we make it easy to take it with you.
Frequently asked questions
Does SealMetrics require a consent banner?
No. SealMetrics does not use cookies, localStorage, or any form of device storage, and it collects no personal data (no IP addresses, no device IDs, no user identifiers). Under GDPR and the ePrivacy Directive, consent is only required when personal data is collected or information is stored on the user's device. SealMetrics does neither.
Is SealMetrics GDPR compliant?
Yes, by architecture. GDPR applies to the processing of personal data. SealMetrics does not collect personal data — no IP addresses, no device fingerprints, no user identifiers. The data SealMetrics processes (page URLs, referrers, browser type, screen size, session behavior) does not constitute personal data under GDPR Article 4(1).
Does SealMetrics transfer data outside the EU?
No. All data is processed and stored exclusively on EU servers. There are no sub-processors in third countries, no US-based cloud infrastructure, and no reliance on Standard Contractual Clauses, adequacy decisions, or other cross-border transfer mechanisms.
What personal data does SealMetrics collect?
None. SealMetrics collects page URLs, referrer URLs, browser type, operating system, screen resolution, language, session duration, and scroll depth. It does not collect IP addresses, device fingerprints, user IDs, email addresses, or any data that could identify an individual.
How does SealMetrics comply with the ePrivacy Directive?
Article 5(3) of the ePrivacy Directive requires consent for storing or accessing information on a user's device. SealMetrics does not store anything on the user's device — no cookies, no localStorage, no fingerprints. This means the ePrivacy consent requirement does not apply.
Can my DPO verify compliance?
Yes. We provide a Data Processing Agreement (DPA), detailed technical documentation of our data collection methods, a list of all data points collected, and our infrastructure architecture. We also publish self-assessments against CNIL and UK PECR criteria.
Is there a Data Processing Agreement?
Yes. A DPA is available for all clients, even though SealMetrics analytics data does not contain personal data. Many organizations require a DPA as part of their internal governance, and we provide one that documents our data processing practices, security measures, and sub-processor list.
Questions about compliance?
We are happy to discuss your specific regulatory requirements and provide documentation for your internal review.
Contact UsWe provide DPAs, security questionnaire responses, and technical documentation.