SealMetrics
Security & Compliance

Privacy by architecture, not by policy.

SealMetrics does not collect personal data. Compliance is not a configuration option — it is the foundation of how the platform works. Your DPO will appreciate the simplicity, and you can read why engineering teams approve SealMetrics without the usual security review friction.

Book a DemoSee Full Platform

Core principles

No personal data collection

SealMetrics does not collect IP addresses, device fingerprints, or any data that could identify an individual. Privacy is not a setting — it is the architecture.

No cookies, no consent required

Because SealMetrics uses first-party server-side collection without cookies, no consent banner is required for analytics under GDPR. This eliminates both the legal burden and the UX friction.

EU-only data residency

All data is processed and stored exclusively in European infrastructure. No data transfers outside the EU, no sub-processors in third countries, no reliance on US-EU data transfer frameworks.

Data minimization by design

We collect only what is necessary for analytics: page URLs, referrers, browser type, screen size, and session behavior. No names, no emails, no identifiers.

Regulatory compliance

GDPR (EU)

Compliant by design

No PII collection means GDPR obligations around consent, data subject access requests, and data deletion do not apply to SealMetrics analytics data. No DPA required for the analytics layer — though we provide one for clients who need it for internal governance.

ePrivacy Directive

No consent required

Article 5(3) of the ePrivacy Directive requires consent for storing information on a user's device. SealMetrics does not store anything on the user's device — no cookies, no localStorage, no fingerprints.

CCPA / CPRA (California)

Compliant

SealMetrics does not sell personal information, does not share personal information for cross-context behavioral advertising, and does not collect sensitive personal information as defined under CCPA/CPRA.

UK GDPR

Compliant

The same privacy-by-design principles that ensure EU GDPR compliance apply equally under the UK's data protection framework. EU-only residency satisfies UK adequacy requirements.

Infrastructure security

Encryption in transit and at rest

All data is encrypted using TLS 1.3 in transit and AES-256 at rest. API communications use authenticated endpoints with token-based access control.

Complete data isolation

Each client's data is logically isolated at the database level. No shared tables, no cross-client data access, no data commingling. No cross-customer learning or model training.

Access controls and audit

Internal access to production data follows the principle of least privilege. All access is logged, audited, and reviewed. No engineer has routine access to client analytics data.

High availability

Infrastructure is designed for high availability with redundancy across multiple availability zones within the EU. Monitoring and alerting run 24/7.

Trust architecture

No cross-customer learning

Your data is never used to train models, improve algorithms, or generate insights for other clients. What you put in is yours alone.

No third-party data sharing

SealMetrics does not share client data with any third party. No advertising partners, no data brokers, no analytics aggregators.

Transparent data processing

We document exactly what data we collect, how we process it, and where it is stored. No black boxes, no hidden processing.

Right to data portability

Export your complete dataset at any time via BigQuery integration or API. Your data is yours — we make it easy to take it with you.

Questions about compliance?

We are happy to discuss your specific regulatory requirements and provide documentation for your internal review.

Contact Us

We provide DPAs, security questionnaire responses, and technical documentation.