Skip to main content
GreetEvo Analytics

Privacy Policy

Last updated: May 15, 2026

This Privacy Policy describes how GreetEvo Inc. ("GreetEvo," "we," "us," or "our") collects, uses, stores, shares, and protects your personal information when you use the GreetEvo Analytics platform ("the Service"). This policy complies with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA), the Personal Information Protection and Electronic Documents Act (PIPEDA), the Lei Geral de Proteção de Dados (LGPD), the Protection of Personal Information Act (POPIA), and other applicable privacy laws worldwide.

Table of Contents

  1. 1. Introduction and Scope
  2. 2. Information We Collect
  3. 3. How We Collect Information
  4. 4. Lawful Bases for Processing (GDPR)
  5. 5. How We Use Your Information
  6. 6. Data Sharing and Disclosure
  7. 7. Cookies and Tracking Technologies
  8. 8. International Data Transfers
  9. 9. Data Retention
  10. 10. Your Privacy Rights
  11. 11. Data Security
  12. 12. Children's Privacy
  13. 13. Changes to This Policy
  14. 14. Contact Us and Data Protection Officer

1. Introduction and Scope

GreetEvo Inc. is a Canadian corporation headquartered in Toronto, Ontario, Canada. We provide a privacy-first web analytics platform that helps businesses track and analyze visitor behavior on their websites. This Privacy Policy applies to all visitors, users, and customers of our Service worldwide.

By accessing or using the Service, you acknowledge that you have read, understood, and agree to this Privacy Policy. If you do not agree, please do not use the Service. Our Data Processing Agreement (DPA), which incorporates the Standard Contractual Clauses (SCCs), is incorporated by reference into our Terms of Service.

Important Note on Visitor Data: When you use GreetEvo Analytics to track your website, our tracking script may collect personal information from your Visitors (such as IP addresses, device information, and browsing behavior). You are the data controller for that Visitor data, and we act as your data processor. Your obligations to your Visitors under applicable privacy laws are your responsibility.

2. Information We Collect

We collect several categories of personal information depending on how you interact with the Service:

2.1 Information You Provide Directly

  • Account information: full name, email address, business name, billing address, and payment information (processed by Stripe).
  • Property configuration: website domains, tracking IDs, timezone preferences, currency settings, and consent configuration.
  • Goal and event configuration: custom event names, funnel definitions, and conversion criteria.
  • Support communications: emails, chat messages, and tickets submitted to our support team.

2.2 Information Collected Automatically (Account Holders)

  • Device and browser information: IP address, browser type and version, operating system, device type, screen resolution, and language preferences.
  • Usage data: pages visited, features used, clicks, and navigation paths through the Service.
  • Log data: timestamps, request URLs, HTTP status codes, referral URLs, and error logs.
  • Login and security data: IP address, user agent, timestamp, and success status of login attempts.

2.3 Tracking Data Collected From Your Visitors

When you install our tracking script on your website, we collect the following data from your Visitors only after valid cookie consent has been obtained (where required by law):

  • Pageview data: URL, page title, timestamp, time on page, and referrer URL.
  • Session data: session ID, visitor ID (pseudonymized), start/end times, duration, and bounce status.
  • Device and browser data: device type, operating system, browser name and version, screen resolution, and language.
  • Geographic data: country, city, and region derived from IP address (IP addresses are anonymized where configured).
  • Event data: clicks, scroll depth, outbound links, downloads, form submissions, custom events, and e-commerce transactions.
  • UTM parameters: source, medium, campaign, term, and content parameters.
  • Performance metrics: page load times, Core Web Vitals (LCP, CLS, FID, INP, TTFB) where supported by the browser.
  • Session recordings: mouse movements, clicks, scrolls, and keystrokes (only if session recording is enabled and consent is obtained; input fields are masked by default).

We do not collect: We do not use cookies for cross-site tracking. We do not build advertising profiles. We do not share Visitor data with advertising networks or data brokers. We do not collect personally identifiable information such as names, email addresses, or phone numbers from Visitors unless explicitly provided through custom events configured by you.

3. How We Collect Information

Direct Collection

When you create an account, configure properties, set up goals, or contact support.

Automated Collection

Through cookies, local storage, server logs, and analytics scripts as you browse our website and use the platform.

Tracking Script

The ge-analytics.js script collects data from your Visitors' browsers when installed on your website.

Third-Party Collection

From authentication providers and payment processors (Stripe).

4. Lawful Bases for Processing (GDPR)

Under the GDPR and similar frameworks, we process your personal information on the following lawful bases:

Contractual Necessity: Processing necessary to perform our contract with you — account creation, service delivery, payment processing, and customer support.
Consent: Processing based on your explicit consent — marketing communications and optional analytics cookies. You may withdraw consent at any time.
Legitimate Interests: Processing necessary for our legitimate business interests — fraud prevention, network security, and product improvement, provided these interests are not overridden by your rights.
Legal Obligation: Processing necessary to comply with applicable laws — tax reporting and responding to legal requests.

5. How We Use Your Information

We use the information we collect for the following purposes:

PurposeData UsedLegal Basis
Provide and operate the ServiceAccount info, property config, tracking dataContract
Process payments and billingPayment info, billing address, transaction historyContract / Legal obligation
Send service notificationsEmail, property data, alert preferencesContract
Send marketing communicationsEmail, usage patterns, preferencesConsent
Improve product and fix bugsAnonymized usage data, error logsLegitimate interests
Fraud prevention and securityIP address, device info, access patternsLegitimate interests / Legal obligation
Legal complianceAll data as required by lawLegal obligation
Enforce our terms and policiesAccount data, usage logs, communicationsLegitimate interests

6. Data Sharing and Disclosure

We Do Not Sell Your Personal Information

GreetEvo does not sell, rent, or trade your personal information to third parties for monetary or other valuable consideration. We only share your personal information with trusted service providers and processors who are necessary to operate, secure, and improve our platform. Each provider is contractually bound to process data only for the purpose of delivering the Service and to maintain appropriate security measures.

We may share your personal information with the following categories of recipients:

Service Providers and Processors

Supabase (database hosting), Vercel (cloud hosting), Stripe (payment processing), and email delivery services. These providers are contractually bound to process data only as instructed.

Business Transfers

If GreetEvo is involved in a merger, acquisition, financing, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website.

Legal and Regulatory Authorities

We may disclose your information if required to do so by law or in response to valid requests by public authorities. We will notify affected users of such disclosures where legally permissible and practicable.

With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect information about your browsing activities. For detailed information about the specific cookies we use, their purposes, durations, and how to manage them, please see our Cookie Policy.

Prior Consent for EEA and UK Users: Under the GDPR and the ePrivacy Directive, analytics and marketing cookies require your prior consent before they can be placed on your device. When you visit our site from an EEA or UK IP address, our cookie banner will not set analytics or marketing cookies until you explicitly opt in. Essential cookies necessary for authentication and security may still be set.

Visitor Consent (Your Responsibility): Our tracking script is designed to refuse to initialize or send events unless a valid cookie consent signal is present. You are responsible for implementing a compliant consent banner on your website that integrates with our script. We support integration with Cookiebot, OneTrust, Complianz, Osano, and custom consent managers.

Essential Cookies

Required for the Service to function. Cannot be disabled.

Functional Cookies

Remember your preferences and settings.

Analytics Cookies

Help us understand how you use the Service. Optional.

Marketing Cookies

Used to deliver relevant advertising. Optional.

8. International Data Transfers

GreetEvo is headquartered in Toronto, Ontario, Canada. Our service providers operate in multiple countries, including Canada, the United States, and the European Union. When we transfer personal information outside of your country of residence, we implement appropriate safeguards:

  • Transfers to the United States: We rely on Standard Contractual Clauses (SCCs) approved by the European Commission.
  • Adequacy decisions: For transfers to countries recognized by the European Commission as providing adequate data protection.
  • Data Processing Agreements: All service providers sign DPAs that include SCCs and require appropriate security measures.
  • UK Addendum: For transfers from the United Kingdom, we use the UK International Data Transfer Addendum to the EU SCCs.

9. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected:

  • Account information: retained for the duration of your account plus 7 years after closure (for tax, legal, and regulatory compliance).
  • Tracking Data: retained according to your plan's data retention period (90 days for Free, 1 year for Pro, 2 years for Business).
  • Session recordings: retained according to your plan and settings (default: 90 days). You can configure shorter retention periods.
  • Payment and billing records: retained for 7 years as required by tax and accounting regulations.
  • Usage and analytics data: retained for up to 26 months, after which it is aggregated or deleted.
  • Log data and security records: retained for 12 months.

After the retention period expires, your personal information is either permanently deleted or anonymized so that it can no longer be associated with you.

10. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

10.1 GDPR Rights (EEA, UK, Switzerland)

  • Right to access: obtain a copy of the personal information we hold about you.
  • Right to rectification: request correction of inaccurate or incomplete information.
  • Right to erasure: request deletion of your personal information in certain circumstances.
  • Right to restrict processing: request that we limit how we use your information.
  • Right to data portability: receive your data in a structured format and transfer it to another controller.
  • Right to object: object to processing based on legitimate interests or direct marketing.
  • Right to withdraw consent: withdraw consent at any time without affecting prior lawfulness.

10.2 CCPA/CPRA Rights (California Residents)

  • Right to know: request disclosure of categories and specific pieces of personal information collected.
  • Right to delete: request deletion of personal information, subject to certain exceptions.
  • Right to correct: request correction of inaccurate personal information.
  • Right to limit use of sensitive personal information.
  • Right to non-discrimination: we will not discriminate against you for exercising your rights.

10.3 How to Exercise Your Rights

To exercise any of these rights, please contact us at privacy@greetevo.com. We will respond within 30 days (or sooner where required by law). We may need to verify your identity before processing your request.

11. Data Security

We implement industry-standard technical and organizational security measures:

  • Encryption in transit: all data transmitted uses TLS 1.2 or higher.
  • Encryption at rest: sensitive data is encrypted using AES-256.
  • Access controls: role-based access controls limit who can access your data.
  • Row Level Security (RLS): database policies ensure users can only access their own data.
  • Regular security audits: periodic vulnerability assessments and penetration testing.
  • Incident response: documented incident response plan; notification within 72 hours of discovering a breach.

No method of transmission over the Internet is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee absolute security.

12. Children's Privacy

The Service is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@greetevo.com. If we become aware that we have collected personal information from a child under 16 without verified parental consent, we will take steps to delete that information as quickly as possible.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

  • Update the "Last updated" date at the top of this page.
  • Provide a prominent notice on our website or send you an email notification before the changes take effect.
  • Obtain renewed consent where required by law for changes that affect how we process your data based on consent.

For EEA and UK users, material changes to consent-based processing require fresh, affirmative consent before the changes take effect. Continued use alone does not constitute valid consent renewal under GDPR Article 7.

14. Contact Us and Data Protection Officer

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Company:GreetEvo Inc.
DPO Email:privacy@greetevo.com
Support:support@greetevo.com
Website:greetevo.com
Terms of ServiceCookie PolicyContact Us
© 2026 GreetEvo Analytics. All rights reserved.