Nimvue Analytics Logo

Privacy Policy

Date Created: 2025-08-22
Last Updated: 2025-08-22

Overview

Nimvue is a privacy-focused analytics platform designed to operate without storing personal data. We do not use cookies, persistent identifiers, or store any personal identifiers such as IP addresses or user agents. While IP addresses and user agents are briefly processed in memory for geolocation and bot filtering, they are never stored, logged, or used for tracking, and are irreversibly discarded within milliseconds.

Data Collection & Use

Nimvue collects anonymous event-level data through a lightweight script embedded on our clients' websites. The data collected includes:

  • Timestamped events (e.g. page views, searches, scrolls)
  • Session ID (generated using a hash of IP address, user agent & current date)
  • Screen size
  • Page URL and referrer
  • Basic browser and device type
  • Country and region (inferred from event context)
  • Interaction metadata (e.g. scroll depth, searches, etc.)

To support session-level analytics, Nimvue generates a session ID using a hash of the user's IP address, user agent, and the current date. This means the session ID will only be valid for a single day, and cannot be used to track users across multiple days or sessions. Approaching analytics this way, means Nimvue does not store or retain any personally identifiable information, both client-side and server-side. The hash cannot be reversed.

We do not store:

  • IP addresses
  • User agent strings
  • Cookies
  • Persistent identifiers across sessions or users
  • Names, email addresses, or other directly identifying information

For the sole purposes of geolocation and bot filtering, IP addresses and user agent strings may be temporarily processed in memory at the point of event ingestion. This information is never stored, logged, or made accessible, and is irreversibly discarded immediately after use.

Nimvue allows clients to define custom dimensions or event properties for enhanced reporting. These are intended for anonymised, non-personal metadata (e.g. tags, campaigns, categories). Clients are strictly prohibited from including any personal data, identifiers, or sensitive information in custom fields. Nimvue does not inspect or validate client-supplied custom data and is not responsible for misuse. Custom data is treated in the same anonymised and aggregated manner as standard event data.

Anonymity & Data Minimisation

Nimvue is built with data minimisation by design:

  • No personally identifiable information (PII) is collected
  • No fingerprinting or probabilistic identification
  • No cookies or tracking across sessions, browsers, or devices
  • Session IDs are temporary, anonymous, and not linkable to individuals
  • Analytics are presented in aggregate

While anonymised event-level data is stored to support flexible reporting and analysis, this data contains no personally identifying information and cannot be linked back to individuals. Data is never used for profiling or cross-session tracking, and no client or third party has access to raw event logs.

As Nimvue cannot associate data with individuals, we are unable to fulfil data subject access or deletion requests - we simply have no way to identify individuals in our dataset.

Nimvue does not process personal data under the definitions of GDPR, and therefore does not operate as a data processor. A Data Processing Agreement (DPA) is not required, as no personally identifiable or linkable data is stored or retained.

Account Information and User Management

To provide our platform services, Nimvue collects and stores certain personal information such as email addresses and securely hashed passwords to manage user accounts. This information is protected using industry-standard encryption and access controls. Passwords are never stored in plain text. Users may invite others to collaborate by sending invitation emails; these emails are used solely for the purpose of invitations and are not used for marketing or other communications without consent.

Consent & Client Responsibility

Because Nimvue does not collect personal data, user consent may not be required under privacy laws in many jurisdictions. However, legal requirements vary by location and use case. It is the responsibility of our clients to determine whether consent is needed for their specific implementation of Nimvue, and to ensure compliance with all applicable laws and regulations.

We recommend that clients:

  • Place the Nimvue script behind a consent banner when legally required
  • Avoid passing any personal or identifying data into Nimvue’s tracking events
  • Ensure appropriate transparency with their own users
  • Comply with local privacy regulations applicable to their website

The Nimvue.com website uses cookies for essential functionality, specifically for the live chat/messaging service. These cookies are not used for tracking or analytics purposes and are essential for providing support to our users. These cookies are not set, unless you interact with the live chat feature.

Storage & Retention

  • All data is hosted on secure UK-based infrastructure
  • Aggregated analytics data is retained for as long as required for reporting, or as defined by the client’s plan
  • No raw event data contains personal identifiers

Security

Nimvue implements strong technical and operational safeguards:

  • TLS encryption in transit
  • UK-based secure cloud hosting
  • Access control and operational logging
  • No access to raw IP or user agent data at rest

Account Activity Logging

For security and audit purposes, we log basic account activity for authenticated clients, including login times and key account actions (such as API key creation or team member invites). These logs do not include IP addresses or browser/device information and are used solely to ensure proper operation, detect abuse, and support clients when needed.

This form of operational logging is standard and expected for software services. It is not used for profiling or behavioural tracking and is retained only as long as necessary for support, audit, or compliance purposes.

Contact

Privacy inquiries: [email protected]
Support: [email protected]