Privacy Policy

DATALYR provides analytics, attribution, and conversion-forwarding tools for businesses tracking marketing performance. Our role depends on context.

• When you visit datalyr.com directly or interact with us as a prospect or customer, we are the data controller for your personal data.
• When you use the Service to track activity on your own websites, apps, or services, you act as the data controller for your end users’ data and DATALYR acts as your data processor. That relationship is governed by our Data Processing Agreement (“DPA”).

This Privacy Policy covers our role as data controller. The DPA covers our role as processor.

Information you provide directly: name, email, company, role, account credentials, billing information (processed by our payment provider, Stripe), and any messages you send to support.

Information we collect automatically: when you visit datalyr.com, we collect IP address, user agent, referrer, pages viewed, click events, click identifiers (such as fbclid, gclid, ttclid, oppref), and UTM parameters. We use first-party cookies for authentication, session management, and first-party analytics on our own marketing site.

Account and usage data: when you use the Service, we process workspace configuration, integration connections, conversion rule definitions, API keys, processed event volumes, postback volumes, and feature usage.

We use information to:

• Provide, operate, secure, and improve the Service
• Bill subscriptions, process payments, and prevent payment fraud
• Send transactional communications (account verification, billing receipts, security alerts, service announcements)
• Send product updates and marketing emails when you have opted in (you can opt out at any time)
• Detect, investigate, and prevent abuse, fraud, and violations of our Terms
• Comply with legal obligations and enforce legal rights

We do not sell personal information. We do not use customer data to train artificial intelligence or machine learning models.

We may aggregate or de-identify personal data so that it can no longer reasonably be linked to a specific individual. Aggregate or de-identified data may be used and shared for any lawful purpose, including improving the Service, security analytics, capacity planning, and research. We do not attempt to re-identify de-identified data, and we contractually prohibit recipients from doing so.

We share information with:

• Subprocessors providing infrastructure, hosting, payments, error monitoring, customer support, and similar operational services. Each is bound by contractual confidentiality and security obligations. A current list is available on request.
• Ad platforms when you (as a customer) configure Conversion Rules to forward events to Meta, Google Ads, TikTok, OpenAI Ads, or similar networks. We send only the data fields you configure.
• Authorities when required by law, court order, or other legal process, or when we believe disclosure is necessary to protect rights, property, or safety.
• Successors in a corporate transaction (merger, acquisition, financing, asset sale, or bankruptcy), subject to standard confidentiality terms.

On datalyr.com we use first-party cookies for authentication, session management, and lightweight first-party analytics. We do not set third-party advertising cookies on our marketing site. You can control cookies through your browser settings.

Cookies set on your own websites by the DATALYR SDKs are first- party cookies on your domain. Their use is governed by your own privacy policy and the DPA.

We send marketing email only to people who have opted in or who have an existing customer relationship with us. Every marketing email contains an unsubscribe link, and you can opt out at any time without affecting transactional messages such as account verification, billing receipts, security alerts, and service announcements, which are necessary to operate the Service.

To unsubscribe from all marketing email, click the link in any message or email privacy@datalyr.com.

EEA, UK, and similar jurisdictions: you have the right to access your personal data, correct inaccurate data, request deletion, restrict or object to certain processing, request data portability, and withdraw consent at any time. You also have the right to lodge a complaint with your local supervisory authority.

California (CCPA/CPRA): you have the right to know what personal information we collect, to request deletion, to opt out of sale or sharing of personal information (we do not sell or share for cross-context behavioral advertising), to correct inaccurate information, and to be free from discrimination for exercising your rights.

To exercise any rights, email privacy@datalyr.com. We will respond within the timeframe required by applicable law.

We retain account and usage data while your account is active and for the period necessary to provide the Service. After your subscription is cancelled, we retain your data for 90 days to allow reactivation, then delete it. Some data may persist longer in encrypted backups consistent with industry-standard rotation.

Event data forwarded to ad platforms is subject to those platforms’ own retention policies, which we do not control.

We use reasonable administrative, technical, and physical safeguards designed to protect personal information, including encryption in transit (TLS), least-privilege access controls, and authenticated administrative access. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

We are based in the United States. When personal data is transferred from the EEA, UK, or other jurisdictions to the United States or other locations, we rely on appropriate transfer mechanisms, including the European Commission’s Standard Contractual Clauses (SCCs) and equivalent UK and Swiss frameworks.

datalyr.com and the Service may contain links to third-party websites, services, or platforms that we do not operate or control. Their privacy practices are governed by their own policies, not by this one.

Connecting your DATALYR account to a third-party platform (for example, Shopify, Stripe, Meta, Google, TikTok) authorizes data exchange between DATALYR and that platform. Review the third-party’s privacy policy and the settings inside that platform to understand how it uses your data.

The Service is not directed to children under 16, and we do not knowingly collect personal information from children. If you believe we have, contact privacy@datalyr.com and we will delete it.

We may update this Privacy Policy from time to time. The “Last updated” date at the top reflects the most recent change. Material changes will be communicated by email or through the Service before they take effect.

Privacy questions: privacy@datalyr.com

General inquiries: hello@datalyr.com