Legal
Privacy Policy
Updated 06/02/2025
1. Introduction
DATALYR INC. (“Datalyr,” “we,” “us,” or “our”) respects your privacy and is committed to protecting personal data in compliance with applicable privacy laws, including the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the U.S. Children’s Online Privacy Protection Act (COPPA).
This Privacy Policy explains how we collect, use, disclose, and safeguard personal information when you visit datalyr.com or use any of our products, services, mobile or web applications, and related software (collectively, the “Service”).
Data Controller
DATALYR INC.
40 North Gould Street, Sheridan, Wyoming 82801
Email: hello@datalyr.com
2. Scope
This Privacy Policy applies to:
Visitors to our marketing website (datalyr.com); and
Customers, account users, and end‑users whose data is processed through our attribution‑analytics platform.
Where we process Customer Data only on a customer’s behalf (e.g., tracking events, postbacks, ad metrics), we act as a “processor” under GDPR and a “service provider” under CCPA; the customer remains the data controller.
3. Information We Collect
| Category | Examples | Source | |----------|----------|--------| | Account Identifiers | Name, email address, password hash, company name | Provided by you | | Billing & Commercial Data | Subscription tier, plan limits, invoices, payment tokens (via Stripe) | Generated during checkout | | Internet / Device Data | IP address, browser type, operating system, referrer URL, screen resolution, language preferences | Captured automatically | | Usage Analytics | Workspace IDs, event names, event metadata, postback logs, ad‑platform metrics | Generated by your use of the Service | | Cookies & Similar Tech | Persistent visitor ID, UTM parameters, lyr tags, authentication tokens | Set by our static script (dl.js) and web app |
We do not intentionally collect sensitive personal information such as racial or ethnic origin, political opinions, or biometric data.
4. How We Use Personal Data
We use personal data to:
Provide & Secure the Service – authenticate users, enforce role‑based access, protect against fraud and abuse.
Perform Our Contract – deliver analytics, process postbacks, sync ad‑platform data.
Process Payments & Billing – manage subscriptions through Stripe.
Communicate With You – send transactional messages, product updates, and (with your consent) marketing emails.
Improve & Develop Features – analyze aggregated usage to enhance functionality and user experience.
Comply With Law – satisfy tax, accounting, and regulatory requirements, or respond to lawful requests.
5. Legal Bases for Processing (GDPR)
Contractual necessity – to provide the Service you request.
Legitimate interests – improving security and product performance.
Consent – marketing communications and certain optional cookies.
Legal obligation – record‑keeping and compliance.
6. Sharing & Disclosure
We share personal data only with:
Service Providers that perform services for us under confidentiality agreements (e.g., Supabase hosting, Nango OAuth proxy, Stripe payments).
Advertising Platforms when you configure postbacks (e.g., Meta Conversions API) through the integrations workflow.
Affiliates & Corporate Transactions – if we are involved in a merger, acquisition, or asset sale.
Authorities when required to comply with applicable law or protect rights, property, or safety.
We do not sell personal data.
7. International Transfers
If we transfer personal data outside your jurisdiction (for example, from the EEA to the United States), we rely on approved transfer mechanisms such as Standard Contractual Clauses and supplementary safeguards.
8. Security
We employ industry‑standard technical and organizational measures, including TLS encryption, row‑level‑security policies in our database, least‑privilege access controls, and periodic security audits. No method of transmission or storage is 100 % secure; therefore, we cannot guarantee absolute security.
9. Data Retention
Account Data – retained for as long as your account is active and up to 90 days after closure, unless a longer period is required for legal obligations or dispute resolution.
Workspace Event Data – retained according to the limits of your subscription plan or as otherwise agreed in writing.
Upon expiry of the applicable period, data is deleted or irreversibly anonymized.
10. Your Rights
Depending on your location, you may have rights to access, correct, delete, restrict, or port your personal data, object to processing, or opt out of “sale”/“sharing” under CCPA.
Submit requests to hello@datalyr.com; we will verify your identity and respond within the time limits set by law.
11. Children’s Privacy
The Service is not directed to children under 13. We do not knowingly collect personal data from children. If we learn we have done so, we will delete the information promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be announced via email or an in‑app banner at least 14 days before they take effect. The “Last updated” date at the top will always indicate the latest revision.
13. Contact Us
For questions or concerns, email hello@datalyr.com or write to:
DATALYR INC., 40 North Gould Street, Sheridan, WY 82801
Legal
Privacy Policy
Updated 06/02/2025
1. Introduction
DATALYR INC. (“Datalyr,” “we,” “us,” or “our”) respects your privacy and is committed to protecting personal data in compliance with applicable privacy laws, including the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the U.S. Children’s Online Privacy Protection Act (COPPA).
This Privacy Policy explains how we collect, use, disclose, and safeguard personal information when you visit datalyr.com or use any of our products, services, mobile or web applications, and related software (collectively, the “Service”).
Data Controller
DATALYR INC.
40 North Gould Street, Sheridan, Wyoming 82801
Email: hello@datalyr.com
2. Scope
This Privacy Policy applies to:
Visitors to our marketing website (datalyr.com); and
Customers, account users, and end‑users whose data is processed through our attribution‑analytics platform.
Where we process Customer Data only on a customer’s behalf (e.g., tracking events, postbacks, ad metrics), we act as a “processor” under GDPR and a “service provider” under CCPA; the customer remains the data controller.
3. Information We Collect
| Category | Examples | Source | |----------|----------|--------| | Account Identifiers | Name, email address, password hash, company name | Provided by you | | Billing & Commercial Data | Subscription tier, plan limits, invoices, payment tokens (via Stripe) | Generated during checkout | | Internet / Device Data | IP address, browser type, operating system, referrer URL, screen resolution, language preferences | Captured automatically | | Usage Analytics | Workspace IDs, event names, event metadata, postback logs, ad‑platform metrics | Generated by your use of the Service | | Cookies & Similar Tech | Persistent visitor ID, UTM parameters, lyr tags, authentication tokens | Set by our static script (dl.js) and web app |
We do not intentionally collect sensitive personal information such as racial or ethnic origin, political opinions, or biometric data.
4. How We Use Personal Data
We use personal data to:
Provide & Secure the Service – authenticate users, enforce role‑based access, protect against fraud and abuse.
Perform Our Contract – deliver analytics, process postbacks, sync ad‑platform data.
Process Payments & Billing – manage subscriptions through Stripe.
Communicate With You – send transactional messages, product updates, and (with your consent) marketing emails.
Improve & Develop Features – analyze aggregated usage to enhance functionality and user experience.
Comply With Law – satisfy tax, accounting, and regulatory requirements, or respond to lawful requests.
5. Legal Bases for Processing (GDPR)
Contractual necessity – to provide the Service you request.
Legitimate interests – improving security and product performance.
Consent – marketing communications and certain optional cookies.
Legal obligation – record‑keeping and compliance.
6. Sharing & Disclosure
We share personal data only with:
Service Providers that perform services for us under confidentiality agreements (e.g., Supabase hosting, Nango OAuth proxy, Stripe payments).
Advertising Platforms when you configure postbacks (e.g., Meta Conversions API) through the integrations workflow.
Affiliates & Corporate Transactions – if we are involved in a merger, acquisition, or asset sale.
Authorities when required to comply with applicable law or protect rights, property, or safety.
We do not sell personal data.
7. International Transfers
If we transfer personal data outside your jurisdiction (for example, from the EEA to the United States), we rely on approved transfer mechanisms such as Standard Contractual Clauses and supplementary safeguards.
8. Security
We employ industry‑standard technical and organizational measures, including TLS encryption, row‑level‑security policies in our database, least‑privilege access controls, and periodic security audits. No method of transmission or storage is 100 % secure; therefore, we cannot guarantee absolute security.
9. Data Retention
Account Data – retained for as long as your account is active and up to 90 days after closure, unless a longer period is required for legal obligations or dispute resolution.
Workspace Event Data – retained according to the limits of your subscription plan or as otherwise agreed in writing.
Upon expiry of the applicable period, data is deleted or irreversibly anonymized.
10. Your Rights
Depending on your location, you may have rights to access, correct, delete, restrict, or port your personal data, object to processing, or opt out of “sale”/“sharing” under CCPA.
Submit requests to hello@datalyr.com; we will verify your identity and respond within the time limits set by law.
11. Children’s Privacy
The Service is not directed to children under 13. We do not knowingly collect personal data from children. If we learn we have done so, we will delete the information promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be announced via email or an in‑app banner at least 14 days before they take effect. The “Last updated” date at the top will always indicate the latest revision.
13. Contact Us
For questions or concerns, email hello@datalyr.com or write to:
DATALYR INC., 40 North Gould Street, Sheridan, WY 82801