Start tracking your visitors adding our counter code in your website
( websites owner which gather analytics data with us )
Website owner can integrate their policy going here: http://www.histats.com/?act=101
We apply the strictest privacy rules in accordance to our company European collocation, here more information about GDPR requirements and rules :
Here some details in a simple language:
What information is being collected?
Histats collect only aggregated and fully anonimized information , this means that we cannot link data back to a singular subject even when they visit our website like what you are doing now reading this page, we cannot know if you visited any of our registered users website now or in the past. We don't register cookies belonging to histats.com domain during the tracking operations.
Who is collecting it?
Histats.com website is owned by Wisecode SRL , an italian company but we don't have a in-house server farm, all data is collected on servers we rent from cloud providers across EU and USA
How is it collected?
Why is it being collected?
Users of histats use our services to better understand how their website are used, how people reach their website, what problems their sites may have and how to improve their website usability
How will it be used?
Data is collected to create dashboard for website owners about their product usage ( ie : percentage of a given browser, or % of users that use mobile phone, number of visit that a page ( ie: a blog post ) receive , ...) so they can improve their product if some objective isn't reached another example is to track how many users reach their website from search engine or from a partner website, in order to structure their seo/partnership strategies
Who will it be shared with?
No one. Only the Histats registered user which is owner of the website have access to data he tracked ( if he want he can open publicly aggregated stats but this is 100% allowed by GDPR ) also even if anonymized data is completely isolated between each member of histats and anonymized using different "cryptographic-hashes", we do not try to cross link data to identify behaviour,due to the per-site anonymization process , anonymized data is not even combinable/comparable between different sites , we cannot even know if you have visited one of our member website when you visit another member website or even our histats.com website.
What will be the effect of this on the individuals concerned?
Is the intended use likely to cause individuals to object or complain?
No, but if you have questions please ask the web before trying to get direct answers to your questions from us, we are a very small company trying to run a free service with a very low budged which compete in a world of similar services that are managed by behemoths which run their services tied with advertising product, we do not resell your data nor are interested in profile you for advertising purpose , if you want a simple, dedicated , fast , free and independent web analytics service, histats is for you :)
How a personal subject can protect his privacy?
Some more internal technical details on why and how we anonymize data:
We are improving some of our systems to let us permit a finer grained management of data, this would allow in future more intermediate level of anonymization and pseudonymization, at the moment the best way we have found to comply with current regulation is to anonymize/aggregate everything.
What are personal data :
Data processing (which apply to personal data ):
How the most-difficult-to-anonimize data is handled on histats:
This doesn't mean that nothing is tracked, we are required to try to separate sessions each other to be able to give a meaning to websites usage statistics this is the minimum requirement for a web analytics service but we've applied one more step to try to anonymize everything keeping only encrypted and hashed information in a session consistent way (hashed one-way only so the original information is lost).
A website owner which directly expose PII ( Personally Identifiable Information ) in creative and not very secure ways or is hacking our services scripts could obviously try to persist them with our service as he can with any generic storage support or generic storage service which allow to save information , this is against our ToS and we may be forced to delete your analytics data for the time range affected.
PII collection is not forbidden by GDPR but would require a more complicated approach by us and website owners , and we want to maintain our service as simple as possible to our users that's why are are at the moment avoiding and forbidding it.
Technically some of our hardware and software firewall/IDS/security specialized software make use of the tcp/ip stack information ( such as Ip address of requests to our services ) to improve security of our services ( anti DDoS rules, anti spam, fighting hacking attempt ) this is contemplated and allowed by current regulations, our logs for those security purposes anyway doesn't undergo any other processing different from our internal security requirements their path is separated from our web analytics service , those are the server server log that every internet service is required to use to guarantee the server security and stability, when we are not under exceptional circumstances ( ie: under an hacking attempt ) this log data deleted in less than 6 hours.