Privacy policy
Prutsel Analytics is privacy-first analytics for browser extensions. The data an extension sends through Prutsel Analytics is designed to be anonymous — by itself it doesn't contain personal data or identify a person. This page explains, in plain terms, what we collect and what we don't.
Last updated: July 2026.
What an event contains
When an extension uses Prutsel Analytics, each event carries only:
- a random client identifier — created on the user's own device and kept in the extension's storage. It is not a fingerprint and is not tied to any device, account, or personal identity. Clearing the extension's storage resets it.
- an event name (for example "install", or a custom name) chosen by the extension's developer.
- optional properties — a small bit of extra detail the developer attaches to an event.
- a timestamp.
We also record the time an event was received.
What we do not collect
- We don't store IP addresses with your analytics. Events never include an IP address. Our servers briefly see the connecting address to send a response; for security (blocking brute-force sign-in attempts) we keep only a salted, one-way hash of it for a short rate-limiting window, and that is deleted automatically. The raw address is never written to disk.
- We don't use cookies for analytics. The endpoint that receives events sets no cookies. The only cookies we set are on your own dashboard: one to keep you signed in, and one to remember your light/dark theme choice.
- No device fingerprinting, no cross-site identifiers, and no third-party trackers. Our public pages and dashboard load no third-party scripts or web fonts.
Controls for the people using an extension
Prutsel Analytics is built so end users stay in control:
- Do Not Track — where the runtime exposes a Do Not Track signal, Prutsel Analytics honors it and collects nothing. (Some extension environments, such as background service workers, don't expose this signal — the opt-out below always works.)
- Opt out — an extension can call
disable()(for example behind a settings switch) to stop all collection and remember the choice across restarts. - Because the client identifier lives in the extension's own storage, clearing it removes any link to past activity.
Your account data
To run your dashboard we store the account details you give us: your email address, a securely hashed password (never the password itself), and your projects' monthly usage counts for free-tier metering. This is the only personal data Prutsel Analytics holds about you, and the deletion controls below cover it. If you subscribe to a paid plan, payment is handled by Stripe — we never see or store your card details.
Who processes the data (sub-processors)
We keep the stack deliberately small. To run the service we rely on:
- Cloudflare — hosting, the analytics database, and edge delivery (all data is stored here).
- Resend — sending account and transactional emails (only when email is enabled).
- Stripe — payment processing (only if you subscribe to a paid plan).
We don't sell your data or share it with advertisers.
How long we keep data
Events are kept for up to 2 years, then permanently deleted automatically. Once deleted, the data is gone from every report and cannot be recovered.
Your data and deletion
If you use Prutsel Analytics for your extension, you control your data:
- You can permanently delete a project and all of its events from your dashboard at any time.
- You can permanently delete your whole account, which removes all of your projects and their data and signs you out.
These deletions take effect immediately and cannot be undone.
Responsibilities of extension developers
If you send data through Prutsel Analytics, you choose what goes into event names and properties. Please don't put personal data there — no email addresses, no identifiers that single out a person, and no free-text that might contain personal information. Prutsel Analytics stores what you send as-is and cannot scrub personal data out of it.
Legal basis
The event data is designed to be anonymous — it contains no personal data by default, so it generally falls outside the scope of laws such as the GDPR. Your account data (above) is personal data that we handle to provide the service and that you can delete at any time. If a developer chooses to send personal data inside events anyway, that developer is responsible for having a lawful basis and any agreements their own users require — that is outside what Prutsel Analytics collects by default.
Security
We follow standard security practices: data is encrypted in transit, credentials and secrets are protected at rest, and access to your data requires signing in and is limited to your own account.
Contact
Questions about privacy? Email us at hello@prutsel.com (or the Contact link below). We'll update this page if our practices change.