Ziplytics
12 min read
Ziplytics is built with privacy and security first. That line usually sounds like typical marketing B.S. but it’s actually true with Ziplytics, its at the core of what we do. We take a number of steps to ensure data redundancy, privacy compliance, and data security.
tl;dr:
Ziplytics does the following to protect your data and your customer’s privacy:
We started Ziplytics because the world has been changing very quickly recently and we found that GA4 is both convoluted and has been ruled illegal in the EU, both issues were non-starters for our company. We’ve found that Google has really become ‘legacy’ tech only really built for enterprise businesses, particularly with the release of GA4. We also found that current ‘privacy friendly’ web analytics platforms didn’t really meet the cut either. So we started Ziplytics, a simple, modern, privacy compliant web analytics platform. Here’s a bit more context about how we work to protect your data.
Encryption is a security measure that encodes data, so only authorized parties can access it. This applies to both data at rest and data in transit. The main benefits of encryption are protecting data from unauthorized access and supporting compliance with security regulations, crucial for maintaining trust and security in digital environments. Additionally, we encrypt data to maintain compliance with the Schrems II ruling and again ensure your data isn’t accessed without your authorization regardless of where it’s hosted.
Secure secret storage is vital for protecting sensitive information like passwords and API keys. We employ encryption, access controls, and periodic audits to prevent unauthorized access and data breaches.
Code reviews allow developers to critique and improve each other’s work, fostering a collaborative environment and improving code quality. Test automation streamlines the testing process, running checks on code integrity and maintaining a high quality standard. Utilizing both practices significantly reduces error rates, boosts efficiency, and supports continuous integration efforts, ultimately leading to robust and reliable software you can count on.
As an open-source provider, we ensure that you have complete transparency into the software you use. This means you can freely inspect, modify, and enhance our tools to suit your unique needs. Working with an open source platform like Ziplytics greatly reduces your risk to vendor lock as you can simply migrate your data to your own self hosted platform.
At our organization, security and adherence to privacy laws are paramount to our partner selection process. We carefully assess each third-party partner to ensure they meet stringent security certifications and constraints. Our thorough evaluation process includes reviewing their security policies, audit results, and compliance with international data protection regulations.
In our partnerships, we adhere to a principle of minimal data sharing, restricting vendor and partner access to only the data they absolutely need. This policy helps prevent data breaches by reducing the amount of sensitive information that could potentially be exposed. Our targeted approach to data sharing coupled with our partner evaluation process is designed to safeguard your information while still enabling the necessary functionality and collaboration with trusted partners.
At our organization, employees are granted access to software under the principle of least privilege to determine their access. This means that every employee's access to data and systems is carefully calibrated to the minimum required for their specific job responsibilities. By implementing these access controls, we prevent unnecessary exposure of sensitive information and reduce the risk of internal threats.
We use firewalls to create a robust barrier between our internal network and the external world. This is an essential component of our comprehensive security strategy, providing effective protection against a wide range of cyber threats.
When a user reaches your site some data like the user’s IP address, user agent, and a few other details are provided to Ziplytics. We utilize a unique anonymization algorithm to generate a token that can be regenerated again the next time the user visits. We store this irreversibly hashed token for the duration of your tracking policy. When the user performs an action the token is generated and we’ll check if the user has already visited or not. This is all done in a way that is completely irreversible. Meaning it cannot be tracked back to a individual or PII data.
To ensure full compliance with the General Data Protection Regulation (GDPR), our services are hosted within the European Union, in Germany. This strategic decision allows us to align more closely with EU data protection laws, which are some of the strictest in the world. Hosting in the EU means that all data handling and processing are subject to these regulations, providing an additional layer of security and privacy for our users.
*Please note the marketing site you’re viewing this article on is hosted with a global CDN, if viewing within the US it will be served from a US hosting region. If connecting within the EU the traffic is served via Dublin Ireland where Ziplytics is based. The Ziplytics app is hosted in Germany.
To protect your passwords, we implement a combination of salting and hashing. Salting helps defend against dictionary attacks and rainbow table attacks by appending a unique salt to each password prior to hashing. Hashing then obscures the actual password, converting it into a secure and undecipherable format. This combination not only secures your passwords from potential breaches but also ensures that our password storage practices meet the highest standards of security and privacy.
We understand the importance of your data, which is why we implement stringent backup protocols to safeguard it. Regular data backups are a cornerstone of our data protection strategy, providing a fail-safe against data corruption or loss. By performing and storing regular backups we ensure comprehensive protection and quick recovery capabilities, thus maintaining continuity and security of our operations and your information.
We are committed to transparency and accountability in our service delivery, which is why we continuously monitor our uptime and site performance. These metrics are not only a benchmark of our reliability but also a promise of quality to our users. To uphold this promise, we make our performance data publicly available.
Our platform is designed to protect user privacy and comply with stringent data protection standards by not storing any Personally Identifiable Information (PII). We implement an industry leading cookie-free anonymization algorithm to allow you to track a device’s behavior for up to a year, completely and irreversibly anonymously.
Ziplytics does not sell, share, or otherwise monetize your data. You own your data, we make our living by charging you a monthly or annual fee to cover our development and hosting costs. In today’s landscape where customer trust and data privacy are paramount, first-party data stands out as the most valuable asset for businesses. It comes directly from your interactions with customers, offering unparalleled accuracy for personalization and decision-making. With Ziplytics you always own your data and we do not sell or monetize your data.
You’re not locked into any long term contracts and we don’t use any dark patterns to make it more difficult for you to export your data and/or cancel your account if you wish. You’re free to do so at any point, all online. We are a small team and would like to ask you a favor and leave us feedback about why you’re leaving. But not even that is required. If you’re not getting the value you wish from Ziplytics, you’re not locked into a toxic relationship.
By aligning with OWASP guidelines, we tackle security proactively to shield you and your data from vulnerabilities and attacks. These guidelines help us focus on critical security risks that could impact our systems and your data. For our customers, this translates into safer and more secure usage of our services, ensuring that your information remains protected against the most prevalent threats in today's digital landscape.
If you’re looking for an analytics tool that respects privacy, builds and manages redundant security patterns, is simple and easy for anyone to use, provides you with more accurate data than GA4, and a host of other features, Ziplytics is worth considering. Sign up for a free trial
"Ziplytics is exactly what I need. The lightweight dashboard gives me all the information I need to run my business."
James F.
Founder & CEO
Simple, modern, privacy compliant web analytics
.svg){kind=small}