Privacy Policy

This Privacy Policy describes how StatOn ("Company", "we", "us") collects, uses, and handles information when you use our website and analytics platform ("Service"). This policy applies to you as a user of the StatOn platform — not to the visitors of your websites. IMPORTANT: As a StatOn user, YOU are the data controller for all data collected from YOUR website visitors through the Service. We act solely as a data processor on your behalf. You are solely responsible for ensuring that your collection and processing of visitor data complies with all applicable privacy laws. This Privacy Policy does not constitute legal advice.

When you register for and use the StatOn platform, we may collect: • Account information: email address (encrypted at rest using AES-256), password (hashed), display name; • Subscription and plan information: current plan, limits, usage-related billing status fields, and subscription lifecycle state; • Usage data: login times, feature usage, platform interaction data; • Technical data: IP address, browser type, device information when accessing the platform; • Communications: support requests, feedback, correspondence with us. IMPORTANT: Your email address is stored in encrypted form. This means that even in the event of unauthorized access to our database, your email address cannot be read in plain text. This encryption is part of our commitment to minimizing risk and protecting user identity even at the platform account level. We collect this information to provide and improve the Service, manage plans and subscriptions, and communicate with you.

Through the Service, you collect data from visitors to your websites. The type and extent of data collected depends on the public privacy mode you configure: • Cookieless Mode: aggregated, anonymized statistics only. No personal data, no cookies, no IP addresses stored. • Balanced Mode: operates in Cookieless mode by default; collects additional data only after visitor consent. • Strict EU Mode: collects no analytics data until visitor explicitly consents. YOU, not StatOn, are the data controller for all visitor data collected through the Service. We process this data solely on your behalf and according to your instructions as described in our Data Processing Agreement. WE DO NOT: • Access, analyze, or use your visitor data for our own purposes; • Sell, share, or transfer visitor data to third parties for advertising; • Use visitor data for advertising, profiling, or cross-site tracking; • Combine visitor data from different StatOn customers for advertising purposes. SPECIAL NOTICE FOR US RESIDENTS: In accordance with CCPA/CPRA, we state: WE DO NOT SELL OR SHARE the personal information of your website visitors with third parties for purposes of cross-context behavioral advertising. RESTRICTED ACCESS BY DEFAULT: Sensitive visitor data may be encrypted using AES-256 on our servers. While we have the technical capability to decrypt certain protected fields, our internal policies strictly prohibit access to your analytics data without your explicit permission. SUPPORT ACCESS DELEGATION: When you select the "Grant Support Access" button in your account settings, you explicitly authorize our support team to view your analytics data for troubleshooting purposes. This access remains active only until you revoke it in your settings. We do not access your data outside of authorized support sessions.

We implement security measures including: • AES-256 encryption of sensitive stored data; • TLS encryption of data in transit; • Access controls and authentication mechanisms; • Regular security assessments. While we manage the encryption keys on our servers, our internal policies prohibit accessing your visitor data without your explicit authorization. In the event of unauthorized access to our systems, protected encrypted fields remain encrypted at rest. However, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data. You acknowledge and accept this inherent risk.

We retain your account information for as long as your account is active or as needed to provide the Service to you. Visitor data retention periods depend on your plan and configuration. Upon account termination, we may retain certain data as required by applicable law or for legitimate business purposes (e.g., fraud prevention, dispute resolution). We are not obligated to retain or return data beyond what is required by law.

Data may be processed in one or more jurisdictions used by the Service operator and its infrastructure providers. Some ancillary services (such as email delivery and support systems) may involve data transfer to other jurisdictions. Where such transfers occur, we rely on appropriate legal mechanisms. You acknowledge that by using the Service, certain technical data may transit through various jurisdictions as part of standard internet infrastructure.

Subject to applicable law, you may have the right to: • Access the personal data we hold about you; • Request correction of inaccurate data; • Request deletion of your data; • Object to or restrict processing of your data; • Request data portability; • Withdraw consent. To exercise these rights, contact us at support@staton.app. We will respond within the timeframes required by applicable law. We may need to verify your identity before processing your request.

As the data controller for visitor data, you are solely responsible for: • Publishing a clear and comprehensive privacy policy on your website; • Obtaining and managing visitor consents as required by applicable law; • Responding to data subject rights requests from your visitors; • Determining the legal basis for your data collection; • Conducting data protection impact assessments where required; • Notifying relevant authorities and data subjects of data breaches affecting visitor data, where required. We will assist you with these obligations to the extent described in our Data Processing Agreement, but the primary responsibility remains yours.

Our own website (staton.app) may use essential cookies required for the functioning of the platform (authentication, session management). We do not use third-party tracking cookies or advertising cookies on our website.

We may use third-party services for email delivery, infrastructure, security, and operational support. These services have their own privacy policies. We are not responsible for the privacy practices of third-party services.

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us.

We may update this Privacy Policy at any time. Changes are effective upon posting. Your continued use of the Service constitutes acceptance of the updated policy. We are not obligated to notify you individually of changes.

Our liability regarding data processing is strictly limited as described in our Terms of Service. We shall not be liable for any data breaches, data loss, or privacy violations resulting from your misconfiguration of the Service, your failure to obtain proper consents, or your failure to comply with applicable law.

For privacy-related inquiries, contact us at support@staton.app.

Users from Ukraine: Your rights as a data subject (StatOn platform user) are regulated by Article 8 of the Law of Ukraine "On Personal Data Protection," including the right to know the location of the database containing your personal data, the right to receive information about the conditions of access to personal data, and the right to submit a motivated request for the modification or destruction of your personal data. Users from the European Union: Your rights as a data subject are governed by GDPR Articles 15-22, as described in Section 7 of this Privacy Policy. Users from the United States: Depending on your state of residence, you may have additional rights under state privacy laws (e.g., CCPA/CPRA, Virginia CDPA, Colorado CPA). These may include the right to know, delete, correct, and opt out of the sale or sharing of personal information. To exercise these rights, contact us at support@staton.app.