Aller au contenu
wheremyflow
Connexion Démarrer gratuitement
Fonctionnalités Tarifs Comparatif Manifeste Aide Audit Contact Démo Connexion

Data collected

The exhaustive list of what w.js sends to wheremyflow.com, and what is then stored.

Received server-side

On every pageview or event, the server receives:

  • The page URL (without non-essential query parameters).
  • The referrer (URL the visitor came from, if any).
  • The raw User-Agent, used only to resolve browser/OS/device then discarded.
  • The IP address, used only to resolve country/city and to compute the visitor HMAC, then discarded.
  • The Accept-Language header, used to resolve preferred language then discarded.
  • The event properties you attached (max 10 keys, see Event properties).

Stored in the database

For each event, we persist:

  • The visitor ID (double-keyed HMAC, 24h rotation, see Compliance).
  • The page URL.
  • The normalised referrer (by category: direct, search, social, paid, etc.).
  • The browser (Chrome, Firefox…), OS (Windows, macOS, iOS…) and device (mobile, tablet, desktop).
  • The visitor's country and city (resolved before IP discard).
  • The preferred language (from Accept-Language).
  • The event properties.
  • The UTC timestamp.

Never collected

  • Raw IP address.
  • Email, name, user ID.
  • Browser fingerprint (canvas, audio, fonts).
  • GPS coordinates.
  • Form contents.
  • Visitor's session cookies.

Retention

  • Raw events: 90 days.
  • Aggregates (daily KPIs, per-page, per-source): 25 months.
  • No S3 archive, no export outside the EU.

See Retention.