Privacy Policy

Effective date: 30-05-2022

URIports ("we," "us", "our") provides advanced website and email event logging services ("Services"). In this Privacy Policy, we describe our practices in gathering, processing, and using received reports in the application ("Reporting Data") and how we process your personal data ("Personal Data").

To summarize our Privacy Policy: your Reporting Data will always remain your data. We do not sell, share or use it for anything other than providing you with our Services. Received reports are stripped of any information that might contain personal data. We value your privacy as much as you do.

By making Reporting Data available to us through our website, Services, or related materials, you agree to the terms of this Privacy Policy and the processing of your Personal Data in accordance with this Privacy Policy and our Terms of Service.

Visitors to our website and users of our Services are covered by this policy. Please note that individuals under the age of 18 years old are not allowed to use our Services.

What do we collect

We collect your email address when creating your account. We may process anonymized IP addresses when they add substantial value to a report (like deduplicating reports and checking how widespread an error is). These anonymized IP addresses are needed so that users of our Services can properly debug the error reports we receive.

How do we use this information

We use your email address to let you log in to your account, send notifications, notify you of changes in our terms or privacy policy, or contact you for transactional purposes. We will never sell your data to anyone.

Who has access to your Reporting Data

No one can access your data besides you and authorized URIports personnel for maintenance and support purposes.

Cookies

We use an essential cookie to allow you to log in to our service. We do not track or build a profile of you.

This cookie will be placed in your browser when you log in:

Cookie Name Description
__Host-PHPSESSID Cookie to identify your current session to the server so we know you have access to the application.

When you click on an URIports ad from Google Search, we may place a few tracking cookies if you consent. While we track the minimum necessary, we need to monitor conversion rates to optimize our ads. Google will set the following cookies if you allow them:

Cookie Name Description
_uriports_gclid Used to identify that you came through an ad; it only contains the value "true".
_gcl_au Used for analytics and advertising, often set by Google Ads and related products.
NID Used for security, analytics, functionality, and advertising purposes.
DSID Used for security, functionality, and advertising.
IDE Used for advertising and typically set on the doubleclick.net domain.
__gads Used for advertising, commonly set on partner domains.
ANID Used for advertising and can have varying lifespans depending on location.

Personal Data in received reports

Reporting API (web reports)

Browser generated reports that we receive may contain personal data when it is included in the website URI's. We discourage the inclusion of personal data in a URI from a security and privacy perspective.

Several report elements that we receive may contain personal data. We try to remove all personal data from the received reports and store reports only for a limited time, based on the data retention in the chosen subscription. The following report elements may contain personal data:

IP addresses these are removed and not stored by us unless it is an IP address of a server.
HTTP Referer The "referring site" may be received as part of a report and may contain the data relating to an identified or identifiable individual.
Document URI The structure of URI may relate to an identifiable person, like: https://www.example.com/account/jane/smith. The report data would be retained in reports in URIports during the retention period.
Query Parameters A query string may contain personal data in the key names or values, like https://www.example.com/account?user=janesmith&socialnumber=12345. Because of this possibility, we remove all the query parameter values, and we only leave the keys in the report. So the query in the report becomes https://www.example.com/account?user=*&socialnumber=*
URI fragments A URI fragment may contain personal data, like: https://www.example.com/login#JaneSmith/DriverLicense,123456. The report data would be retained in reports in URIports during the retention period.
DMARC Aggregate Reports

Aggregate reports are sent by mail receivers and do not contain Personal Data. IP addresses included in these reports are from sending mail servers that are not operated by individuals. In theory, users can run a personal mail server from their home IP address, although this scenario is unlikely.

DMARC Failure Reports

When an email fails DMARC validation, a failure report is sent that may contain the original email headers and body. Because these reports may contain Personal Data, we remove the message body and the Personal Data from the headers. It is possible to save the original body and headers by providing us with a PGP public key. Then, no one besides the key owner (you) can decrypt and view the data. Read more about privacy and DMARC failure reports in our blog.

Company and servers location

Our company operates servers located in the Netherlands, within the European Union, adhering to stringent privacy legislation. We process your Reporting Data on our privately owned servers, which are colocated at Eurofiber Cloud Infra's data centers. These facilities are subject to Dutch legislation and meet the strict GDPR requirements for logical and physical access security and continuity. Eurofiber does not have access to the data stored on our servers. The data centers provide only physical space, power, unmonitored connectivity, and environmental controls, ensuring we retain complete control over the data processing and management of the servers.

Data Subject Rights

As a Processor, we will assist a Controller in helping them respond to any Data Subject rights requests. The following technical capabilities are available for a data subject to request:

  • Access: Request individual reports that contain Personal Data. The reports do not contain structured Personal Data. We try to remove as much Personal Data as possible from received reports. Some Personal Data may still be available in the reports (see section "Personal Data in received reports") that can be accessed at the request of a data subject.
  • Rectification: Not applicable
  • Erasure: Reports are automatically erased after the retention period defined in the subscription.
  • Restriction: Not applicable
  • Portability: Not applicable

Third-party service services

We do not use any third-party services.

Changes

We periodically review this Privacy Policy and will endeavor to notify you of any changes by email. However, please continue to check this page for updates.

Data Collected as your Data Processor

We collects data on behalf of our customers in the context of providing our Services. The customer has complete control over all the data collection carried out as part of the Service. Read more in the Data Processing Agreement.

Security

We uses a variety of security measures to maintain the safety of your Personal Data. All the data the Service sends to you and back are transmitted via Transport Layer Security (TLS) technology. Any provided payment information is at Paddle.

Contact

If you have any questions about our Privacy Policy, let us know at info@uriports.com.