Privacy

For your visitors

Potolo does not use cookies and does not store any personal data about your visitors. We don't build profiles, follow people across sites, or sell or share data with anyone.

To count unique visitors, we generate a one-way hash from the IP address, user-agent, and site, mixed with a secret salt that rotates every 24 hours and is then destroyed. The hash can't be reversed to a person and can't be linked across days. The raw IP and user-agent are used only to compute that hash and for coarse country/device detection, then discarded — never stored.

We honour the Do Not Track and Global Privacy Control browser signals: visitors sending them are not counted.

What we store

Per pageview: the page path, referrer host, coarse country, browser/OS/device class, and UTM parameters — none of which identify a person. Raw events are kept for up to 12 months; aggregated daily totals (which contain no personal data) are kept indefinitely.

Where it's stored

Visitor analytics data is stored on EU-based infrastructure and does not leave the EU. Payment and billing information is processed by our payment provider (Polar) and may be handled outside the EU; that covers customer billing details, never visitor analytics data.

Your account

If you run a site with Potolo, we store your email and an encrypted password to operate your account. You can delete your account and all associated data at any time from settings.

Contact

Questions? Email [email protected].