Data Collection Practices

Understand exactly what data Zenovay collects and how to configure data collection to match your privacy requirements.

Data Collection Overview

Standard Data Collection

By default, Zenovay collects:

Data Type	Example	Purpose
Page URL	/products/widget	Page analytics
Page Title	"Widget Product"	Content identification
Referrer	google.com	Traffic source
Browser	Chrome 120	Compatibility
Device Type	Desktop	Experience optimization
Screen Size	1920x1080	Layout analytics
Country	United States	Geographic analytics
Language	en-US	Localization
Timestamp	2025-01-15T10:30:00Z	Timeline

What We DON'T Collect

Zenovay never automatically collects:

• Names or email addresses
• Passwords or credentials
• Payment information
• Social security numbers
• Personal messages
• Form field contents
• Keystroke patterns

Data Categories

Automatically Collected

Technical Data:

Browser Information:
├── User Agent String
├── Browser Name & Version
├── Operating System
├── Screen Resolution
├── Viewport Size
└── Language Preference

Network Information:
├── IP Address (anonymizable)
├── Connection Type (if available)
└── Approximate Location (from IP)

Behavioral Data:

Page Interactions:
├── Pages Visited
├── Visit Duration
├── Scroll Depth
├── Click Locations (heatmaps)
└── Entry/Exit Pages

Session Data:
├── Session Start Time
├── Session Duration
├── Pages per Session
└── Bounce/Exit Status

Optional Data (Requires Configuration)

User Identification:

// Only collected when you call identify()
zenovay('identify', {
  id: 'user-123',
  email: 'user@example.com',
  name: 'John Doe',
  plan: 'pro'
});

Custom Events:

// Only collected when you call track()
zenovay('track', 'purchase', {
  product_id: 'SKU-001',
  value: 99.99
});

Revenue Data:

// Only collected when you call the revenue command
zenovay('revenue', 149.99, 'USD', {
  order_id: 'ORD-123'
});

IP Address Handling

Default Behavior

By default, IP addresses are:

1. Used for geolocation lookup
2. Hashed for visitor identification
3. Never stored in raw form

Anonymization Options

IP anonymization is configured in the dashboard:

1. Go to Settings → Privacy
2. Find IP Address Handling
3. Select: Default (hashed), Partial Anonymization, or Full Anonymization
4. Save changes

See IP Address Handling for details.

Privacy Mode

Minimal data collection can be enabled in the dashboard under Settings → Privacy → Privacy Mode.

Privacy mode changes:

Feature	Standard	Privacy Mode
Cookies	Yes	No
IP Storage	Hashed	Never
Cross-session ID	Yes	No
URL Parameters	Full	Stripped
Referrer	Full URL	Domain only

URL Handling

Query Parameters

By default, URL parameters are included:

/search?q=widget&category=electronics

To strip sensitive parameters, configure parameter stripping in the dashboard:

1. Go to Settings → Privacy
2. Find URL Parameter Stripping
3. Add parameters to strip (e.g., email, token, password, secret)
4. Save changes

Hash Fragments

Hash fragments are stripped by default:

/page#section → /page

To include hash fragments in tracked URLs, enable this in the dashboard under Settings → Privacy → Include Hash Fragments.

Referrer Handling

Full Referrer

Default behavior captures full referrer URL:

https://google.com/search?q=analytics

Domain Only

For privacy, enable domain-only referrer mode in the dashboard under Settings → Privacy → Referrer Handling. When set to "Domain Only", referrers are recorded as just the domain (e.g., google.com).

Session Tracking

Standard Sessions

Sessions identified via:

1. Session cookie (24-hour expiry)
2. Activity timeout (30 minutes)

Cookieless Sessions

Without cookies, sessions are:

1. Per-page-load only
2. No cross-page linking
3. Less accurate duration data

Visitor Identification

Anonymous Visitors

By default, visitors are identified by:

Hash(IP + User Agent + Random Salt)

This allows:

• Returning visitor detection
• Session aggregation
• No personal identification

Identified Users

When you call identify:

zenovay('identify', {
  id: 'user-123',
  email: 'user@example.com',  // Optional
  name: 'John Doe',           // Optional
  plan: 'pro'                 // Optional
});

You control what data is associated.

Third-Party Data

What We Don't Share

Zenovay never:

• Sells visitor data
• Shares with advertisers
• Uses for cross-site tracking
• Transfers for marketing

Sub-processors

We use these sub-processors:

• Cloud hosting (data storage)
• CDN (script delivery)
• Email service (team notifications)

Full list: Sub-processors

Customizing Collection

Disable Features

Most tracking features are controlled via the dashboard under Settings. The only tracking-related script attribute is data-track-outbound:

<script
  data-tracking-code="YOUR_TRACKING_CODE"
  data-track-outbound="false"
  src="https://api.zenovay.com/z.js"
></script>

Other features like download tracking and hash tracking are configured in Settings → Tracking in the dashboard.

Exclude Elements

<!-- Don't track clicks on this element -->
<button data-zenovay-ignore>
  Sensitive Action
</button>

Exclude Pages

// In your code
if (sensitivePages.includes(window.location.pathname)) {
  window.ZENOVAY_TRACKER_CONFIG = { disabled: true };
}

Data Minimization

Best Practices

1. Only collect what you need

   // Bad: Collecting unnecessary data
   zenovay('identify', { id: user.id, ssn: user.ssn });
   
   // Good: Minimal data
   zenovay('identify', { id: user.id, plan: user.plan });
   

2. Use privacy mode when possible

   • For anonymous analytics
   • When consent not obtained
   • For privacy-sensitive sites

3. Strip sensitive URL params

   • Email tokens
   • Password reset links
   • Session tokens

4. Review periodically

   • Audit what you're collecting
   • Remove unnecessary tracking
   • Update privacy policy

Data in Dashboard

What You See

Visitor Dashboard:
├── Visitor ID (anonymous hash)
├── Visit History
├── Pages Viewed
├── Events Triggered
├── Device Information
└── Geographic Location (country/city)

What's Hidden

Even from you:

• Raw IP addresses
• Exact location coordinates
• Personally identifying patterns

Compliance Considerations

GDPR

Data collection should:

• Have lawful basis
• Be documented
• Be minimized
• Be secure

CCPA

Users have right to know:

• What's collected
• How it's used
• Who it's shared with

See GDPR Overview and CCPA Compliance.

Troubleshooting

Data Not Appearing

Check:

• Script loaded correctly
• Website ID valid
• Not blocked by ad blocker
• Not in excluded page/element

Too Much Data

Review:

• Disable unnecessary features
• Use privacy mode
• Strip URL parameters
• Exclude sensitive pages

Next Steps

• IP Address Handling
• Privacy Mode
• Data Retention