What we collect, and why.
Visitorscheck is cookieless by design. This page is a plain-language summary of what personal data is involved, what legal basis we rely on, and the controls customers and end-users have.
Last reviewed: 2026-04-16
What gets collected
When our tracking script fires on a customer's website, we collect: the visitor's IP address, the User-Agent, the Referrer, the URL path, a coarse timestamp, and any UTM parameters present.
We do not set cookies, we do not read or write localStorage, and we do not fingerprint the browser.
What we do with it
The IP is passed server-side through MaxMind (GeoIP and residential/cellular classification) and IPinfo. If the classification is residential or cellular, the record is marked skipped_residential and the enrichment stops — we never resolve a company against a home IP. Only business IPs are enriched into a company profile (name, domain, sector, country).
Legal basis
We rely on Legitimate Interest (GDPR Art. 6(1)(f)) for B2B visitor identification, supported by a documented Legitimate Interest Assessment. Customers receive the LIA on request and a DPA on request.
Retention
Retention is tier-bound: 30 days on Starter, 90 days on Growth, 365 days on Business. A daily prune job enforces the cutoff. Customers can request earlier deletion from the dashboard.
Opt-out
End-users can opt out via a standard query parameter. Customers publish an opt-out notice (snippet provided) on their privacy page. Opted-out visits are dropped before enrichment.
Sub-processors
We use MaxMind (GeoIP), IPinfo (enrichment), AWS/Hetzner (EU hosting), Stripe (billing), Postmark (transactional email). A complete list is maintained and shared on request.
Contact
For access, rectification, or deletion requests: info@visitorscheck.com.
This document is a plain-language summary maintained by Allround Web. The authoritative legal text is being finalised with counsel for launch — if anything here is material to your decision to use Visitorscheck, please reach out and we'll share the draft.