In today’s digital landscape, privacy and data protection are of paramount importance. Edgee is deeply committed to upholding the highest standards of user privacy and data security. This page outlines our privacy practices, focusing on how we anonymize data before sending it to analytics components, ensuring compliance with global data protection regulations.

Anonymizing Data: How We Protect User Privacy

At Edgee, we employ data anonymization techniques to ensure that personal information cannot be linked back to any individual. Our approach centers on two key aspects: IP address handling and User Identification management.

IP Address Anonymization

The fundamental problem hindering client-side analytics data collection is that of direct contact, via an HTTPS connection, between the user’s device and data processing servers.

The resulting requests generally enable these servers to obtain the user’s IP address, as well as a wide range of information about their device. Realistically, this information can be used to re-identify the user and to access their browsing habits on all sites using the same audience measurement tool.

Edgee operates at the edge as a proxy and is in a unique position to break the contact between the final user and the analytics solution.

Proxy Handling: Edgee operates as a proxy, meaning that all requests to analytics services are made through Edgee’s edge nodes. To ensure privacy, Edgee anonymizes the client’s IP address by truncating the last byte before any data is transmitted to third parties. This method effectively obscures the full IP address, ensuring that the original, complete IP address is never directly exposed to external entities. This precaution helps maintain the privacy and anonymity of users, preventing third parties from potentially identifying individuals based on their IP addresses.

User Identification Options

When creating a project in the Edgee console, you can choose between two approaches for user identification:

1. Cookieless

The cookieless option provides enhanced privacy compliance by not using cookies until the user has explicitly given consent.

Go to your project > Settings > Privacy

How it works:

  • If the user hasn’t expressed consent (pending state) or has denied consent, Edgee uses a temporary cookieless hash to identify the user.
  • This hash is generated based on a combination of non-unique identifiers such as:
    • User agent information
    • IP address (anonymized)
    • Language preferences
    • Device information
    • Hostname
  • The cookieless hash is:
    • Valid for only 24 hours
    • Not completely unique but unique enough for basic analytics
    • Not considered fingerprinting as it has limited validity and uniqueness
    • Stored in Edgee’s edge cache, not on the user’s device

When to use:

  • For projects requiring strict privacy compliance
  • In regions with stringent cookie consent requirements
  • When prioritizing user privacy over perfect identification accuracy

For projects requiring more accurate user identification, Edgee can utilize a first-party encrypted cookie.

How it works:

  • Edgee utilizes a first-party encrypted cookie to manage user sessions and verify user authenticity.
  • This cookie serves a dual purpose: verifying that the user is a genuine person (not a bot) and enabling session tracking to understand user recurrence over time.

Each cookie contains:

  1. An encrypted string, decipherable only by Edgee, ensuring that the contents remain confidential and secure from client-side access.
  2. An anonymous user ID and session information, which are used internally to distinguish between users and understand user behavior over time without compromising privacy.

More in detail:

  • Privacy-focused ID Use: The use of this encrypted cookie is strictly confined within Edgee’s edge processing environment. Although the anonymous user ID is transmitted to third-party analytics providers, it remains encrypted and inaccessible to client-side libraries. This ensures that no entity outside of Edgee can use this ID to identify individual users.

  • Dynamic Cookie Encryption: To enhance security and privacy, the encrypted cookie is regenerated with each request. This dynamic approach ensures that the cookie’s information cannot be reused or intercepted for tracking, further safeguarding user privacy.

  • Edge-generated IDs for Analytics: In addition to the encrypted cookie, Edgee can generate new, distinct user IDs at the edge for each analytics component. These IDs maintain session continuity and user distinction across different analytics tools without revealing or transmitting any personally identifiable information. The robust encryption and regeneration strategy of the cookie ensures that these IDs can be securely passed to analytics platforms, supporting comprehensive data analysis while preserving user anonymity.

When to use:

  • For projects requiring precise user identification
  • In regions where privacy regulations permit cookie usage with appropriate disclosures
  • When analytics accuracy is a priority

Legal Compliance: The use of Edgee’s first-party cookie is supported by a legal opinion which confirms that our implementation:

  • Applies technical and organizational measures that meet consent exemption conditions
  • Satisfies the proxying criteria recommended by data protection authorities
  • Complies with GDPR and ePrivacy Directive requirements

Ensuring Compliance and Upholding Trust

  • Data Minimization: Edgee practices data minimization, collecting only what is necessary to deliver valuable insights and analytics. This principle is key to respecting user privacy and adhering to legal frameworks.

  • Compliance with Global Regulations: Our data processing and anonymization practices are designed to comply with major data protection laws such as the GDPR (General Data Protection Regulation) in Europe, the CCPA (California Consumer Privacy Act) in the United States, and other relevant privacy regulations worldwide.

  • Transparent Practices: Edgee believes in transparency and user empowerment. We provide clear information about our data handling practices, giving users and customers confidence in how their data is managed.

Technical and Organizational Measures

  • Encryption: All data transmitted to and from Edgee is encrypted using industry-standard protocols, ensuring that data in transit remains secure.

  • Regular Audits: Edgee undergoes regular security and privacy audits to ensure our practices remain robust and in line with the latest standards and regulations.

  • Continuous Improvement: Our commitment to privacy and data protection is ongoing. We continuously evaluate and update our practices to address emerging privacy concerns and technological advancements.

Privacy Measures for Analytics Integration

When integrating with third-party analytics tools, Edgee implements several privacy-enhancing measures:

  • Proxying: Edgee acts as an intermediary between users and analytics services, preventing direct contact that could lead to tracking.

  • Data Filtering: Potentially identifying information in URLs or referrers is filtered out until user consent is obtained.

  • Limited Data Retention: Data collected via audience measurement is retained for no more than 25 months, in accordance with regulatory guidelines.

  • No Cross-Site Tracking: Edgee prevents the collection of cross-site or deterministic identifiers that could enable tracking across different websites.

Conclusion

Edgee’s dedication to privacy is foundational to our mission. By providing flexible user identification options and employing rigorous privacy measures, we empower businesses to choose the approach that best balances their analytics needs with privacy requirements. Whether you opt for the cookieless approach or the first-party cookie solution, Edgee ensures that businesses can leverage the benefits of edge computing and analytics without compromising on their users’ trust and confidence.

Was this page helpful?

Suggest editsRaise issue