WebmasterID logoWebmasterID
Legal

Privacy Policy

A plain-English explanation of how WebmasterID collects and handles data.

Last updated

This Privacy Policy explains how WebmasterID, an analytics product currently operated by HELPERG LLC (a Wyoming, United States limited liability company with a registered address at 30 N Gould St Ste N, Sheridan, WY 82801, United States), collects and processes data. You can contact us at info@helperg.com. WebmasterID is an early-stage product; this policy will be updated as the product evolves.

This document is provided in good faith and reflects the actual product implementation as of the last-updated date. It is not a substitute for legal advice; a formal legal review is recommended before relying on it for compliance purposes.

What WebmasterID is

WebmasterID is a privacy-first analytics product. It provides a small browser tracker, a server-side ingest API, and an operator dashboard. Customer sites embed the tracker to record basic page-view information; AI/search crawlers are detected separately and stored in a distinct path. See /architecture for the full system shape.

What we collect

When the WebmasterID tracker is loaded on a customer site, the following fields are recorded for each event:

  • The site_id of the customer site (e.g. wm_…).
  • The URL and pathname of the page being viewed.
  • The HTTP referrer where the browser provides one.
  • The five canonical UTM parameters (utm_source, utm_medium, utm_campaign, utm_content, utm_term).
  • The browser language string and the screen width.
  • The event name (typically page_view) and a timestamp.
  • A small set of additional event attributes (e.g. document title) where the event provides them.

Server-side, the request's IP address is anonymised before storage (IPv4 last octet zeroed, IPv6 truncated to /48). Raw IP addresses are not written to the database.

What we do not collect

  • No third-party cookies or cross-site identifiers.
  • No fingerprinting (canvas, audio, fonts, device entropy).
  • No localStorage tracking or persistent visitor IDs.
  • No session replay or DOM/input recordings.
  • No raw IP addresses in storage.
  • No advertising audience exports.

AI crawler / bot data

Requests with a recognised AI/search crawler user-agent are stored in a separate bot_visits table. Captured fields are: site_id, bot identifier, bot name and category, pathname, the bot's user-agent string, and the timestamp. AI crawler data is never mixed with human page-view aggregates.

Server-side events

Customers may also submit events server-to-server via a dedicated endpoint, authenticated with a hashed secret key (wmsk_). When a customer chooses to use this path, the data shape and storage rules above continue to apply.

Purposes of processing

  • To provide analytics aggregates to the customer who installed the tracker.
  • To detect and separate AI/search crawler traffic.
  • To operate, secure, and debug the WebmasterID service.

Legal bases (high level)

For visitors to a customer site, processing typically relies on the customer site's own legal basis (legitimate interest or consent, depending on jurisdiction and implementation). For operators of the WebmasterID dashboard, processing is necessary to perform the contract for the service. Specific bases will be confirmed in updated documentation alongside the launch of a formal Data Processing Agreement.

Retention

The current default retention window is 90 days for events and bot visits. Per-site retention overrides are on the roadmap. Aggregated, non-personal usage information may be retained longer for product analytics about WebmasterID itself.

Data storage and hosting

Analytics data is stored in PostgreSQL hosted on Supabase. The ingest API and dashboard run as Vercel serverless functions. Both providers may host data in the European Union or the United States depending on the project region. The list of subprocessors will be confirmed alongside the formal Data Processing Agreement.

Your rights

Where applicable law grants you rights as a data subject — including access, correction, deletion, restriction, objection, or portability — please contact us at info@helperg.com. Because WebmasterID processes analytics on behalf of customer sites, requests relating to a specific site should normally be directed to the operator of that site (the controller). We assist site operators with fulfilling such requests.

International transfers

To the extent personal data is transferred outside your jurisdiction, transfers rely on the safeguards offered by our hosting providers (e.g. EU Standard Contractual Clauses where relevant). Specific transfer mechanisms will be detailed alongside the formal Data Processing Agreement.

Changes to this policy

This policy will be updated as the product evolves and as the legal-entity details are confirmed. Material changes will be reflected in the "Last updated" date at the top of the page.

Contact

Questions about this policy or the underlying processing can be sent to info@helperg.com. See also our Cookie Policy, Data Processing page, and Terms.

This Privacy Policy is provided in good faith and reflects the actual product implementation as of the last-updated date. It is not legal advice. Final review by qualified counsel is recommended before public SaaS launch.

← All legal pages