Chartbeat & the GDPR

The General Data Protection Regulation (GDPR) is a European regulation adopted by the European Commission on data protection and privacy for the benefit of individuals located in the European Union. In short, it provides comprehensive data privacy protection for the personal data of EU individuals, focusing on transparency, accountability and the rights of data subjects.

For more details on Chartbeat's approach GDPR and how we protect personal data please visit our GDPR readiness page.

Data Security Policy details at


What is Chartbeat’s approach to data?

One of the earliest decisions Chartbeat made as a business, and one which we've stuck to steadfastly over the years, is to build our products with user privacy as a top priority.

In light of GDPR, we have been diligently doing a re-evaluation of all of our data security, privacy, storage and data handling procedures, and working to improve and strengthen those (already strong) practices.  

Beyond our product, Chartbeat is also evaluating our data privacy and security practices around standard business operations (such as marketing, finance and sales) to ensure that we are GDPR compliant now and in the future.


Does Chartbeat track personal data?

In terms of the data we collect on behalf of our customers, Chartbeat’s service is what GDPR refers to as a “Data Processor.” In acting as such, Chartbeat obtains user internet protocol (IP) addresses and certain other online identifiers which constitute “Personal Data” under the GDPR’s broad definition.

Chartbeat’s products are designed to provide full functionality to our customers without needing any identifying information about our customer’s website visitors such as the name, email address or any similar information. We do not collect or store such information. Further, as a matter of data security and privacy, we also do not collect or store any sensitive or special categories of Personal Data.


What are IP addresses and why does Chartbeat obtain them?

Every computer and device connected to the Internet is assigned an Internet Protocol (“IP”) address. IP addresses, which need to be used by websites for the Internet to function, enable information to pass between computers and servers, while also giving website owners a sense of the location their visitors are coming from. This helps companies provide services, protect data and abide by regulations.

Chartbeat uses IP addresses in order to provide our service. When visitors browse on websites using Chartbeat, Chartbeat code transmits information about what was read to our servers. This communication between browser and server necessarily involves IP addresses, as all Internet communication does. We use IP addresses to handle that data transmission. After receipt of this data, we strip identifying information from the IP addresses by masking the last octet, and use this masked IP address to identify the city and country in which a visitor is based. We then delete masked IP addresses from our systems within two hours of receipt.  We do not use IP addresses in any other part of our system.

In technical terms, this means that each IP’s final octet is converted to 000 before being processed by Chartbeat's systems and is never written to disk. Conversion to 000 prevents the address from being used to track back to an individual host.


Does Chartbeat set cookies?

Chartbeat does not set third-party cookies. We also do not take any steps to identify specific visitors (for example, we do not do browser fingerprinting or collect device IDs).

There are two types of cookies: first-party cookies and third-party cookies. First-party cookies are controlled by website owners, and they are specific to that particular website.Third-party cookies, by contrast, are set by third parties and may be used to track visitors between domains. 

Chartbeat was designed with privacy in mind, and is a first party analytics platform. This means that publishers who use our service can set first party cookies on their sites using Chartbeat code, or they can run in cookieless mode. However, Chartbeat does not, under any circumstances, set third-party cookies on our publisher’s sites.


Will Chartbeat enter into a Data Processing Agreement ("DPA") with me?

Yes, we would be happy to enter into a DPA with our partners who provide service to individuals in the EU. Most customers will find the relevant terms in the Data Processing Addendum of our updated Terms of Service document.

For customers who have a Master Services Agreement (MSA) with us, Chartbeat also has a Data Processing Addendum available to accompany the MSA. Please contact your customer success manager or send your inquiry to


How can I adjust the controls that I have over the data I share with Chartbeat?

Chartbeat customers have the ability to manage and adjust controls over data they share with Chartbeat. Additionally, publishers can modify Chartbeat data settings, including running Chartbeat in cookieless mode.

Please note that the only way to enter cookieless mode is for a developer to change the way that Chartbeat's code is implemented across the entire domain.

Refer to our documentation guide or contact if you have specific requests.

Here are some ways to get in touch.