Understand exactly what data Zenovay collects and how to configure data collection to match your privacy requirements.
Data Collection Overview
Standard Data Collection
By default, Zenovay collects:
| Data Type | Example | Purpose |
|---|---|---|
| Page URL | /products/widget | Page analytics |
| Page Title | "Widget Product" | Content identification |
| Referrer | google.com | Traffic source |
| Browser | Chrome 120 | Compatibility |
| Device Type | Desktop | Experience optimization |
| Screen Size | 1920x1080 | Layout analytics |
| Country | United States | Geographic analytics |
| Language | en-US | Localization |
| Timestamp | 2025-01-15T10:30:00Z | Timeline |
What We DON'T Collect
Zenovay never automatically collects:
- Names or email addresses
- Passwords or credentials
- Payment information
- Social security numbers
- Personal messages
- Form field contents
- Keystroke patterns
Data Categories
Automatically Collected
Technical Data:
Browser Information:
├── User Agent String
├── Browser Name & Version
├── Operating System
├── Screen Resolution
├── Viewport Size
└── Language Preference
Network Information:
├── IP Address (hashed, never stored raw)
├── Connection Type (if available)
└── Approximate Location (from IP)
Behavioral Data:
Page Interactions:
├── Pages Visited
├── Visit Duration
├── Scroll Depth
├── Click Locations (heatmaps)
└── Entry/Exit Pages
Session Data:
├── Session Start Time
├── Session Duration
├── Pages per Session
└── Bounce/Exit Status
Optional Data (Requires Configuration)
User Identification:
// Only collected when you call identify
zenovay('identify', {
id: 'user-123',
email: '[email protected]',
name: 'John Doe',
plan: 'pro'
});
Custom Events:
// Only collected when you call track
zenovay('track', 'purchase', {
product_id: 'SKU-001',
value: 99.99
});
Revenue Data:
// Only collected when you call the revenue command
zenovay('revenue', 149.99, 'USD', {
order_id: 'ORD-123'
});
IP Address Handling
Default Behavior
By default, IP addresses are:
- Used for geolocation lookup
- Hashed for visitor identification
- Never stored in raw form
Anonymization
If you don't want the IP used for visitor identification at all, enable IP anonymization in your website's Advanced settings. See IP Address Handling for the full breakdown of how IPs are processed.
Cookieless Tracking
Zenovay can run without cookies. Enable Cookieless mode in your website's settings under the Advanced tab.
In cookieless mode:
| Feature | Standard | Cookieless |
|---|---|---|
| Cookies / localStorage | Yes | No |
| Visitor ID | Persisted across visits | In-memory, per page load |
| Cross-session linking | Yes | No |
| Session duration accuracy | Higher | Lower |
This is the recommended setup when you want analytics without a cookie banner. See Privacy Mode for more on cookieless and minimal-data tracking.
Referrer
By default the full referrer URL is captured:
https://google.com/search?q=analytics
Zenovay reports the traffic source (for example google.com) in your analytics. Query strings on the referrer are used only to derive campaign attribution (UTM parameters, gclid, fbclid, ttclid).
Session Tracking
Standard Sessions
Sessions are identified via:
- A first-party session identifier (default 30-minute timeout)
- Activity timeout — a new session starts after the visitor is inactive
You can adjust the session timeout in your website's Advanced settings.
Cookieless Sessions
In cookieless mode, sessions are:
- Scoped to a single page load
- Not linked across page navigations
- Less precise on duration
Visitor Identification
Anonymous Visitors
By default, visitors are identified by a hashed signature so Zenovay can:
- Detect returning visitors
- Aggregate sessions
- Do this without storing personally identifying data
Identified Users
When you call identify, you control exactly what data is associated:
zenovay('identify', {
id: 'user-123',
email: '[email protected]', // Optional
name: 'John Doe', // Optional
plan: 'pro' // Optional
});
Third-Party Data
What We Don't Share
Zenovay never:
- Sells visitor data
- Shares with advertisers
- Uses for cross-site tracking
- Transfers for marketing
Sub-processors
We use sub-processors for cloud hosting, script delivery, and team email. The full list is on the Sub-processors page.
Customizing Collection
Tracking Script Attributes
Most tracking behaviour is controlled from your website's settings in the dashboard. A few options can also be set directly on the script tag — for example, outbound link tracking:
<script
defer
data-tracking-code="YOUR_TRACKING_CODE"
data-track-outbound="false"
src="https://api.zenovay.com/z.js"
></script>
Options like outbound-link tracking, file-download tracking, and cookieless mode are also available as toggles in your website's Advanced settings.
Exclude Pages, IPs, and Regions
To stop tracking specific paths, IP addresses, hostnames, or countries, open your website's settings and use the Exclusions tab.
You can also disable the tracker entirely on a given page from your own code:
// In your code, before the tracker loads
if (sensitivePages.includes(window.location.pathname)) {
window.ZENOVAY_TRACKER_CONFIG = { disabled: true };
}
Data Minimization
Best Practices
-
Only collect what you need
// Bad: Collecting unnecessary data zenovay('identify', { id: user.id, ssn: user.ssn }); // Good: Minimal data zenovay('identify', { id: user.id, plan: user.plan }); -
Use cookieless mode when possible
- For anonymous analytics
- When consent has not been obtained
- For privacy-sensitive sites
-
Exclude sensitive paths and IPs
- Account and admin pages
- Internal office IPs
- Staging hostnames
-
Review periodically
- Audit what you're collecting
- Remove unnecessary tracking
- Update your privacy policy
Data in Dashboard
What You See
Visitor Dashboard:
├── Visitor ID (anonymous hash)
├── Visit History
├── Pages Viewed
├── Events Triggered
├── Device Information
└── Geographic Location (country/city)
What's Hidden
Even from you:
- Raw IP addresses
- Exact location coordinates
- Personally identifying patterns
Compliance Considerations
GDPR
Data collection should:
- Have lawful basis
- Be documented
- Be minimized
- Be secure
CCPA
Users have right to know:
- What's collected
- How it's used
- Who it's shared with
See GDPR Overview and CCPA Compliance.
Troubleshooting
Data Not Appearing
Check:
- Script loaded correctly
- Tracking code valid
- Not blocked by ad blocker
- Not on an excluded path, IP, hostname, or country
Too Much Data
Review:
- Disable unnecessary tracking options in Advanced settings
- Use cookieless mode
- Exclude sensitive pages and IPs