Privacy notice
How Irv handles data.
Last updated 2026-04-29.
Roles
Irv is a processor. The website operator who installs Irv on their app is the controller — they decide what to collect and why. This notice describes what Irv does on their behalf.
What Irv collects
The Irv SDK auto-captures a small set of fields. Nothing else is captured unless the website operator adds an irv.track() call.
- distinct_id
- A random UUID stored in the visitor's localStorage. Identifies the same browser across pages but not across devices. Not derived from any PII.
- session_id
- A random UUID that resets after 30 minutes of inactivity. Used for session metrics.
- Pageviews
- URL path, referrer, screen size, language.
- Clicks
- Visible text and tag of buttons and links the visitor interacts with. Used to derive top-clicked elements and tracking gaps.
- Country
- Derived from IP address at the edge by Vercel. The IP itself is never stored — only the 2-letter country code.
- Only collected if the website operator explicitly calls irv.identify(email) — for example after a user signs up. Used to join analytics with payments or email engagement when those connectors are enabled.
What Irv does not collect
- IP addresses (only the country code derived from them, at the edge)
- Form values, password fields, or any text entered into inputs
- Keystrokes, mouse movements, or scroll positions
- Cross-site tracking identifiers
- Names, addresses, or any field not explicitly listed above
Why
To power product analytics — funnels, drop-off detection, page-improvement suggestions, and AI insights — for the website operator. Irv does not sell data, share it with advertisers, or use it to train AI models.
Lawful basis
The website operator (controller) is responsible for obtaining a lawful basis under GDPR Article 6. For EU/EEA visitors, this typically means consent under ePrivacy. Irv provides an irv.optOut() primitive to support opt-outs but does not display its own consent banner — operators integrate consent into their own UI.
Retention
- Raw events: 30 days, then automatically expired by Redis TTL.
- Daily aggregated rollups: 400 days. These are HyperLogLog cardinality sketches and counters — the original
distinct_ids are not recoverable from them. - Insights cache + history: kept while the project is active. Contains page paths and aggregated metrics, not individual visitor IDs.
- Identity entries (when
irv.identify()is used): kept until erased.
Sub-processors
Irv uses the following sub-processors. All are bound by Standard Contractual Clauses for international transfers.
| Provider | Region | Purpose |
|---|---|---|
| Vercel | United States | Hosting, edge network, geo lookups Standard Contractual Clauses in place via Vercel's DPA. |
| Upstash (Redis) | United States (regional EU available) | Event storage, daily rollups, insights cache Standard Contractual Clauses in place via Upstash's DPA. |
| Anthropic | United States | AI insight generation Receives aggregated metrics and page paths only — no IPs, no distinct_ids, no email addresses. SCCs in place via Anthropic's DPA. |
| Clerk | United States | Authentication for the Irv dashboard (operators only) Used only by people who sign in to manage projects, not by your visitors. SCCs in place. |
| GitHub | United States | OAuth + read access to linked repositories (operators only) Tokens are encrypted at rest with AES-256-GCM. Optional — only used when an operator connects their repo. |
Your rights
Under GDPR you have the right to access, correct, delete, port, or object to processing of your personal data. To exercise any of these rights, email privacy@irv.app with the website you visited and the time of your visit. We respond within 30 days.
You may also opt out of tracking on any site running Irv by running irv.optOut() in your browser console, or by asking the site operator to remove your data.
Security
- All traffic is encrypted in transit (TLS 1.3).
- Data is encrypted at rest by our storage providers.
- GitHub OAuth tokens are additionally encrypted at the application layer with AES-256-GCM.
- Each project's data is isolated by a project-scoped key namespace.
Changes to this notice
Material changes will be reflected by updating the date at the top of this page. We recommend checking back periodically.
Contact
Privacy questions: privacy@irv.app. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.