Legal

Privacy Policy

Last updated: April 5, 2026

Summary: Insyta Pro stores all data exclusively in your own WordPress database. No data is transferred to external servers. The plugin is designed to be GDPR-compliant.

1. Data Controller

The data controller is the operator of this website. For privacy questions, contact: support@insyta.io

2. Data Collection and Processing

2.1 Website Analytics with Insyta Pro

This website uses the self-hosted WordPress plugin "Insyta Pro" to analyze user behavior. Insyta Pro stores all data exclusively in our own database on our server. No data is transferred to external services.

The following data is collected:

  • Click events: Which button was clicked (button ID/selector), timestamp, page URL
  • Session data: Pages visited, time on page, pageviews per session
  • Device data: Device type (desktop/mobile/tablet), browser type (Chrome/Firefox/Safari), operating system (Windows/macOS/iOS/Android)
  • Scroll depth: Anonymized scroll milestones (25%, 50%, 75%, 90%, 100%) per page
  • UTM parameters: Marketing parameters in the URL (utm_source, utm_medium, utm_campaign) if present
  • Rage clicks: Multiple clicks on the same element (indicator for frustration/issues)
  • Dead clicks: Clicks on non-interactive elements
  • Form analytics: Form field metadata only (field name, type, time on field) — no form input values are captured
  • Click heatmaps: Visual representation of click positions on a page
  • Session recordings: Mouse movements, clicks and scroll events for replay
  • Real-time sessions: Number of active visitors, currently visited pages (live monitoring for the last 5 minutes). Session IDs are temporarily stored in the browser (SessionStorage) and automatically deleted when the tab is closed.
  • Anonymized IP address: For the live dashboard, the IP address is captured and stored anonymized (e.g. 192.168.1.xxx). The last octet (IPv4) or last groups (IPv6) are replaced with "xxx". This anonymized IP allows approximate geographic recognition but does not allow identification of individuals.

Important — No cookies, no personal data:

  • Insyta Pro uses NO cookies
  • Session recognition uses SessionStorage (browser storage, automatically deleted when closing the tab)
  • No names, email addresses or other directly personal data is collected
  • IP addresses are stored anonymized: only the first three octets of an IPv4 address are stored (e.g. 192.168.1.xxx) — the last octet is removed
  • No tracking IDs that follow users over days/weeks
  • All data remains in the website operator's WordPress database (no transfer to us or third parties)

SessionStorage vs. Cookies: Unlike cookies, SessionStorage is not transmitted to our server and expires automatically when the browser tab is closed. SessionStorage is provided by the browser and is necessary for the technical functionality of websites (such as shopping carts or session recognition). It is not a cookie under the ePrivacy Directive.

3. Transfer to Third Parties / Payment Processors

Plugin data: All click, scroll and session data collected by the Insyta Pro plugin is stored exclusively in this WordPress installation's database. There is no transfer to external servers, analytics services, or third parties.

Exception — GA4/GTM integration: When GA4/GTM integration is enabled, click events are transmitted to Google Analytics 4 or Google Tag Manager. This integration is disabled by default and must be explicitly activated.

Payment Processing via Paddle

For payment processing we use the payment service provider Paddle.com Market Limited ("Paddle"), 15 Briery Close, Great Oakley, Corby, Northamptonshire, NN18 8JG, United Kingdom.

Paddle acts as "Merchant of Record" and processes the following data as part of payment processing:

  • Name, email address
  • Billing address (optional)
  • Payment information (credit card data, PayPal account, etc.)
  • Transaction data (order number, product, price, date)

Legal basis: Art. 6 para. 1 lit. b GDPR (contract performance). The transfer of data to Paddle is necessary for the execution of the purchase contract.

Privacy at Paddle: Paddle is PCI DSS Level 1 certified and processes all data in compliance with GDPR. More information: Paddle Privacy Policy

Retention period: Paddle stores transaction data according to legal retention periods (usually 10 years for accounting). Credit card data is encrypted and only processed for the duration of the payment.

Credit Card Processing via Stripe

For credit card payment processing we use the payment service provider Stripe, Inc., 354 Oyster Point Blvd, South San Francisco, CA 94080, USA.

Stripe processes the following data as part of credit card payment processing:

  • Name, email address
  • Credit card data (card number, expiration date, CVC)
  • Billing address (optional)
  • Transaction data (order number, product, price, date)

Legal basis: Art. 6 para. 1 lit. b GDPR (contract performance). The transfer of data to Stripe is necessary for the execution of credit card payments.

Privacy at Stripe: Stripe is PCI DSS Level 1 certified and processes all data in compliance with GDPR. For data transfers to the USA, Stripe uses EU Standard Contractual Clauses. More information: Stripe Privacy Policy

Retention period: Stripe stores transaction data according to legal retention periods. Credit card data is encrypted and only processed for the duration of the payment.

4. Legal Basis

The processing of click data is based on Art. 6 para. 1 lit. f GDPR (legitimate interest), as the operator has a legitimate interest in analysing website usage to optimise the offering.

5. Retention Period

Click data is stored for 90 days by default and then automatically deleted. The retention period can be adjusted in the plugin settings.

6. Opt-Out

You can disable tracking by Insyta Pro at any time:

Disable tracking (Opt-Out)

A local entry is set in your browser (localStorage) that permanently prevents tracking. No cookies are set. The opt-out applies only to this browser.

To re-enable tracking: Opt-In (re-enable tracking)

7. Your Rights

Under GDPR you have the following rights:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to object (Art. 21 GDPR)

To exercise your rights, contact: support@insyta.io

8. Cookies

Insyta Pro uses NO cookies.

Unlike many other analytics tools (Google Analytics, Hotjar, Matomo with cookies), Insyta Pro does not set any cookies on your device. Session recognition uses SessionStorage exclusively, a browser storage that:

  • Is not considered a cookie (no cookie banner required)
  • Is not transmitted to the server
  • Is automatically deleted when the browser tab is closed
  • Is only necessary for the technical function of the website

Optional UTM cookie: Insyta Pro can optionally set a first-party cookie ("insyta_p_utm") to store UTM parameters for 24 hours. This cookie contains only UTM parameter values, no personal data, and can be disabled in the plugin settings.

Other cookies: This website may use cookies from third parties (e.g. payment processors, embedded videos). Insyta Pro itself does not set cookies.

9. Email Communication to Existing Customers

We use the email address provided at the time of license purchase to occasionally inform existing customers about product updates, new features and relevant offers related to Insyta Pro. This is based on Art. 6 para. 1 lit. f GDPR (legitimate interest) in conjunction with § 7 para. 3 UWG (existing customer privilege under German law), as the communication exclusively concerns our own similar products and services.

Data processed: Email address and name (as provided at license purchase).

No third-party delivery: Emails are sent directly from this website's server (WordPress wp_mail). No data is shared with external email marketing services.

Unsubscribe: Every email contains an unsubscribe link that allows you to stop receiving further messages at any time, free of charge. Alternatively, you can unsubscribe by emailing support@insyta.io.

10. Hosting and Server Log Files

This website is hosted by ALL-INKL.COM – Neue Medien Münnich, Hauptstraße 68, 02742 Friedersdorf, Germany. The hosting provider automatically collects server log files which may contain the following data:

  • IP address of the accessing device
  • Date and time of access
  • Name and URL of the requested file
  • Referrer URL (previously visited page)
  • Browser type and operating system

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in the technically error-free provision of the website).

Server location: Germany. This data is not combined with other data sources.

More information: ALL-INKL Privacy Information

11. Content Delivery Network (CDN) — WP Compress

To optimize loading times and delivery of images and static content, we use the service WP Compress.

Images and static resources are delivered via WP Compress's CDN (Content Delivery Network). When retrieving this content, a connection is established to WP Compress servers, which technically requires the transmission of the visitor's IP address.

Data processed:

  • Visitor's IP address
  • Requested resource (image URL, file size)
  • Browser type and operating system (user agent)
  • Time of access

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in the fast and efficient provision of the website).

Purpose: Image optimization (compression, WebP conversion) and accelerated delivery via globally distributed servers.

More information: WP Compress Privacy Policy

12. Contact

For privacy policy questions, contact: support@insyta.io