Privacy Policy

Last updated: May 2026

Logly is built to be private by design. We do not use cookies, do not collect personal data, and do not track individuals across sites.

Who we are

Logly is a web analytics service operated from the United Kingdom. Our infrastructure runs entirely within the European Union. Contact: our support desk

What we collect — visitors to sites using Logly

When a visitor loads a page with the Logly tracker, we record:

The page URL and referrer
A daily-rotating session hash derived from a truncated IP prefix, user-agent, and the current date — this hash cannot be reversed to identify an individual and is never stored in our database
Active time on page (paused when the tab is hidden)
Country, inferred from IP — the full IP address is never stored

No cookies are set. No persistent identifiers are stored. No personal data leaves the visitor's session. A consent banner is not required.

What we collect — Logly account holders

When you create a Logly account we store:

Your email address and display name, provided by Google or GitHub OAuth
Your account tier and the sites you register

We do not store OAuth tokens. Authentication is handled via a short-lived JWT cookie scoped to app.logly.uk.

Legal basis (GDPR)

For visitor analytics: no personal data is processed, therefore no legal basis is required under GDPR or ePrivacy Directive.

For account holders: processing is based on the performance of a contract (Art. 6(1)(b) GDPR).

Data location

All data is stored on Cloudflare infrastructure in the European Union (EU region). No data is transferred to the United States or any third country.

Data retention

Aggregated analytics data is retained according to your plan (1 month on Free, 6 months on Starter, 2 years on Pro, 5 years on Business). Raw session data is not retained beyond the aggregation window.

Account data is retained for as long as your account is active. You can request deletion at any time by emailing our support desk.

Third parties

We use the following sub-processors:

Cloudflare — infrastructure and edge compute (EU region)
Google OAuth / GitHub OAuth — authentication only; we receive only your email and display name

We do not sell data. We do not share data with advertisers or data brokers.

Your rights

Under GDPR you have the right to access, rectify, or erase your account data. To exercise these rights contact our support desk. We will respond within 30 days.

Changes to this policy

Material changes will be announced via email to registered users at least 14 days before taking effect.