Privacy Policy
Effective date: May 15, 2026 · Last updated: May 23, 2026
Erkmo Inc. (“Erkmo,” “we,” “us,” or “our”) operates the business analytics and marketing platform available at erkmo.com and related services (collectively, the “Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard information when you visit our website, use our platform, or interact with our services.
Erkmo provides analytics, CRM, email marketing, form building, and ad-platform integrations for businesses. We serve two categories of people: our customers (businesses that use Erkmo) and their end users (visitors to our customers’ websites). This policy covers both.
By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please discontinue use of the Service.
1. Information We Collect
1.1 Account Data
When you create an Erkmo account, we collect your name, email address, and password. Passwords are cryptographically hashed before storage and are never stored in plaintext. You may optionally provide a profile image.
1.2 Website Analytics Data
When our tracking script runs on a customer’s website, we collect the following about end-user page views and interactions:
- Page URL and referrer URL
- Device type (desktop, mobile, tablet)
- Browser name and version
- Operating system
- Country and region (derived from IP address)
IP addresses are never stored in analytics events. We use the visitor’s IP address transiently to perform a geolocation lookup, primarily against a local MaxMind database (no data leaves our servers). In rare cases where the local database does not have a match, we may query an external GeoIP service as a fallback (see our Sub-Processors page). The IP address is discarded immediately after the lookup and is never written to any analytics event record.
1.3 Privacy-Preserving Session Identification
To group page views into sessions without tracking individuals across time, we generate an irreversible hash from the visitor’s IP address, user-agent string, and a salt that rotates every 90 days. When the salt rotates, it is permanently deleted, making it impossible to reconstruct previous session identifiers. This approach means we cannot identify or re-identify individual visitors.
1.4 Form Submission Data
When an end user submits a form built with Erkmo, we collect whatever data the end user enters into the form (for example, name, email, message). We also record the submitter’s IP address, device type, browser, referrer URL, and landing page. The IP address is stored as part of the submission record for fraud prevention and spam detection. Unlike analytics tracking (where IP is never stored), form submissions are active user interactions with a direct legal basis. Our customers control the fields on their forms and are responsible for ensuring they have a lawful basis for collecting that data.
When a visitor submits a form and had previously consented to analytics tracking (or the submission itself constitutes a business interaction), we may link the submission to the visitor’s anonymous browsing session. This allows our customers to see the pages a lead visited before submitting the form. No additional personal data is collected — we simply connect existing analytics data with the voluntarily provided form data. This linking does not occur when consent has been denied.
We also collect partial submission data when a visitor begins filling out a form but does not complete it. This data is used for conversion optimization (for example, identifying which form fields cause visitors to abandon the process). Partial submission data is automatically deleted after 180 days of inactivity.
1.5 CRM Contact Data
Customers may store contact records in Erkmo’s CRM, including name, email address, phone number, and company name. This data is provided directly by the customer or imported from their existing systems.
1.6 Billing Data
We process payments through PCI-compliant payment processors. Full card numbers are tokenized via Enigma Vault and are never stored on our servers. We retain only the last four digits of the card number, the card brand, and invoice records for accounting and legal compliance.
1.7 Email Marketing Data
When customers use Erkmo’s email marketing features, we collect campaign performance metrics such as send counts, open rates, click rates, bounce rates, and unsubscribe events.
1.8 Ad Platform and Social Media Data
Customers may connect their own advertising accounts (Google Ads, Meta Ads, TikTok Ads, LinkedIn Ads, Bing Ads) and social media accounts (Instagram, etc.) to Erkmo. We import performance metrics and campaign data from these platforms on the customer’s behalf. We do not receive or store credentials for these platforms beyond OAuth tokens necessary for the integration.
1.9 Company Identification (B2B Analytics)
For customers using Erkmo’s B2B analytics features, we use a visitor’s IP address transiently to identify the company or organization associated with the network, not the individual visitor. We query third-party network registration databases (see our Sub-Processors page) to determine the company name and domain associated with an IP range.
Only the company name and domain are stored — the IP address itself is not retained alongside the identification result. Company identification data is automatically deleted after 180 days. Internet service providers and residential networks are filtered out, so only business or organizational networks are identified.
Company identification is not available on child-directed sites (see Section 11) and is disabled when a visitor’s consent status is denied (via GPC, DNT, or explicit opt-out).
1.10 Click Attribution
When a visitor arrives at a customer’s site from a paid advertising platform, the advertising click identifier (such as Google’s gclid or Meta’s fbclid) may be present in the page URL. Erkmo captures these identifiers as first-party data to help customers attribute conversions back to the specific ad campaign that drove the visit.
Click identifiers are URL parameters — they are not cookies and do not enable cross-site tracking. They are stored for a maximum of 30 days and are used solely for campaign attribution within the customer’s own site.
2. How We Use Information
We use the information we collect to:
- Provide, operate, and maintain the Service
- Process transactions and manage billing
- Generate analytics reports and dashboards for our customers
- Deliver email campaigns on behalf of our customers
- Generate customer profiles, visitor segmentation, conversion attribution, and campaign performance insights for our customers
- Provide customer support and respond to inquiries
- Detect, prevent, and address fraud, abuse, and security issues
- Improve the Service, including through aggregated usage analysis
- Comply with legal obligations
3. Privacy-First Tracking
Erkmo is designed from the ground up to respect visitor privacy. Our analytics approach differs fundamentally from traditional tracking tools:
- No cookies or localStorage by default. Our tracking script does not set any cookies or write to localStorage unless the site owner explicitly enables a feature that requires it.
- No IP address storage. IP addresses are used only in-memory for geolocation and session hashing, then immediately discarded.
- No cross-site tracking. We do not track users across different websites or build advertising profiles.
- Global Privacy Control (GPC) honored. If a visitor’s browser sends a GPC signal, we automatically respect it.
- Do Not Track (DNT) honored. We respect the DNT header signal.
- Consent management integration. When a customer’s site uses a consent management platform (CMP), our script auto-detects consent status and adjusts its behavior accordingly.
- Business events are not tracking. Events like purchases and form submissions represent active user interactions with the business and are treated as first-party data exchanges, not passive surveillance.
- Bot detection. Automated traffic from search engine crawlers, monitoring tools, and scrapers is automatically detected and excluded from analytics reports and intelligence features. No personal data is collected about bot operators.
3.1 How Consent Affects Data Collection
Erkmo adjusts the data it collects based on the visitor’s consent status. There are four levels:
- Full consent (opted in): All analytics features are enabled, including persistent identifiers for cross-session analysis, full device and browser details, and city-level geolocation.
- Default (no signal): Cookieless analytics with server-side session grouping. A temporary, non-reversible identifier is derived on our servers from request metadata (not stored on the visitor’s device). No cookies, no localStorage, no device fingerprinting. This identifier rotates every 90 days and cannot be used to track individuals across rotation periods. Region-level geolocation.
- Denied (GPC, DNT, or explicit opt-out): Country-level geolocation only. No session identifiers, no device or browser details, no company identification.
- Business interactions: Purchases, form submissions, and account registrations are recorded as first-party business data regardless of consent status — but without tracking identifiers when consent has been denied. These events represent active, voluntary interactions between the visitor and the business.
4. Legal Bases for Processing (GDPR)
For individuals in the European Economic Area (EEA), United Kingdom, and Switzerland, we process personal data under the following legal bases:
- Contractual necessity (Article 6(1)(b) GDPR): We process account data, billing data, and service-related information as necessary to perform our contract with you — i.e., to provide the Service you signed up for.
- Legitimate interest (Article 6(1)(f) GDPR): We process analytics data, security logs, and aggregated usage data for our legitimate interests in providing accurate analytics to our customers, preventing fraud, maintaining security, and improving the Service. We have conducted balancing tests to ensure these interests do not override the rights of data subjects, particularly given our privacy-first approach that minimizes data collection.
- Consent (Article 6(1)(a) GDPR): Where required under the ePrivacy Directive for the use of cookies or device storage, we rely on consent obtained through the customer’s consent management platform. You may withdraw consent at any time.
- Legal obligation (Article 6(1)(c) GDPR): We retain certain billing and transaction records as required by applicable tax and financial regulations.
5. Data Sharing and Sub-Processors
We do not sell personal data. We do not share personal data with third parties for their own marketing purposes. We share data only with the following categories of service providers, who process data on our behalf under data processing agreements:
| Sub-Processor | Purpose |
|---|---|
| Tinybird | Analytics event storage and real-time queries |
| Stripe / Enigma Vault | Payment processing and PCI-compliant card tokenization |
| Mailgun | Transactional and marketing email delivery |
| Vercel | Application hosting and edge functions |
| Cloudflare | CDN, DDoS protection, and R2 object storage for backups |
| MaxMind | Local GeoIP database for IP-to-location lookups (database runs locally — no visitor data is sent to MaxMind) |
For a complete and current list of sub-processors, including their locations and processing activities, see our Sub-Processors page. Our Data Processing Agreement details our obligations as a data processor, including security measures, breach notification procedures, and data deletion commitments.
We use PostHog for internal product analytics on the Erkmo dashboard (not on customer websites). PostHog is configured in “identified only” mode: no IP addresses are captured, session recording is disabled, and autocapture is disabled. Only authenticated Erkmo account holders generate PostHog events. Customer visitor data is never sent to PostHog.
We may also disclose information if required by law, subpoena, or other legal process, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.
6. International Data Transfers
Erkmo is based in the United States. If you are located outside the United States, your information may be transferred to and processed in the United States and other countries where our sub-processors operate.
For transfers of personal data from the EEA, UK, or Switzerland to countries that have not received an adequacy decision from the European Commission, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, supplemented by additional technical and organizational measures where appropriate.
7. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected:
| Data Category | Retention Period |
|---|---|
| Account data | Until account deletion by the customer |
| Analytics events | Configurable per site by the customer; default is 25 months |
| Form submissions | Until manually deleted by the site owner |
| CRM contacts | Until deleted by the customer |
| Billing records | 7 years from the date of the transaction (as required by applicable tax and accounting regulations) |
| Email campaign metrics | Until the customer deletes the campaign or their account |
| Session identification hashes | 90 days (the cryptographic salt used to generate them is permanently deleted upon rotation, making old hashes unlinkable) |
| Company identification data | 180 days from the date of the lookup |
| Click attribution data | 30 days |
| Abandoned form submissions | 180 days of inactivity |
| Password reset tokens | 30 days |
We run automated cleanup processes daily to enforce these retention limits. When data is deleted, we remove it from our active systems. Backups containing deleted data are purged within 30 days.
8. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you.
- Rectification: Request correction of inaccurate or incomplete personal data.
- Erasure: Request deletion of your personal data, subject to legal retention requirements.
- Portability: Request your data in a structured, commonly used, machine-readable format.
- Restriction: Request that we limit the processing of your personal data in certain circumstances.
- Objection: Object to processing based on legitimate interests, including for direct marketing purposes.
- Withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, contact us at privacy@erkmo.com. We will respond within 30 days (or within the timeframe required by applicable law).
EU/EEA residents: You have the right to lodge a complaint with your local data protection supervisory authority if you believe your rights have been violated.
9. Our Role as a Data Processor
When our customers use Erkmo to collect analytics, form submissions, or CRM data about their own end users, Erkmo acts as a data processor on behalf of the customer, who is the data controller. In this capacity:
- Our customers determine what data to collect and how it is used.
- We process that data solely according to our customers’ instructions and our Data Processing Agreement.
- End users who wish to exercise their data rights regarding data collected through a customer’s website should contact that customer directly. We will assist our customers in responding to such requests.
Our Data Processing Agreement is available for all customers and provides the contractual commitments required under GDPR Article 28.
10. Security
We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:
- Encryption of data in transit (TLS 1.2+) and at rest
- Cryptographic hashing of passwords using modern algorithms
- PCI-compliant payment processing through Enigma Vault
- Role-based access controls and multi-factor authentication
- Regular security reviews and dependency audits
- Minimal data collection by design — we do not collect data we do not need
For security purposes, we log the IP address and user-agent associated with password reset requests. This data is used solely to detect and prevent brute-force attacks and unauthorized access attempts. It is automatically deleted after 30 days and is never shared with third parties or used for any other purpose.
No system is 100% secure. If you discover a security vulnerability, please report it to privacy@erkmo.com.
11. Children’s Privacy (COPPA Compliance)
The Service is not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. If we learn that we have collected personal data from a child under 16, we will take steps to delete that data promptly.
Customers whose websites or applications are directed at children under 13 can enable child-directed mode in their site settings. When enabled, the following restrictions are automatically enforced at the platform level and cannot be overridden by any other setting:
- No session identifiers — no session hashes, anonymous IDs, fingerprints, or any form of visitor identification
- No company identification — reverse IP lookups are completely disabled
- No visitor profiling — no customer profiles, segmentation, journey reconstruction, or engagement analysis
- Country-level geolocation only — no city or region data
- No device or browser details — only the general device type (desktop, mobile, tablet) is recorded
These protections apply to all data collection, including business events like form submissions. Child-directed mode provides the maximum possible privacy by design, ensuring COPPA compliance regardless of other platform configurations.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify customers by email and update the “Last updated” date at the top of this page. We encourage you to review this page periodically.
If a change materially reduces your rights, we will provide at least 30 days’ notice before the change takes effect.
13. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
- Email: privacy@erkmo.com
- Company: Erkmo Inc.
- Website: erkmo.com