Skip to main content
Login

Siteimprove Analytics: Data Flows and Compliance

Modified on: Wed, 7 Aug, 2024 at 8:43 PM

How does Siteimprove Analytics work?

Siteimprove is a market-leading website analytics SaaS provider founded in Denmark. We have developed our Analytics solution for the main purpose of helping customers gain technical and commercial insights to how your visitors use and engage with your web environment - this way you can improve the experience for everyone visiting your website.

When using Siteimprove Analytics, a Script is placed within your website code. This is done by the customer themself or the customer’s agent. Once you have placed the Script on your website you can start using Siteimprove Analytics. You can read more about how to add the Analytics Script by going to our Adding Siteimprove Analytics JavaScript to your website article. Once the Script has loaded, Siteimprove will start collecting data on how a visitor engages with the given website. This data is collected by Siteimprove on behalf of the customer (the website owner). The data will flow from the visitor to the AWS data centers in Frankfurt, Germany. Data centers in the EU will be used per default. However, Siteimprove also offers customers the possibility to host data in the US.

Like most organizations in the world, Siteimprove does not rely on local servers. We have built our infrastructure in what we believe to be the world’s safest cloud environments, to ensure a secure, scalable, and highly available solutions for customers everywhere.

Figure 1 - Map of dataflowDiagram of Analytics Data Flow from the customer website to load balancer to AWS Frankfurt to the Siteimprove Datacenter in Denmark

Technical delivery of the Script

Siteimprove utilizes Cloudflare as CDN (Content Delivery Network) to ensure fast hosting and loading of our Script. When the visitor goes to a website that has Siteimprove Analytics implemented, the first request is to fetch the Script, which is then distributed by the CDN.

Data sent to third parties 

The customer has full discretion as to which web-statistics they want to track and measure. The Script is set to automatically collect certain data; however, some data is optional to collect. The data listed as optional in our Technical Specifications article will not be collected out-of-box. We will only start collecting this data based on requests from the individual customer and/or if the customer implements a code that will pass the data along to us.  

Once the Script is loaded and Siteimprove Analytics has captured the requested web analytics data, the data is sent through our data pipeline to AWS and SingleStore (as illustrated in Figure 1). The Load Balancer sends the web analytics data collected by Siteimprove to the Siteimprove Analytics endpoint closest to the visitor's geographical location. This ensures that our customers can view and utilize their web analytics data inside the Siteimprove Platform as fast as possible.

Processing of IP addresses 

When using Analytics based services, IP addresses of website visitors may also be processed. Customers can choose to configure Siteimprove Analytics to handle IPs in three different ways:

  • Standard - The standard setting means that full IPs will be processed and stored. Read more about the technical specifications in our Analytics: Technical Specifications article.
  • IP Anonymization - Siteimprove offers an IP Anonymization feature through which you can choose to limit the processing of IP addresses to a minimum and avoid further storage of IPs (at database level) while still utilizing the Analytics services. Learn more about IP Anonymization in our IP Anonymization in Siteimprove Analytics article
  • Enhanced IP Anonymization - As part of the cookieless tracking feature, Siteimprove offers IP anonymization at an even earlier stage, almost instantly. Please see our Cookieless Tracking article.

Data protection 

Siteimprove does not instruct or allow data to be transferred outside the chosen hosting region. When using third party services it is not required for support engineers to access the customer data at any time. Siteimprove also uses advanced encryption services and tools to protect the customer data - this includes the ability for Siteimprove to manage our own encryption keys.

Note: customers subject to the Health Insurance Portability and Accountability Act (HIPAAA) must enable the IP Anonymization feature in order to live up to the HIPAA compliance requirements.

Tests performed on Siteimprove Analytics showing data transfers to the US

Siteimprove is aware that some customers are advised to use certain third-party tools to test their websites, including scripts, for GDPR compliance. We have witnessed that this sometimes results in the Siteimprove Analytics Script being flagged to include a US transfer. This result is mainly due to our use of Script load through Siteimproveanalytics.com. This can cause confusion and a false positive because we use Cloudflare for delivery of our Scripts, as explained earlier in this article and illustrated in Figure 1. Some testing tools simply look up where a certain domain URL is registered, and these types of testing tools do not have any knowledge or insights into the software infrastructure that transports or stores the relevant data.


Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.