Is InsightEdge really free?

Yes — InsightEdge is free forever with no limits on websites, events, pageviews, team members, or data retention. Enterprise plans are available for white-label branding, SLA guarantees, and premium support.

Do I need cookie consent banners with InsightEdge?

No. InsightEdge doesn't use cookies, localStorage, or any persistent client-side storage. Visitor identification uses privacy-preserving daily-rotating salts that are cryptographically unlinkable across days.

How does InsightEdge compare to Google Analytics?

InsightEdge is a privacy-first alternative. It has a <9 KB script (vs ~90 KB total for GA4), requires no cookies or consent banners, is GDPR compliant by default, and offers features like conversion funnels, revenue tracking, and real-time dashboards — all for free.

What makes InsightEdge different from other analytics tools?

InsightEdge is built from the ground up for privacy — no cookies, no consent banners, daily-rotating visitor salts — while still providing powerful features like conversion funnels, revenue tracking, traffic attribution across 10 channels, and team collaboration with 5 roles.

Privacy Policy

Name: InsightEdge
Availability: InStock
Author: STEPlus

Last updated: April 2026

1. Introduction

InsightEdge is a privacy-first web analytics product operated by STEPlus (“we,” “us,” or “our”). This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data.

By using InsightEdge, you acknowledge that you have read this Privacy Policy. Please also review our Terms of Service.

2. Our Privacy Commitment

InsightEdge is designed from the ground up for privacy. Unlike traditional analytics platforms, we:

Do not use cookies, localStorage, or any form of persistent client-side storage.
Do not collect personally identifiable information (PII) from your website visitors.
Do not track visitors across websites, sessions, or devices.
Do not sell, share, or monetise any analytics data.
Do not use fingerprinting techniques to identify individuals.

Because we do not collect personal data from your website visitors, no cookie consent banner is required to use InsightEdge in most jurisdictions, including under GDPR, PECR, and ePrivacy regulations.

3. Data We Collect

3.1 Website Visitor Data (collected via the tracker script)

When the InsightEdge tracker script runs on your website, it collects the following non-personal, aggregated data points:

Page URL and referrer URL
Browser type, operating system, and device category (desktop, mobile, tablet)
Country, region, and city derived from the visitor's IP address (the IP address itself is never stored)
UTM campaign parameters (source, medium, campaign, content, term)
Custom events and properties you explicitly configure
Screen resolution and viewport size

Visitor identification uses a daily-rotating salted hash of the visitor's IP address combined with the User-Agent string. The salt rotates every 24 hours and is cryptographically irreversible, meaning yesterday's data cannot be linked to today's visits. Raw IP addresses are never written to disk or database.

3.2 Account Data (collected via STEPlus Identity)

To use InsightEdge, you sign in through STEPlus Identity. Account data (name, email, profile photo) is managed by the Identity service. Please refer to the STEPlus Privacy Policy for details on account data handling.

3.3 Data You Provide

When you configure InsightEdge — creating sites, goals, funnels, segments, shields, email reports, traffic alerts, shared links, or API keys — that configuration data is stored in our database and associated with your team.

4. How We Use Data

We use the data we collect exclusively to:

Generate analytics dashboards, reports, and visualisations for you.
Deliver scheduled email reports and traffic alert notifications.
Enforce traffic shields (IP, country, hostname, and page-path blocking).
Provide API access to your analytics data.
Maintain, improve, and secure the InsightEdge service.

We do not use your analytics data for advertising, profiling, or any purpose other than providing you with the InsightEdge service.

5. Data Sharing

We do not sell, rent, or share your data with third parties for their own purposes. Data may be disclosed only in the following limited circumstances:

Infrastructure providers: We use cloud infrastructure to host InsightEdge. These providers process data on our behalf under strict data processing agreements.
Legal obligations: We may disclose data if required by law, regulation, legal process, or governmental request.
Your instruction: When you create shared dashboard links or export data, you control who receives it.

6. Data Retention

Analytics data is retained according to your team's configured data retention policy. You can configure retention periods in your site settings. When data exceeds the retention window, it is permanently deleted.

Account data is retained for as long as your STEPlus Identity account exists. If you delete your account, all associated data is permanently removed.

7. Data Export & Portability

You can export your complete analytics data at any time in CSV or JSON format via the InsightEdge portal. You can also import historical data via CSV. Your data is always portable — there is no lock-in.

8. Security

We implement industry-standard security measures to protect your data:

All data in transit is encrypted via TLS.
Sensitive configuration data (SMTP credentials, API keys) is encrypted at rest using AES-256-GCM.
Access tokens use JWT with short expiry and automatic refresh.
All team actions are recorded in a comprehensive audit log.
API keys are rate-limited and scoped by type (Stats API or Sites API).

9. Your Rights

Depending on your jurisdiction, you may have the right to:

Access the data we hold about you.
Request correction of inaccurate data.
Request deletion of your data.
Export your data in a portable format.
Object to or restrict certain processing activities.

To exercise any of these rights, please contact us.

10. Children's Privacy

InsightEdge is not directed to children under 16. We do not knowingly collect data from children. If you believe a child has provided us with personal information, please contact us and we will promptly delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date at the top of this page. Continued use of InsightEdge after changes constitutes acceptance of the updated policy.

12. Contact

If you have questions about this Privacy Policy or our data practices, please reach out to us via our contact form.