Privacy Architecture

Learn about Arunya's privacy architecture.

Arunya is built on the principle that analytics should not come at the cost of user privacy. Its architecture is designed to enforce strict data minimization, anonymization, and transparency without sacrificing functionality or insight.

Key Privacy Features

Arunya's architecture integrates privacy into every layer of the stack:

1. No Cookies, No Fingerprinting

Arunya does not use:

  • Cookies
  • LocalStorage
  • SessionStorage
  • Browser fingerprinting techniques

This ensures that users cannot be tracked across sessions or identified through device metadata.

2. Ephemeral Session Tracking

Each visit is treated as a temporary session. Sessions are never linked across time, and no persistent user identifiers are stored. Session metadata is processed in-memory or with a short-lived token and is discarded after processing.

3. Anonymized Location Processing

Location data is:

  • Derived using edge headers (e.g. x-vercel-ip-country) when available
  • Otherwise resolved via the MaxMind GeoLite2 database
  • Limited to: country, region, and city
  • Never includes: latitude, longitude, street-level detail, or exact IP

IP addresses are processed but never stored.

4. Minimal Data Collection

Arunya collects only what’s essential:

  • Page URL, referrer, page title
  • Timestamp
  • Browser & OS (from the user agent)
  • Country/Region/City (anonymized)
  • Custom events (if manually triggered)

There is no collection of:

  • User names, emails, or account IDs
  • Keystrokes, form inputs, or sensitive data

Data Flow Overview

flowchart TD
    Browser -->|Script.js| Tracker
    Tracker -->|Payload| API
    API -->|Anonymized| Processor
    Processor -->|Session Stats| PostgreSQL
    PostgreSQL --> Dashboard

    Tracker -.->|Custom Events| API

GDPR & CCPA Alignment

Arunya’s architecture aligns with privacy laws by default:

  • Data Minimization: Only the minimum viable data is processed
  • Purpose Limitation: Data is used strictly for aggregated analytics
  • No Profiling: No persistent profiles or behavioral models
  • User Autonomy: Users can block tracking using browser settings or VPNs

Hosting & Ownership

All data is stored in your own infrastructure (e.g., PostgreSQL). You control:

  • Retention duration
  • Data deletion policies
  • Access permissions

There is no third-party data sharing. Arunya does not send any analytics data to a remote server unless you explicitly configure it to do so.

Summary

Arunya’s privacy architecture is designed for developers and companies who care about:

  • Transparent data practices
  • Regulatory compliance
  • Earning user trust

It offers powerful insights with zero compromise on integrity.