Privacy Policy
Last updated: March 1, 2026
What we collect
We collect anonymous, aggregated usage data only on public (marketing) pages and for unauthenticated visitors, and only after you explicitly consent via the cookie banner. This data helps us understand browsing behavior and improve the user experience.
Specifically, we use Google Analytics 4 with Enhanced Measurement to capture:
- Page views (when a page loads or browser history changes)
- Scroll depth (when a visitor reaches the bottom of a page)
- Outbound clicks (clicks on links leaving our domain)
- Site search queries (based on URL query parameters)
- Form interactions (when a visitor interacts with a form)
- File downloads (clicks on common document/media file links)
- Device type, browser, operating system, and approximate geographic region
- Referral source and session duration
Google Analytics does not collect names, email addresses, or any personally identifiable information through this integration. IP addresses are anonymized before storage.
What we do NOT collect
- No tracking on authenticated pages. Once you sign in, no analytics scripts run. Your dashboard activity, secret management, team settings, and billing actions are never tracked.
- No personal data correlation. We do not link analytics data to your account, email, or any personally identifiable information.
- No third-party data sharing for advertising. Your data is never sold, rented, or shared with third parties for advertising, profiling, or remarketing.
- No precise geolocation. We collect only approximate geographic region (country/city level) derived from anonymized IP addresses.
- No Google Signals or advertising features. We do not use Google's remarketing, demographic reporting, or advertising integrations.
- No analytics without consent. The Google Analytics script is not loaded until you explicitly accept analytics cookies.
Cookies
We use a minimal set of cookies. Analytics cookies are only set after you explicitly accept them via the consent banner.
Required cookies
These cookies are strictly necessary for the service to function. You cannot opt out of them.
| Cookie / Storage | Purpose | Expiry |
|---|---|---|
| better-auth.session_token | Authentication session (keeps you signed in) | Session |
| sirr-locale | Stores your language preference | 1 year |
| sirr-cookie-consent | Remembers your cookie consent choice (localStorage) | Persistent |
Analytics cookies (optional, off by default)
Only set when you explicitly accept analytics cookies.
| Cookie | Purpose | Expiry |
|---|---|---|
| _ga | Google Analytics — distinguishes unique visitors (random client ID, not PII) | 180 days |
| _ga_RWKFZ3ESQ5 | Google Analytics — persists session state | 180 days |
We do not use advertising cookies, retargeting pixels, or any third-party tracking cookies.
Third-party data processors
We use the following third-party services to operate Sirr. Each processes only the data necessary for their function.
| Provider | Data processed | Their privacy policy |
|---|---|---|
| BetterAuth | Authentication credentials, sessions, OAuth tokens | better-auth.com/privacy |
| Polar.sh | Payment and subscription data (billing only) | polar.sh/terms |
| Resend | Email delivery — used only for team invitation emails | resend.com/privacy |
| Sentry | Error monitoring — receives stack traces and performance data. PII collection is disabled; no IP addresses, cookies, or request body content are transmitted. | sentry.io/privacy |
| Google Analytics | Anonymous usage data on public pages (only with your consent) | policies.google.com/privacy |
| GitHub | OAuth login (only if you sign in with GitHub) | github.com/privacy |
Your rights
Under GDPR you have the right to access, correct, or delete your personal data. Analytics data is anonymous and not linked to your identity — there is nothing to retrieve or delete there. For your account data (email, organization, license keys), you can manage it from your dashboard settings or contact us to request deletion of your account and all associated data.
You may withdraw analytics consent at any time by clicking the "Cookie settings" button in the bottom-left corner of any page, then selecting "Essential only." This immediately stops analytics tracking and removes all Google Analytics cookies from your browser.
Legal basis (GDPR)
| Category | Legal basis | Consent required? |
|---|---|---|
| Authentication & session cookies | Legitimate interest / strictly necessary (ePrivacy Art. 5(3) exemption) | No — but disclosed |
| Language preference cookie | Legitimate interest / strictly necessary | No — but disclosed |
| Analytics cookies (GA4) | User consent (GDPR Art. 6(1)(a)) | Yes — opt-in only |
Contact
Questions about this policy or data deletion requests? Email us at [email protected].