Last updated: July 7, 2026 · English · Français
Short version: We never store your visitors' IP addresses. We never set tracking cookies. We only see aggregate, anonymised counts of visits to your site. Your visitors are invisible to us as individuals.
Illumino is a web analytics service operated from Canada. When this policy says "Illumino," "we," "us," or "our," it refers to Illumino. For all privacy matters, reach us through the contact form (topic "Privacy and compliance").
This policy covers two distinct groups of people: (1) account holders, meaning website owners who have signed up for Illumino, and (2) end visitors, meaning people who visit a website that uses our tracking snippet. Most of this policy is about end visitors, because that is where privacy matters most.
When someone visits a website that has the Illumino snippet installed, we receive a small packet of anonymised data. Here is exactly what we record:
/blog/hello-world). We strip query strings that appear to contain personal data (such as query strings containing "email=", "token=", or "user=") before storage.google.com). We do not store the full referrer URL or any path/query data from it.We do not store: IP addresses (received transiently to derive country and network, then immediately discarded; never written to disk, logs, or the database), user identifiers of any kind, cross-site tracking IDs, device fingerprints, personal names, visitor email addresses, or any data that could identify a specific individual across multiple sites.
Ephemeral "active now" counter. The dashboard shows how many visitors were active on a site in the last 30 minutes. This count exists only in our server's working memory: each visit briefly refreshes a short-lived anonymous marker (the same transient per-day value we use to estimate daily unique visitors, which is itself never stored) that expires after 30 minutes. Nothing with sub-hour precision is ever written to the database, to disk, or to logs; stored records keep hour precision as described above. The counter resets to zero whenever our server restarts and rebuilds itself from live traffic alone.
You place a small JavaScript file (p.js) on your website. When a visitor loads a page, the script sends a single POST request to our servers containing the anonymised data described above. The script uses no cookies, no localStorage, no sessionStorage, and no IndexedDB. It does not read or write any data to the visitor's browser storage. It does not communicate with any third-party analytics, advertising, or data-broker service.
Site-file and metadata reads (owned sites). On a small, sampled fraction of pageviews, the snippet also reads public information about the site it is already running on, to power the SEO & AI Visibility panel in the site owner's dashboard: it reads page metadata already present in the loaded document (title, meta description, canonical link, Open Graph tags, favicon, theme-color) and performs same-origin fetches of the site's own public files (robots.txt, sitemap.xml, llms.txt, security.txt). These reads are same-origin only (never any other domain), are sent without cookies (credentials: 'omit'), carry and return no visitor personal data (a sitemap lists the site's own pages, nothing about the visitor), and store nothing in the visitor's browser. They are Illumino's own product machinery and are excluded from analytics; they never count as a pageview, visit, or any metric. No visitor consent prompt is required because nothing about the visitor is processed or stored; site owners are informed here and in the documentation.
Raw pageview records are retained for 7 days. At the end of that window, the raw records are rolled up into anonymous daily aggregate counts (for example, "your site received 42 visits from Canada on this date from organic search"). The raw records are then deleted. The aggregated counts contain no data that can be traced back to any individual and are retained indefinitely for your dashboard history.
Because the raw records contain no personal data to begin with, the 7-day retention window is a belt-and-suspenders measure, not a legal necessity. We apply it anyway as a matter of principle.
Because we collect no personal data about visitors, most data-subject rights under Quebec Law 25, PIPEDA, the GDPR, and PECR do not apply in the traditional sense. There is no profile to access, correct, or delete. However, we fully respect the spirit of those rights:
When you create an Illumino account, we collect your email address (used for login and transactional notifications) and, if you subscribe to a paid plan, your billing information is handled by our payment provider. We do not store full card numbers. We may store the payment-provider customer or subscription reference needed to manage your subscription. We may store your website domains and API keys as part of the service configuration.
We use a small number of subprocessors to deliver the service:
We do not use any advertising networks, data brokers, or third-party analytics services as subprocessors.
Your analytics data is stored on our server in Québec, Canada. Canadian residency is currently the only region available. United States and European Union residency are planned; join the waitlist from your dashboard to be notified when they become available.
All data in transit is encrypted via TLS 1.2 or higher. Data at rest is held in an access-controlled database on our Québec server, reachable only by the service operator. We do not share, sell, or rent your data or your visitors' data to any third party.
If we make material changes to this policy, we will notify account holders by email at least 14 days before the changes take effect. The "Last updated" date at the top of this page will always reflect the most recent revision. Continuing to use Illumino after the effective date constitutes acceptance of the revised policy.
This policy is governed by the laws of the Province of Quebec, Canada, including Quebec's Act respecting the protection of personal information in the private sector (Law 25) and the federal Personal Information Protection and Electronic Documents Act (PIPEDA). Where applicable, we also comply with the EU General Data Protection Regulation (GDPR) and the UK Privacy and Electronic Communications Regulations (PECR).
Start with the Privacy Compliance page; it answers most privacy and legal questions. For anything it does not cover (including data subject access requests), use the contact form (topic "Privacy and compliance").