Privacy Policy for HitKeep Cloud
Privacy Policy for HitKeep Cloud
Section titled “Privacy Policy for HitKeep Cloud”Last updated: March 11, 2026
This privacy policy describes how HitKeep Cloud processes personal data when you use the managed hosted service at cloud.hitkeep.com or cloud.hitkeep.eu.
This policy is about the hosted cloud service. If you self-host HitKeep yourself, you are responsible for your own privacy notice and data governance for that deployment.
1. Who operates HitKeep Cloud
Section titled “1. Who operates HitKeep Cloud”HitKeep Cloud is operated by:
Pascale Beier
Dorotheenstieg 7
DE-45657 Recklinghausen
Germany
Email: mail@pascalebeier.de
2. Scope of this policy
Section titled “2. Scope of this policy”This policy covers:
- the HitKeep Cloud application
- signup and billing for HitKeep Cloud
- support requests related to HitKeep Cloud
- the
hitkeep.comdocs/marketing site only to the extent needed to explain the cloud service relationship
This policy does not cover:
- self-hosted HitKeep instances operated by customers
- third-party sites tracked by customers through their own privacy notices
3. What data we process
Section titled “3. What data we process”Depending on how you use HitKeep Cloud, we may process the following categories of data.
3.1 Account and workspace data
Section titled “3.1 Account and workspace data”When you sign up for HitKeep Cloud or are invited to a workspace, we may process:
- name
- email address
- hashed password or passkey / MFA-related account state
- team / workspace name
- region choice (
EUorUS) - account preferences and language settings
- audit and authentication timestamps
3.2 Billing data
Section titled “3.2 Billing data”When you subscribe to a paid plan, we process billing metadata such as:
- Stripe customer ID
- Stripe subscription ID
- plan and billing status
- invoice references
- country / billing details provided through Stripe
Payment card details are processed by Stripe and are not stored by HitKeep Cloud.
3.3 Analytics workspace data
Section titled “3.3 Analytics workspace data”When you use HitKeep Cloud to collect analytics for your own sites or apps, we process the analytics data you instruct the service to store, such as:
- site and workspace identifiers
- page paths
- referrers
- user-agent strings
- language
- country code
- UTM parameters
- events, goals, funnels, ecommerce-related event data
- session and page identifiers generated by the tracker
The current public tracker is cookie-free by default, but it does use browser sessionStorage for session continuity.
3.4 Operational and security data
Section titled “3.4 Operational and security data”We also process service and security metadata such as:
- IP addresses seen by the service edge and app infrastructure
- logs needed to secure, operate, and troubleshoot the service
- rate-limiting and abuse-prevention metadata
- email delivery metadata for service messages
4. Why we process this data
Section titled “4. Why we process this data”We process personal data to:
- provide and operate HitKeep Cloud
- create and manage accounts and workspaces
- authenticate users and secure the service
- process subscriptions, invoices, failed payments, and chargebacks
- send transactional emails such as password resets and account notifications
- host analytics data in the region you selected
- provide support and respond to service issues
- detect abuse, fraud, and unauthorized access
- comply with legal obligations
5. Legal bases
Section titled “5. Legal bases”Where the GDPR applies, we generally rely on:
- contract: to provide HitKeep Cloud, manage accounts, and process subscriptions
- legitimate interests: to secure, monitor, improve, and support the service
- legal obligation: for tax, accounting, and regulatory compliance
- consent, where you choose to provide optional information or where a specific workflow requires it
The legal basis for the analytics data that you collect through HitKeep Cloud for your own visitors is generally your responsibility as the site or app operator.
6. Data residency and regions
Section titled “6. Data residency and regions”HitKeep Cloud offers separate cloud entrypoints and regional hosting choices:
cloud.hitkeep.eufor EU-region hostingcloud.hitkeep.comfor US-region hosting
When you choose a region, we aim to keep the corresponding application data plane, storage, and backups within that regional boundary.
That said, you are still responsible for reviewing your own configuration and data flows, especially if you connect third-party services or route traffic through external infrastructure.
7. Subprocessors and service providers
Section titled “7. Subprocessors and service providers”The current core service providers used for HitKeep Cloud include:
- Amazon Web Services (AWS) for application hosting, storage, networking, logs, and email infrastructure
- Stripe for subscriptions, billing, customer portal sessions, and payment processing
We may also use narrowly scoped providers for support, domain, or email routing where needed. If you need current subprocessor information for procurement or compliance review, contact mail@pascalebeier.de.
8. Email
Section titled “8. Email”HitKeep Cloud sends transactional service emails such as:
- password reset emails
- account and invite emails
- billing-related service notifications
If you configure analytics email reports inside your workspace, those are sent as part of the service you configured.
9. Retention
Section titled “9. Retention”We keep different categories of data for different periods.
Examples:
- account and billing records: as long as needed for the service relationship and legal/accounting obligations
- authentication and security logs: for as long as reasonably needed for security and troubleshooting
- analytics workspace data: according to the retention controls and plan limits that apply to your workspace
Customers are responsible for configuring and managing their analytics retention settings within the product where applicable.
10. Your rights
Section titled “10. Your rights”Depending on your jurisdiction, you may have rights such as:
- access
- correction
- deletion
- restriction
- objection
- portability
- withdrawal of consent, where consent is the basis
To exercise rights relating to your HitKeep Cloud account, contact mail@pascalebeier.de.
If the request concerns analytics data that a customer collected about visitors to their own site or app, that customer may be the proper point of contact first.
11. Security
Section titled “11. Security”We use technical and organisational measures appropriate to the nature of the service, including measures such as:
- HTTP-only authentication cookies
- MFA and passkey support
- rate limiting
- trusted proxy controls
- encrypted cloud infrastructure primitives where configured
- region-specific service deployment
No service can guarantee absolute security. You are also responsible for securing your own account, devices, and any configuration you control.
12. International transfers
Section titled “12. International transfers”If you choose the EU region, we aim to keep the main hosted service boundary in the EU. If you choose the US region, your service will be hosted in the US region.
Depending on your configuration, support interactions, or payment flow, some data may still involve providers operating internationally. If you need transfer-specific documentation for procurement or compliance, contact us.
13. Children
Section titled “13. Children”HitKeep Cloud is not intended for children under 16 and should not be used to knowingly submit personal data of children without appropriate authorization and lawful basis.
14. Changes to this policy
Section titled “14. Changes to this policy”We may update this policy from time to time. The latest version will be published here with an updated effective date.
15. Contact
Section titled “15. Contact”For privacy questions, rights requests, or compliance inquiries relating to HitKeep Cloud, contact: