Skip to content
HitKeep
Start in Cloud
Blog

Privacy Policy for HitKeep Cloud

Privacy Policy for HitKeep Cloud

Section titled “Privacy Policy for HitKeep Cloud”

Last updated: May 15, 2026

This privacy policy describes how HitKeep Cloud processes personal data when you use the managed hosted service at cloud.hitkeep.com or cloud.hitkeep.eu.

This policy is about the hosted cloud service. If you self-host HitKeep yourself, you are responsible for your own privacy notice and data governance for that deployment.

1. Who operates HitKeep Cloud

Section titled “1. Who operates HitKeep Cloud”

HitKeep Cloud is operated by:

Pascale Beier
Dorotheenstieg 7
DE-45657 Recklinghausen
Germany
Email: mail@pascalebeier.de

2. Scope of this policy

Section titled “2. Scope of this policy”

This policy covers:

  • the HitKeep Cloud application
  • the official HitKeep iPhone app when it connects to HitKeep Cloud
  • signup and billing for HitKeep Cloud
  • support requests related to HitKeep Cloud
  • the hitkeep.com docs/marketing site only to the extent needed to explain the cloud service relationship

This policy does not cover:

  • self-hosted HitKeep instances operated by customers
  • iPhone app traffic sent to a self-hosted instance you choose and operate
  • third-party sites tracked by customers through their own privacy notices

3. What data we process

Section titled “3. What data we process”

Depending on how you use HitKeep Cloud, we may process the following categories of data.

3.1 Account and workspace data

Section titled “3.1 Account and workspace data”

When you sign up for HitKeep Cloud or are invited to a workspace, we may process:

  • name
  • email address
  • hashed password or passkey / MFA-related account state
  • team / workspace name
  • region choice (EU or US)
  • account preferences and language settings
  • audit and authentication timestamps

When you use the official HitKeep iPhone app with HitKeep Cloud, the app uses the same account and session APIs as the web dashboard. The app may store the selected cloud or self-hosted instance URL, selected site, selected date range, session cookies, and a cached read-only analytics snapshot on your device so the app can open quickly and show the last successful analytics state when the network is unavailable.

If you point the iPhone app at a self-hosted HitKeep instance, the account, session, and analytics requests go to that instance. HitKeep Cloud does not receive those self-hosted app requests unless the instance is operated by HitKeep.

3.2 Billing data

Section titled “3.2 Billing data”

When you subscribe to a paid plan, we process billing metadata such as:

  • Stripe customer ID
  • Stripe subscription ID
  • plan and billing status
  • invoice references
  • country / billing details provided through Stripe

Payment card details are processed by Stripe and are not stored by HitKeep Cloud.

3.3 Analytics workspace data

Section titled “3.3 Analytics workspace data”

When you use HitKeep Cloud to collect analytics for your own sites or apps, we process the analytics data you instruct the service to store, such as:

  • site and workspace identifiers
  • page paths
  • referrers
  • user-agent strings
  • language
  • country code
  • UTM parameters
  • events, goals, funnels, ecommerce-related event data
  • session and page identifiers generated by the tracker

The current public tracker is cookie-free by default, but it does use browser sessionStorage for the existing opaque session ID and timestamp. Retry queues, duplicate-pageview suppression, and initial attribution state stay in JavaScript memory only.

3.4 Google Search Console connection and import data

Section titled “3.4 Google Search Console connection and import data”

If a workspace admin chooses to connect Google Search Console, HitKeep Cloud requests the read-only Google Search Console scope:

https://www.googleapis.com/auth/webmasters.readonly

We use this access only to provide the Search Console integration that the admin enables in the product. Depending on the connection state, we may process:

  • the connected Google account email or account identifier returned through the OAuth flow
  • OAuth access and refresh tokens needed to keep the connection working
  • the granted scope, token type, token expiry, connection state, and disconnect timestamp
  • Search Console property URIs and permission levels visible to the connected account
  • mappings between HitKeep sites and Search Console properties
  • sync state, retry state, safe error categories, and audit records for connection, mapping, and import actions
  • imported aggregate Search Analytics rows, including date, query, page URL, country, device, clicks, impressions, CTR, and average position

HitKeep does not use Search Console data to create visitor sessions, attribute Google queries to individual visitors, serve ads, retarget users, determine creditworthiness, or sell data to data brokers or advertising platforms. Search Console reports are authenticated-only in HitKeep Cloud and are not included in public share links.

Disconnecting Search Console stops future imports and clears stored OAuth token material for that team. Previously imported aggregate rows may remain in the mapped site’s tenant database so historical authenticated reports do not disappear, unless they are deleted through retention, workspace deletion, or another applicable deletion workflow.

HitKeep Cloud’s use of information received from Google APIs follows the Google API Services User Data Policy, including the Limited Use requirements.

3.5 AI-assisted opportunity recommendations

Section titled “3.5 AI-assisted opportunity recommendations”

HitKeep Cloud may use Amazon Bedrock for AI-assisted product features, currently Opportunity Recommendations. This feature starts with deterministic HitKeep detectors that read your tenant-local analytics data and choose the opportunity type, evidence, score, and cited metrics. When AI assistance is enabled and budget limits allow it, HitKeep sends a structured, feature-specific request to Amazon Bedrock so the configured model can return validated recommendation copy from that cited evidence.

The request may include limited analytics context needed for the recommendation, such as metric names, aggregate counts, rates, trend labels, page paths, event names, goal or funnel labels, ecommerce summaries, Search Console aggregate context where available, and localization keys. The request is not intended to include raw visitor exports, account passwords, payment card data, OAuth refresh tokens, provider secrets, or unrestricted workspace exports.

HitKeep stores the final validated Opportunity record and AI run metadata needed for audit and operations, such as provider, model, status, safe error category, request and response hashes, lifecycle timestamps, token or request usage where available, and the cited evidence. HitKeep does not persist raw prompts, raw Bedrock responses, raw provider error bodies, or Bedrock credentials in customer-visible analytics records.

Amazon Bedrock is an AWS service. AWS states in its Bedrock security and privacy materials and Bedrock data protection documentation that Bedrock data is encrypted in transit and at rest, that customer inputs and outputs are not shared with model providers, and that they are not used to train or improve base models. AWS may still process Bedrock activity for service operation, security, abuse detection, logging, and compliance as described in AWS service documentation and agreements.

3.6 Operational and security data

Section titled “3.6 Operational and security data”

We also process service and security metadata such as:

  • IP addresses seen by the service edge and app infrastructure
  • logs needed to secure, operate, and troubleshoot the service
  • rate-limiting and abuse-prevention metadata
  • email delivery metadata for service messages

4. Why we process this data

Section titled “4. Why we process this data”

We process personal data to:

  • provide and operate HitKeep Cloud
  • create and manage accounts and workspaces
  • authenticate users and secure the service
  • process subscriptions, invoices, failed payments, and chargebacks
  • send transactional emails such as password resets and account notifications
  • host analytics data in the region you selected
  • connect and sync optional third-party integrations you enable, including Google Search Console
  • generate AI-assisted opportunity recommendations where the feature is available and enabled
  • provide support and respond to service issues
  • detect abuse, fraud, and unauthorized access
  • comply with legal obligations
Section titled “5. Legal bases”

Where the GDPR applies, we generally rely on:

  • contract: to provide HitKeep Cloud, manage accounts, and process subscriptions
  • legitimate interests: to secure, monitor, improve, and support the service
  • legal obligation: for tax, accounting, and regulatory compliance
  • consent, where you choose to provide optional information or where a specific workflow requires it

The legal basis for the analytics data that you collect through HitKeep Cloud for your own visitors is generally your responsibility as the site or app operator.

6. Data residency and regions

Section titled “6. Data residency and regions”

HitKeep Cloud offers separate cloud entrypoints and regional hosting choices:

  • cloud.hitkeep.eu for EU-region hosting
  • cloud.hitkeep.com for US-region hosting

When you choose a region, we aim to keep the corresponding application data plane, storage, and backups within that regional boundary.

That said, you are still responsible for reviewing your own configuration and data flows, especially if you connect third-party services or route traffic through external infrastructure.

7. Subprocessors and service providers

Section titled “7. Subprocessors and service providers”

The current core service providers used for HitKeep Cloud include:

  • Amazon Web Services (AWS) for application hosting, storage, networking, logs, and email infrastructure
  • Amazon Bedrock, provided by AWS, for AI-assisted Opportunity Recommendations where the feature is available and enabled
  • Stripe for subscriptions, billing, customer portal sessions, and payment processing
  • Google for optional Google Search Console OAuth authorization and Search Console API access when you connect that integration

We may also use narrowly scoped providers for support, domain, or email routing where needed. If you need current subprocessor information for procurement or compliance review, contact mail@pascalebeier.de.

8. Email

Section titled “8. Email”

HitKeep Cloud sends transactional service emails such as:

  • password reset emails
  • account and invite emails
  • billing-related service notifications

If you configure analytics email reports inside your workspace, those are sent as part of the service you configured.

9. Retention

Section titled “9. Retention”

We keep different categories of data for different periods.

Examples:

  • account and billing records: as long as needed for the service relationship and legal/accounting obligations
  • authentication and security logs: for as long as reasonably needed for security and troubleshooting
  • analytics workspace data: according to the retention controls and plan limits that apply to your workspace
  • Google Search Console OAuth tokens: while the integration remains connected, then cleared when you disconnect
  • imported Search Console aggregate rows: according to the retention controls, plan limits, workspace deletion, or deletion workflows that apply to the mapped site
  • AI-assisted Opportunity records and AI run metadata: according to the retention controls, workspace deletion, or deletion workflows that apply to the relevant site or team

Customers are responsible for configuring and managing their analytics retention settings within the product where applicable.

10. Your rights

Section titled “10. Your rights”

Depending on your jurisdiction, you may have rights such as:

  • access
  • correction
  • deletion
  • restriction
  • objection
  • portability
  • withdrawal of consent, where consent is the basis

To exercise rights relating to your HitKeep Cloud account, contact mail@pascalebeier.de.

If the request concerns analytics data that a customer collected about visitors to their own site or app, that customer may be the proper point of contact first.

11. Security

Section titled “11. Security”

We use technical and organisational measures appropriate to the nature of the service, including measures such as:

  • HTTP-only authentication cookies
  • MFA and passkey support
  • rate limiting
  • trusted proxy controls
  • encrypted cloud infrastructure primitives where configured
  • region-specific service deployment

No service can guarantee absolute security. You are also responsible for securing your own account, devices, and any configuration you control.

12. International transfers

Section titled “12. International transfers”

If you choose the EU region, we aim to keep the main hosted service boundary in the EU. If you choose the US region, your service will be hosted in the US region.

Depending on your configuration, support interactions, or payment flow, some data may still involve providers operating internationally. If you need transfer-specific documentation for procurement or compliance, contact us.

13. Children

Section titled “13. Children”

HitKeep Cloud is not intended for children under 16 and should not be used to knowingly submit personal data of children without appropriate authorization and lawful basis.

14. Changes to this policy

Section titled “14. Changes to this policy”

We may update this policy from time to time. The latest version will be published here with an updated effective date.

15. Contact

Section titled “15. Contact”

For privacy questions, rights requests, or compliance inquiries relating to HitKeep Cloud, contact:

mail@pascalebeier.de

Designed & developed in Germany. Sovereign by default.