NanoLog Docs
Dashboard
NanoLog Docs

Data Privacy, Cookies, & GDPR

When you embed the NanoLog widget on your website, you are instructing NanoLog to load resources and run scripts on your end-users' devices. This guide explains how this impacts your data privacy compliance, including GDPR and cookie consent.

The nanolog_anon_id Tracker

To ensure accurate billing and to prevent malicious actors from spamming your widget to exhaust your Monthly Tracked Users (MTU) quota, NanoLog utilizes a local storage mechanism to deduplicate visits.

When a user loads your website with the NanoLog widget active, we generate a random, anonymous string (e.g., anon_abc123) and store it in their browser's localStorage under the key nanolog_anon_id.

Is this Personal Data?

While the ID is completely randomized and cannot be used by NanoLog to identify a natural person on its own, under GDPR and the ePrivacy Directive, unique online identifiers stored on a user's device are generally considered personal data and are subject to tracking regulations.

Your Responsibilities as the Data Controller

As the owner of the website, you are the Data Controller for your end-users, and NanoLog acts as your Data Processor.

Because NanoLog stores a tracking token on your users' devices, you must ensure your website is compliant. Depending on your jurisdiction and legal interpretation, you typically need to:

  1. Update your Privacy Policy: Disclose that you use NanoLog as a third-party service provider to manage changelogs/feedback, and that it stores a localStorage key (nanolog_anon_id) for usage deduplication and abuse prevention.
  2. Cookie Consent Banners: Under the ePrivacy Directive (often called the "Cookie Law"), storing information on a user's device requires consent unless it is "strictly necessary" for the functioning of the service requested by the user.
    • Interpretation A: You may argue it is strictly necessary to prevent abuse of the widget service.
    • Interpretation B: Legal experts often argue that while it is necessary for our billing, it is not strictly necessary for the end-user to view a changelog. If you take this safer route, you should classify NanoLog under "Analytics" or "Functional" cookies in your consent banner, and only initialize window.NanoLog.init() after the user accepts.

Secure Identity (HMAC) and Context Data

If you use the context object to pass user details (like tier: 'pro' or userId: '123') for advanced segmentation, or if you use Secure Identity (HMAC), this data is transmitted securely to our servers to filter the changelog feed.

NanoLog does not sell this data, and we only use it to provide the segmentation service to you. This should also be reflected in your privacy policy as standard data processing by a third party.

Disclaimer: This documentation is provided for informational purposes only and does not constitute legal advice. You should consult with your own legal counsel to ensure your website complies with applicable privacy laws.

GDPR-Safe Screenshot Capture & Client-Side Auto-Redaction

NanoLog features an advanced Visual Feedback engine that allows users to submit annotated screenshots. To ensure absolute compliance with GDPR and standard privacy frameworks:

  • Screenshots are processed and redacted entirely client-side in the user's browser using HTML5 Canvas.
  • Sensitive elements (passwords, emails, credit cards, standard PII elements, or custom selectors) are fully blacked out before uploading.
  • No unredacted image or sensitive transient data ever leaves the user's browser or persists in our server memory.

For a detailed technical breakdown of client-side canvas scrubbing, automated redactions, custom CSS class selections, and our backend zero-persistence security design, please read the dedicated Visual Feedback & GDPR documentation.